Earlier this month, reports about the NSA’s efforts to crack or otherwise circumvent the encryption protocols commonly used to securely transmit web traffic were released by former NSA contractor Edward Snowden, ending up in a widely-circulated New York Times report. Those concerns aside, many have long suspected that the NSA engineered vulnerabilities in a 2006 standard allowing it to more easily break common encryption schemes, and the US federal agency responsible for recommending cybersecurity standards said that it would be reopening discussions around the contentious algorithm. As a result, network security firm RSA is telling its developers to stay away from the standard altogether.
The dubious pseudorandom number generator is the default
Wired reports that RSA Security is "strongly" recommending its developers stop using the algorithm (SP 800–90A Dual Ellipctic Curve Deterministic Random Bit Generation) until the National Institute of Standards and Technology (NIST) resolves the reignited security concerns. The dubious pseudorandom number generator (PRNG) is the default in the current versions of the company’s BSAFE security libraries and other products, and RSA is currently instructing developers how to swap it out for other choices known to be free of NSA influence.
The report in question was based on new leaks describing the lengths to which the NSA went to access encrypted internet traffic. The report refers to classified NSA memos that appear to confirm six-year-old reports of NSA-engineered weaknesses in the PRNG, noting that the agency "eventually… became the sole editor" of the cryptographic standard, "aggressively" pushing it on the International Organization for Standardization.
Even if the reports are exaggerated and the NSA has no effective way to break the encryption, RSA would be loathe to risk another public relations debacle on the scale of the 2011 security breach affecting its SecurID tokens. Compounding matters, security researchers revealed last year that SecurID and other tokens could be cracked within 13 minutes regardless.