New scandal with RSA Security, which had provided the NSA with two backdoors

One of the most trusted forms of encryption and internet security (pre-NSA) from the company RSA Security (now part of EMC Corp.), is in question after a storm of revelations that emerged from leaked documents from the Edward Snowden.

The documents revealed that the NSA had created a faulty random number system (Dual_EC_DRBG), Dual Elliptic Curve, which the major security company RSA used in its BSAFE encryption number generator tool.

To date the RSA Security claimed that none of this was true, but a new Snowden document revealed that RSA received $10 million from the NSA to keep its encryption weak.

Ερευνητές από το Johns Hopkins, το Πανεπιστήμιο του Wisconsin, και το Πανεπιστήμιο του Illinois ισχυρίζονται ότι η εταιρεία ασφαλείας υιοθέτησε ένα εργαλείο που τους πρότεινε η NSA, το Extended Random extension που το χρησιμοποιούσαν για “ασφαλείς ιστοσελίδες.” Φυσικά το εργαλείο άφηνε backdoors για την NSA και βοηθούσε την μυστική υπηρεσία να παραβιάσει το Dual Elliptic Curve πάρα πολύ γρήγορα όπως αναφέρει το Reuters.

(it took the researchers 3 seconds to break a free version of BSafe for the C programming language even without Extended Random, because they had already generated enough random bits before the secure connection started.)

The Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC_DRBG) is a pseudo-random number generator developed by the National Security Agency (NSA) cryptographers and later adopted by the RSA Security

in the security kit he was using, the BSAFE, which approved the Dual Elliptic Curve.

“Ενώ το Extended Random δεν υιοθετήθηκε ευρέως, η νέα έρευνα ρίχνει φως στο τρόπο που η NSA επέκτεινε την εμβέλεια της επιτήρησης της με υποτιθέμενες συμβουλές προστασίας σε διάφορες επιχειρήσεις.”

Η RSA Security had denied the allegations, and said it had no intention of weakening the safety of its products. The Extended Random had been removed from its protection software RSA Security in the last six months.

“Θα μπορούσαμε να είμαστε πιο επιφυλακτικοί για τις προθέσεις της NSA” ανέφερε ο Υπεύθυνος Τεχνολόγος της RSA, Sam Curry στο Reuters . “Τους εμπιστεύτηκαν επειδή είναι επιφορτισμένοι με την ασφάλεια της κυβέρνησης και των κρίσιμων υποδομών των ΗΠΑ.”

So far it has not been revealed whether RSA has received money from the NSA for adding this second backdoor or not. But the news still raises some troubling questions in everyone's mind about the relationship between the security agency and the US NSA.