Extended Random technology might have helped NSA crack Dual Elliptic Curve encryption much faster, researchers tell Reuters
A group of university researchers has discovered that the RSA security company adopted a second tool that may have made it easier for the National Security Agency to spy on users.
According to an exclusive news report published Monday by Reuters, a group of professors from Johns Hopkins, the University of Wisconsin, and the University of Illinois is planning to publish a report which states that RSA adopted a technology called the “Extended Random” extension for secure websites, which may have allowed faster cracking of RSA’s flawed Dual Elliptic Curve technology.
RSA has been under fire since December, when Reuters reported that the security company had accepted $10 million to use the security-flawed Dual Elliptic Curve encryption technology, which allegedly provided a "back door" that enabled the NSA to tap encrypted electronic communications.
According to a preview of the university research that was provided to Reuters, the Extended Random extension could help crack a version of RSA’s Dual Elliptic Curve software tens of thousand times faster.
In response to the research, RSA told Reuters that it had not intentionally weakened the security of any product and that Extended Random had been removed from RSA’s software within the last six months because it was not popular.
"We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the US government and US critical infrastructure."
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024