A group of university researchers has discovered that the RSA security company adopted a second tool that may have made it easier for the National Security Agency to spy on users.
According to an exclusive news report published Monday by Reuters, a group of professors from Johns Hopkins, the University of Wisconsin, and the University of Illinois is planning to publish a report which states that RSA adopted a technology called the “Extended Random” extension for secure websites, which may have allowed faster cracking of RSA’s flawed Dual Elliptic Curve technology.
RSA has been under fire since December, when Reuters reported that the security company had accepted $10 million to use the security-flawed Dual Elliptic Curve encryption technology, which allegedly provided a "back door" that enabled the NSA to tap encrypted electronic communications.
According to a preview of the university research that was provided to Reuters, the Extended Random extension could help crack a version of RSA’s Dual Elliptic Curve software tens of thousand times faster.
In response to the research, RSA told Reuters that it had not intentionally weakened the security of any product and that Extended Random had been removed from RSA’s software within the last six months because it was not popular.
"We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the US government and US critical infrastructure."Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio