A report in wired today says that RSA Security [*] have released an advisory to developer customers noting that the Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) algorithm (the one which is subject to speculation about NSA interference) is the default in one of its toolkits and strongly advised them to stop using the algorithm.
Wired says:
The advisory provides developers with information about how to change the default to one of a number of other random number generator algorithms RSA supports and notes that RSA has also changed the default on its end in BSafe and in an RSA key management system.
The company is the first to go public with such an announcement in the wake of revelations by the New York Times that the NSA may have inserted an intentional weakness in the algorithm — known as Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) — and then used its influence to get the algorithm added to a national standard issued by the National Institute of Standards and Technology.
The report continues:
In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.
In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.
The company said that to “ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG.”
I can find nothing about this announcement on the RSA website at present, but it is is entirely possible that the company wishes to keep its developer community ahead of the game before it makes any other public statement. If the wired reporting is true, and since they quote Sam Curry, chief technical officer for RSA, it looks authentic, then this announcement is one more example of how NSA’s activity is having a nasty impact on US Corporations. RSA’s unique selling point is supposed to be its trustworthiness in the field of cryptographic products. If you lose that, you lose your customers. Lose your customers and you lose your business.
[ * ] Note. I find it ironic that the SSL certificate for RSA.com fails the firefox check because it is actually for emc.com. EMC may own RSA, but it does not give wary customers any warm feeling to see an SSL warning pop up on the RSA site.
.