Friday, September 20, 2013

RSA Issues Security Alert Following NSA Disclosure

RSA issued a security advisory to its BSAFE and Data Protection Manager customers recommending they choose one of the different cryptographic Pseudo-Random Number Generators (PRNG) built into the RSA BSAFE toolkit.  The alert follows disclosures from Edward Snowden that subsequently led the National Institute of Standards (NIST) to strongly recommend against the use of the community developed encryption standard known as the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm.

Earlier, NIST strongly recommended that, pending the resolution of the security concerns, the Dual_EC_DRBG no longer be used.

RSA said it does not design or enable any backdoors in its products.

See also