Friday, September 20, 2013

NSA hacking cryptography: RSA security firm warns of themselves - Times Online

The software Bsafe Developer for encryption software uses a module that was co-developed by the NSA. RSA now warns against using it.

class=”articlemeta-date”> 20 September 2013

Previously used by the NSA eavesdropping headquarters in Bad Aibling

Previously used by the NSA eavesdropping headquarters in Bad Aibling | © REUTERS / Michael Dalder


is the promise of the developer of RSA encryption software that will protect its customers. More perplexed these customers are likely to have been of what has now informed them the security division of EMC Corporation Company. They strongly advise the use of an algorithm that runs by default in the RSA software kit Bsafe, it said in an email to developers. In other words, the company warns against themselves, their software is no longer safe


RSA software is used among other things for the programming of web browsers. A block there are so-called random numbers. Encryption programs include a generator, which generates random numbers as possible that will be used to create key.


But exactly in those processes through which these numbers are generated on the computers of customers, RSA seems to have no more confidence. Thus, the U.S. company is not alone.

Forced to

this unusual step, RSA looks through the revelations of Edward Snowden. From documents that the beginning of September the New York Times reported, it appears that the NSA has access to encrypted communications. Thus, the NSA should have influenced, for example, in 2006 a public encryption standard to intentionally inject a weak method.

competent American National Standards Institute National Institute of Standards and Technology (NIST) has already responded to this revelation in the past week. Thus, the nesting has announced plans to undergo a re-examination of the referenced standard. At the debate can to 6 November each part.

The revelations of Edward Snowden

Edward Snowden was system administrator employed by a private company and this lent to the American NSA. In this position, he saw much and what he saw made him uneasy. More than 50,000 documents he allegedly downloaded from the servers of the NSA. In June 2013 he began to tell the public how it is monitored and spied on the Internet. An overview of his revelations:

  • The NSA receives data from stock Verizon and probably other telecommunications companies
  • The U.S. government taps into the monitoring system prism companies like Google, Apple, Facebook and Microsoft to
  • Germany is monitored by the NSA with most
  • Also

  • Canada collects worldwide data on the network
  • The monitoring system called Prism is not alone, there are three more in the USA
  • intelligence agency GCHQ taps international data lines with the program tenses directly
  • tenses monitors and stores everything that goes through the submarine cable
  • Stellarwind has been collecting for years, metadata billion emails
  • The NSA monitors up to 500 million monthly communication connections from Germany
  • equipment for Internet surveillance in the United States is possibly the FBI
  • Microsoft allows the NSA to bypass the encryption of emails and Skype conversations
  • The NSA can

  • encryption standards in the web as HTTPS bypass
  • the NSA spying on the international transport of account information from
  • monitored telephone calls in the United States without permission
  • NSA

  • smartphones and SMS are spied on by the NSA
  • GCHQ
  • hacked into a Belgian telephone company, which also supplies the EU

    And how they are rated

    things Snowden the British Guardian and the American Washington Post reported, the biggest leak in intelligence sector are likely to be. You have sparked a debate about the role of whistleblowers and to take control of intelligence agencies. An overview of the opinions and Comments to:

  • We need more whistleblowers
  • Against the NSA resistance is hardly possible
  • public is the best safeguard against supervisors
  • political control of the monitor is not working
  • An incredible expansion of surveillance without public debate
  • algorithms, each suspicious
  • monitoring attacks on our fundamental values ??
  • Snowden’s betrayal is a legitimate act of civil disobedience
  • to good faith for Democracy
  • interview with whistleblower Binney about the fear of the NSA before public
  • PGP inventor Phil Zimmermann says encryption is a civic duty
  • Bruce Schneier calls, we must recapture the Internet
  • This is the first step to finally pull the dubious methods from the market, the cryptographer Daniel J. Bernstein said in an interview with Times Online: “This can not surprise anyone, now all know that the NSA a backdoor here has. Disappointing is that the authority has not withdrawn this standard years ago. “

    suspicion of manipulation is an algorithm called Dual_EC_DRBG. Behind this name hides just a random number generator. Dual_EC_DRBG is one of four arithmetic rules of this kind, which were determined by nesting in 2006 as a standard. Such standards are developed in cooperation with the international community in cryptology experts. For Dual_EC_DRBG but a NSA employee drew largely responsible.

    The standard was regarded with suspicion from the beginning

    security researchers, the algorithm was therefore considered suspicious from the start. “The standard has been always used by anyone,” says Dirk Engling, a spokesman for the Chaos Computer Club. “The stuck from the beginning an aura of corruption, because he came from the NSA, and less than one year after publication that were published this back doors.” The action of nest now serve only to emphasize the standard and “trust the technical total loss contain something that is created by the NSA involvement in the standard-discovery,” says Engling.

    How this could have happened at all, that the agency took effect on the process, according to Engling is easy to explain. First, the nesting is required by law to include state agencies such as the NSA. Secondly, the number of gifted mathematician was “quite manageable on the planet” with a focus on cryptography. The NSA declare themselves proud to be the largest employer of mathematicians studied in the United States. “If such an institution that is trying to monopolize the expertise, it is not easy to let independent experts to examine the standards.”


    The key problem is Engling says, “that in the U.S., unlike in Germany, an authority – is for the protection of digital communication and at the same time it responsible for the attack – the NSA.” This dual function arises a fatal conflict of interest. “It was assumed previously that the NSA would install already no deliberate weaknesses in the cryptographic method of their own country, however, this assumption is wrong all of the NSA is to be able to read along apparently more important than other intelligence agencies -.. Around the Russia – on eavesdropping to prevent. “

    the consequences now has not only the company RSA to fight.

    No comments:

    Post a Comment