NSA leaves no stone unturned to infiltrate and spy on. As online security tools, too, are designed in the way NSA deems fit for its activities. Top security provider firm RSA endowed its BSAFE cryptography toolkit with a second NSA- influenced random number generator (RNG) which will render encrypted communications very easy to be de-crypted by hackers and eavesdroppers, says Reuters.
Citing soon-to-be-published research from several universities, Reuters said the Extended Random extension for secure websites allows attackers to work tens of thousands of times faster when breaking cryptography that uses the Dual EC_DRBG algorithm to generate the random numbers that populate a specific cryptographic key.
Dual EC_DRBG is a pseudo- random number generator that was developed by cryptographers from the National Security Agency and was the default RNG in BSAFE even after researchers demonstrated weaknesses so severe that many suspected they were introduced intentionally so the US spy agency could exploit them to crack encrypted communications of people it wanted to monitor. In December, Reuters reported that the NSA paid RSA $10 million to give Dual EC_DRBG its favored position in BSAFE.
Extended Random was a second RNG that is meant to add random generated key to make encryption more strong. However, in truth, the algorithm made protected communications even easier for attackers to decrypt by reducing the time it takes to predict the random numbers generated by Dual EC_DRBG, which is short for Dual Elliptic Curve, Reuters reported Monday.
A professor specializing in cryptography at Johns Hopkins University and one of the authors of the upcoming academic report, told Reuters, ” If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline”.
View full post on Who Got Hacked – Latest Hacking News and Security Updates