From eugen@leitl.org Mon Sep 23 04:27:55 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: [Cryptography] RSA recommends against use of its own products. Date: Mon, 23 Sep 2013 10:27:47 +0200 Message-ID: <20130923082747.GD10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5905801035442751410==" --===============5905801035442751410== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Ray Dillinger ----- Date: Fri, 20 Sep 2013 11:08:00 -0700 From: Ray Dillinger To: cryptography(a)metzdowd.com Subject: [Cryptography] RSA recommends against use of its own products. User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130828 Icedove/17.= 0.8 More fuel for the fire... http://rt.com/usa/nsa-weak-cryptography-rsa-110/ RSA today declared its own BSAFE toolkit and all versions of its Data Protection Manager insecure, recommending that all customers immediately discontinue use of these products. The issue is apparently the Random Number Generator that these products use, the rather amusingly named "Dual Elliptic Curve Deterministic Random Bit Generator." *1 And according to more of the Snowden Files released to (or by) the New York Times last week, that pseudorandom generator is deliberately flawed in order to allow it to be sod... um, excuse me, I should have said, to permit backdoor penetration. RSA was truly between a rock and a hard place here as I see it. With the deliberate weakness now made public, they took a terrific blow to their business. But failure to follow up with a recommendation against their own products, no matter how much additional financial pain that action entails, would have destroyed all trust in their company and prospects for future business. As best I can tell, they have lost $Millions at least due to the tampering of their products, and American security and software companies taken as a whole are in the process of losing $Billions to foreign competitors for the same reasons. I wonder, would a class action suit seeking compensation for this wholesale sabotage be within the jurisdiction of the FISA court? Bear *1 "Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin." -- John Von Neumann _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============5905801035442751410== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuNC4xMiAoR05V L0xpbnV4KQoKaVFJY0JBRUJBZ0FHQlFKU1AvdURBQW9KRVBSdU5JbXNpVTdGZHpBUC8xaWc5OFZD MmZtVUxmWVExZkF0c1pXbwpsYkV4ckxEOVI3TG1uT3ZFQjJrUlVjS2R5YnNWMVRQTFVIaU1NcVZm OW1raGNKTGJVdlNQNmV3cElSaHl1ZnhzClBrQTUzNVR3MjdZMnV5bTFSNHdCWlNsYkdvVllsWDZH MDNudVFmZXVXZFN1YVdEeXhKRHFqRTVHOHZlVUV5a2EKR0JTN29DOXpnSHdiYW1BVTVXdHNJWUFt d0pxc0p0bXBNSURzeGN1N3JOT3JjOXZvS2t6VE1NK2ttdVRWaGUxYwpwMjFsaitpcjhWVE1ITmgy KzlXVWRvRHMrcmhiek9wVjg1SnR5Mnk5eFMyWjdPc1pTekZET0M4TGVYREJpVTlsCmJuVjBRektZ MWpDRjArRWQxQkI2OWgwM0NOai96MmRWSzhOSnZKSlZUY01GUU43N1lYb1EyR255WHlDMGdXMmcK YVVpVlhXaXBOb2psOWpKVVptTzMzOXBzcHNyK003bFRac0N4OXh3U2piOFgvbHpZVEdzcDlyeHEx ZFZjU2VpUQpvTVhrY2gzNFpzMURsQysySkJBWENqZmZLSDRhS3VVd3pvWnVHUzZIb3pHZ2dJb245 cWxnc2U0a3NpOG9MNjlVClVnWDZsMWVkVHVXdVVPaTMyQklpU1ZLWHRxVGd2NlBUTW9ldi8vczQv UkZZS3hzenl1WjhWK0pKRXJZTmpNdG4KaHFZZHNjSVVHWVRDQ2NZY3JDZ21tVjdaeHdrQzFGUHR4 MjNRdnV1OEtnVnBudnhZMkoxSjBER3k2bWgwYkV3RAp4dkYzcVdiamcwaElLWDB2Qms2R0c3ZSta L2tqV1c2MVNKekhRTmFmTkl5OVJUQ0JiL0N1OWRkVUFCV05JZGRwClBJSUUvWjRXWjN6U2tRWTdN ejgzCj1LaUttCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============5905801035442751410==--