[LINK] What security encryption?
Jan Whitaker
jwhit at janwhitaker.com
Tue Apr 1 16:13:30 AEDT 2014
http://www.theage.com.au/it-pro/security-it/nsas-penetration-of-rsa-security-was-twopronged-researchers-20140331-zqp6o.html
Security industry pioneer RSA adopted not just
one but two encryption tools developed by the US
National Security Agency (NSA), greatly
increasing the spy agency's ability to eavesdrop
on some internet communications, according to researchers.
In December it was reported the NSA had paid RSA
$US10 million ($10,800,000) to make a
now-discredited cryptography system the default
in software used by a wide range of internet and
computer security programs. The system, called
Dual Elliptic Curve, was a random-number
generator, but it had a deliberate flaw – or
"back door" – that allowed the NSA to crack the encryption.
A group of professors from Johns Hopkins, the
University of Wisconsin, the University of
Illinois and elsewhere now say they have
discovered that a second NSA tool exacerbated the RSA software's vulnerability.
[snip - more at the link]
More information about the Link
mailing list