[LINK] What security encryption?

Jan Whitaker jwhit at janwhitaker.com
Tue Apr 1 16:13:30 AEDT 2014


http://www.theage.com.au/it-pro/security-it/nsas-penetration-of-rsa-security-was-twopronged-researchers-20140331-zqp6o.html


Security industry pioneer RSA adopted not just 
one but two encryption tools developed by the US 
National Security Agency (NSA), greatly 
increasing the spy agency's ability to eavesdrop 
on some internet communications, according to researchers.

In December it was reported the NSA had paid RSA 
$US10 million ($10,800,000) to make a 
now-discredited cryptography system the default 
in software used by a wide range of internet and 
computer security programs. The system, called 
Dual Elliptic Curve, was a random-number 
generator, but it had a deliberate flaw – or 
"back door" – that allowed the NSA to crack the encryption.

A group of professors from Johns Hopkins, the 
University of Wisconsin, the University of 
Illinois and elsewhere now say they have 
discovered that a second NSA tool exacerbated the RSA software's vulnerability.
[snip - more at the link]




More information about the Link mailing list