RSA, the internet security firm, has warned customers not to use one of its own encryption algorithms after fears it can be unlocked by the US National Security Agency (NSA). http://www.bbc.co.uk/news/technology-24173977
In an advisory note to its developer customers, RSA said that a default algorithm in one of its toolkits could contain a “back door” that would allow the NSA to decrypt encrypted data.
It “strongly recommends” switching to other random number generators.
The NSA may have intentionally introduced a flaw into the algorithm – known as Dual Elliptic Curve Deterministic Random Bit Generation – and then tried to get it adopted as a security standard by the US National Institute of Standards and Technology.
As the documents leaked by the former government security contractor Edward Snowden have demonstrated, the NSA has been intercepting communications data from all over the world through its Prism surveillance programme.
One of the NSA’s tactics has been to persuade leading technology companies, such as Microsoft and Google, to co-operate with the security services in providing access to user data. Privacy rights campaigners have been concerned over how far this co-operation may extend.
