RSA warns customers against NSA-compromised security product

RSA acts on warning from standards body over claims of NSA interference in setting encryption technology standards

RSA Security has warned customers to reconsider the default algorithm in one of its encryption toolkits after the US National Institute of Standards and Technology (NIST) called into question the trustworthiness of a key component of its standards.

It follows claims that the US National Security Agency (NSA) was involved in the standards-setting process within NIST, subverting security protocols that were subsequently adopted as national and international standards.

In an advisory, RSA "strongly recommends" that customers follow NIST advice over the default pseudo random number generator algorithm in its BSafe product and replaces it with a more secure algorithm. The random number generator is key to secure cryptography - if it is insufficiently random, the resulting encryption will be weak.

Media reports claim that NSA agents worked to insert intentional weaknesses into the algorithm, called the Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG). It subsequently used its influence at the National Institute of Standards and Technology (NIST) to have it made a US - and, hence, global - national standard.

In response, NIST has re-opened its debate around the Dual EC DRBG standard and issued recommendations that organisations cease using the technology immediately.

"NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used," said NIST in its announcement.

The specification was approved by NIST in 2006 and later adopted by the International Organization for Standardization (ISO).

"To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG [pseudo random number generator]," stated the RSA advisory note. "Technical guidance, including how to change the default PRNG in most libraries, is available in the most current [RSA] product documentation."

The revelation is the latest in a string of embarrassing leaks from the NSA by former contractor Edward Snowden, who revealed how the NSA and partner organisations in Europe and Australasia conspired to spy on global internet traffic.