Security Researchers Find RSA Even More Completely Compromised By The NSA Than Previously Thought

from the setting-the-decryption-standard dept

Last December, Reuters broke the news that RSA had received $10 million from the NSA to push a weakened crypto standard as the default. This resulted in an incredible amount of backlash against RSA, resulting in many security researchers pulling out of the RSA's conference (which itself was met by a protest conference).

There's more bad news ahead for the RSA, again delivered by Reuters.

Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.

Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or "back door" - that allowed the NSA to crack the encryption.

A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.

The professors found that the tool, known as the "Extended Random" extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.
As Reuters notes, Extended Random has not been widely adopted (and now won't be), so the real story here is how the NSA undermines companies (and their aims) under the name of "advising on protection."

Rather belatedly, RSA officials are developing a sense of skepticism towards the NSA's motives.
"We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure."
As has been shown numerous times over the last several years, the government would rather make the connected world less secure -- by stockpiling exploits and preventing holes from being patched -- in the name of "security." There's more than one kind of security, and the definition that works for most normal people runs contrary to the NSA's desire to exploit and collect everything it can.

The NSA has refused to comment on the story and the RSA, for its part, has not disputed what researchers have uncovered. Dual Elliptic Curve is the NSA's $10 million baby, and the addition of Extended Random does nothing more than make the next set of random numbers easier to predict.
Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.

"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," Green said…

The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.
This is what happens when you allow the NSA to not only play with the toys, but to also design them. "Security," in terms of the RSA's chosen standard, is now nothing more than a buzzword appended to its product line. The company learned far too late that the intelligence agency has little need for solid encryption, viewing it as an obstacle to be surmounted rather than a defensive tool that might make computing more secure -- for everybody.

The agency wants it all and it wants to gather it with the least amount of effort possible. While it may have little desire to turn its weapons on Americans ("incidental collections" will still continue, of course…), it has exactly zero compelling legal reasons not to weaponize crippled encryption against the rest of the world. RSA's credulousness (and perhaps $10 million) apparently silenced its better judgement, and now the connected world is open not only to the NSA's exploits, but anyone else with the desire to open the agency's backdoors.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Anonymous Coward, Mar 31st, 2014 @ 11:19am

    Fuck the NSA

    Can anyone cite five things that have benefitted the people of These United States of America on behalf of the NSA?

    As a follow up question, how much taxpayer money was used (including such bribes as the $10 million mentioned in this blog) to get this benefit?

    Time to end the NSA! They are completely misguided and worthless.

    reply to this | link to this | view in thread ]

  2. icon
    Geno0wl (profile), Mar 31st, 2014 @ 11:20am

    What were they thinking?

    Even IF, which it is a big if, the NSA didn't have "malicious" intent it would be an absolutely terrible idea to put a backdoor into the crypto.
    I mean it only takes one clever person(or a jaded ex-NSA contractor...) to bring that whole house of cards down. Then not only did you just shoot your company in the foot but you also compromised EVERYBODY else.
    At this point I don't know why anybody in their right mind would use any RSA products if they could go somewhere else, and RSA has nobody to blame for it than themselves.

    reply to this | link to this | view in thread ]

  3. identicon
    mcinsand, Mar 31st, 2014 @ 11:25am

    class action suit time?

    At what point could customers have grounds for a class action suit? Customers pay RSA to enhance security, not to sell it out.

    reply to this | link to this | view in thread ]

  4. icon
    carlosjii (profile), Mar 31st, 2014 @ 11:28am

    Re: Fuck the NSA

    Hey the NSA and the FBI/CIA kept us safe until 9/10/2001

    Congress can de-budget them anytime and would except NSA has so much stuff on Congress

    reply to this | link to this | view in thread ]

  5. identicon
    Mark Wing, Mar 31st, 2014 @ 11:30am

    "To serve America" is really just a cookbook.

    reply to this | link to this | view in thread ]

  6. icon
    ChurchHatesTucker (profile), Mar 31st, 2014 @ 11:30am

    Paging Carmen Ortiz

    Can we prosecute the people who are an actual threat?

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, Mar 31st, 2014 @ 11:34am

    nsa is going to single-handedly put this country on its knees.  to borrow from a great man we wish we still had among us, 'you have to stand in awe.'

    reply to this | link to this | view in thread ]

  8. icon
    DannyB (profile), Mar 31st, 2014 @ 11:35am

    But look at the benefit to the RSA

    But the NSA give RSA $10 Million for compromising crypto!

    Wouldn't this be an immediate and justifiable reason for RSA to bend over for the NSA, take the money and run?

    Isn't short term benefit always more important than long term benefit? Look at Nokia signing an assisted suicide deal with Microsoft. Look at Oculus Rift being acquired by Facebook.

    reply to this | link to this | view in thread ]

  9. icon
    DV Henkel-Wallace (profile), Mar 31st, 2014 @ 11:43am

    Can EMC sue?

    Since the government impaired the value of RSA (which was purchased by EMC) could EMC sue the government for destroying their asset? Seems like this would fall after the last clause of the fifth amendment: "nor shall private property be taken for public use, without just compensation"

    reply to this | link to this | view in thread ]

  10. icon
    John Fenderson (profile), Mar 31st, 2014 @ 11:44am

    RSA is done for

    I don't see how any RSA products can be trusted at this point. The first strike? Very worrisome and cause for extreme caution. The second strike? Indicative that there is likely to be other problems that have yet to surface. It's now far too risky to give RSA any trust at all.

    reply to this | link to this | view in thread ]

  11. icon
    John Fenderson (profile), Mar 31st, 2014 @ 11:46am

    Re: Can EMC sue?

    "without just compensation"

    The $10 million doesn't count as just compensation? RSA seems to have thought it did.

    reply to this | link to this | view in thread ]

  12. icon
    Ninja (profile), Mar 31st, 2014 @ 11:53am

    Are we seeing the first major death caused by the NSA in the tech sector?

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, Mar 31st, 2014 @ 11:57am

    Re: What were they thinking?

    All it takes is one foreign agent inside NSA to hand a foreign power the same ability. The question should be how badly have they been compromised by foreign agents?

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, Mar 31st, 2014 @ 11:59am

    Re: Can EMC sue?

    Point EMC in the direction of investor state dispute resolution, that way it bypasses the US courts.

    reply to this | link to this | view in thread ]

  15. identicon
    Rich Kulawiec, Mar 31st, 2014 @ 12:02pm

    The scary part of this... not that these cryptographers discovered this problem. It's not even that the NSA has been exploiting it for who-knows-what.

    The scary part is that maybe someone else did. A long time ago. And elected to do something with it that didn't include publishing in academic journals or talking to reporters.

    reply to this | link to this | view in thread ]

  16. identicon
    Eric Stein, Mar 31st, 2014 @ 12:05pm

    (gasping sound)

    Wait, the NSA will do the taking, and no compensation will be given. The $10M seems like a drop in the bucket compared to the losses sustained by people and companies unfortunate enough to use RSA products, yet what has the NSA gained for this deadly (the bodies will be found eventually) sabotage to the US economy. If your job is to protect the country and you think that ruining the economy in a necessary step towards that goal, aren't you now the mad-dog agency. Here's another piece: what do you do with tame dogs if you work for US LE?

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, Mar 31st, 2014 @ 12:05pm


    No, that would be Skynet. Luckily, NVidia revived it for next year.

    reply to this | link to this | view in thread ]

  18. identicon
    Anonymous Coward, Mar 31st, 2014 @ 12:06pm

    If this were any other company put in charge of product creation they'd be sued to no end and promptly removed from any and all other contracts and projects.
    these people need to be removed from their posts and locked away.

    reply to this | link to this | view in thread ]

  19. identicon
    Anonymous Coward, Mar 31st, 2014 @ 12:13pm

    Re: The scary part of this...

    nah, there is no chance of it. at all. I mean that would be illegal and nobody would ever do something if it is illegal, right?

    reply to this | link to this | view in thread ]

  20. icon
    Rikuo (profile), Mar 31st, 2014 @ 12:22pm

    Re: Can EMC sue?

    Like others have told me, you can sue for anything, but winning in the actual lawsuit? Different story altogether.
    If the US government even allowed the case to move forward, they would just argue that nothing was taken, that RSA still has the standard and can still promote and sell their products, that it's all legal, blah blah blah.

    reply to this | link to this | view in thread ]

  21. icon
    Coogan (profile), Mar 31st, 2014 @ 1:05pm

    Give RSA some credit - they got $10 million bucks. That's substantially better than the 30 pieces of silver Judas got.

    Then again, Judas had enough remorse to return the silver and hang himself. Your move, RSA.

    reply to this | link to this | view in thread ]

  22. identicon
    Personanongrata, Mar 31st, 2014 @ 1:23pm

    Nothing To Hide

    If you don't have anything to hide, you have nothing to fear.

    The US government made over 95 million derivative classification decisions in 2012.

    Apparently the US government has a lot to hide and is mighty fearful of the truth.

    reply to this | link to this | view in thread ]

  23. icon
    madasahatter (profile), Mar 31st, 2014 @ 3:10pm

    Re: Re: What were they thinking?

    Or somebody work in a foreign intelligence agency discovering the problem and not talking. The only reason anyone knows about this is the people who discovered these flaws published their results. I would love to know if the Russians or Chinese have been using NSA funded backdoors on the US government.

    reply to this | link to this | view in thread ]

  24. identicon
    zip, Mar 31st, 2014 @ 3:35pm

    RSA - world's most gullible people?

    It's always amazed me that an organization that specializes in building encryption algorithms would knowingly take advice from an organization that specializes in breaking encryption algorithms -- and never suspect any monkey business.

    But of course feigning ignorance serves as better damage-control than the alternate possibility: that RSA knew the deal smelled fishy, but chose to take the money with one hand while holding their nose with the other.

    reply to this | link to this | view in thread ]

  25. icon
    Feldie47 (profile), Mar 31st, 2014 @ 3:46pm

    Hmmm. Should I think twice the next time I bank online, or buy something online? RSA broken? Credit card encryption still valid? Did the NSA get to do what so many hackers failed to do? Bring down all monetary transactions on the internet? Remember the discussions decades ago about breaking the encryption? 64 bits then 128, then 256. Where exactly does that put us now?

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.