[Cryptography] RSA recommends against use of its own products.
ianG
iang at iang.org
Mon Sep 23 04:20:53 EDT 2013
On 22/09/13 16:43 PM, Jerry Leichter wrote:
> On Sep 20, 2013, at 2:08 PM, Ray Dillinger wrote:
>> More fuel for the fire...
>>
>> http://rt.com/usa/nsa-weak-cryptography-rsa-110/
>>
>> RSA today declared its own BSAFE toolkit and all versions of its
>> Data Protection Manager insecure, recommending that all customers
>> immediately discontinue use of these products....
> Wow. You took as holy writ on a technical matter a pronouncement of the general press.
Etc. Yes, we expect the company to declare itself near white, and the
press to declare it blacker than the ace of spaces.
Meanwhile, this list is about those who know how to analyse this sort of
stuff, independently. So...
> ... But they made Dual EC DRBG the default ...
I don't see a lot of distance between choosing Dual_EC as default, and
the conclusion that BSAFE & user-systems are insecure.
The question that remains is, was it an innocent mistake, or were they
influenced by NSA?
We don't have much solid evidence on that. But we can draw the dots,
and a reasonable judgement can fill the missing pieces in.
iang
More information about the cryptography
mailing list