[Cryptography] RSA recommends against use of its own products.

ianG iang at iang.org
Mon Sep 23 04:20:53 EDT 2013


On 22/09/13 16:43 PM, Jerry Leichter wrote:
> On Sep 20, 2013, at 2:08 PM, Ray Dillinger wrote:
>> More fuel for the fire...
>>
>> http://rt.com/usa/nsa-weak-cryptography-rsa-110/
>>
>> RSA today declared its own BSAFE toolkit and all versions of its
>> Data Protection Manager insecure, recommending that all customers
>> immediately discontinue use of these products....
> Wow.  You took as holy writ on a technical matter a pronouncement of the general press.


Etc.  Yes, we expect the company to declare itself near white, and the 
press to declare it blacker than the ace of spaces.

Meanwhile, this list is about those who know how to analyse this sort of 
stuff, independently.  So...


> ...  But they made Dual EC DRBG the default ...

I don't see a lot of distance between choosing Dual_EC as default, and 
the conclusion that BSAFE & user-systems are insecure.

The question that remains is, was it an innocent mistake, or were they 
influenced by NSA?

We don't have much solid evidence on that.  But we can draw the dots, 
and a reasonable judgement can fill the missing pieces in.



iang



More information about the cryptography mailing list