Welcome to ECCIE, become a part of the fastest growing adult community. Take a minute & sign up!

Welcome to ECCIE - Sign up today!

Become a part of one of the fastest growing adult communities online. We have something for you, whether you’re a male member seeking out new friends or a new lady on the scene looking to take advantage of our many opportunities to network, make new friends, or connect with people. Join today & take part in lively discussions, take advantage of all the great features that attract hundreds of new daily members!

Go Premium

Go Back   ECCIE Worldwide > General Interest > The Political Forum
test
The Political Forum Discuss anything related to politics in this forum. World politics, US Politics, State and Local.

Most Favorited Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Most Liked Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Top Reviewers
cockalatte 649
MoneyManMatt 490
Still Looking 399
samcruz 399
Jon Bon 398
Harley Diablo 377
honest_abe 362
DFW_Ladies_Man 313
Chung Tran 288
lupegarland 287
nicemusic 285
Starscream66 282
You&Me 281
George Spelvin 270
sharkman29 256
Top Posters
DallasRain70819
biomed163644
Yssup Rider61234
gman4453344
LexusLover51038
offshoredrilling48794
WTF48267
pyramider46370
bambino43216
The_Waco_Kid37398
CryptKicker37228
Mokoa36497
Chung Tran36100
Still Looking35944
Mojojo33117

Reply
 
Thread Tools
Old 09-20-2013, 06:50 AM   #1
Stan.Dupp
Valued Poster
 
Stan.Dupp's Avatar
 
Join Date: Oct 27, 2012
Location: Europe
Posts: 324
Question RSA Tells Its Developer Customers: Stop Using NSA-Linked Algorithm

Boy are they and others going to have fun weeding out the pseudocode/code and pulling out the algorithyms! I wonder about the TPM on the computers that people have too? They are now recommending that people not use their encryption to avoid triggering these algorithyms. One has to wonder what the big organizations like IEEE, and ICANN, and IETF and others such as the ISO are doing about all this?

I would love to hear from some of you computer programmers on this issue!

------------------------------



Amidst all of the confusion and concern over an encryption algorithm that may contain an NSA backdoor, RSA Security released an advisory to developer customers today noting that the algorithm is the default in one of its toolkits and strongly advising them to stop using the algorithm.

The advisory provides developers with information about how to change the default to one of a number of other random number generator algorithms RSA supports and notes that RSA has also changed the default on its end in BSafe and in an RSA key management system.

The company is the first to go public with such an announcement in the wake of revelations by the New York Times that the NSA may have inserted an intentional weakness in the algorithm — known as Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) — and then used its influence to get the algorithm added to a national standard issued by the National Institute of Standards and Technology.

In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.

In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.

The company said that to “ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG.”

RSA is currently doing an internal review of all of its products to see where the algorithm gets invoked and to change those. A company spokesman said the review is expected to be completed next week.

“Every product that we as RSA make, if it has a crypto function, we may or may not ourselves have decided to use this algorithm,” said Sam Curry, chief technical officer for RSA Security. “So we’re also going to go through and make sure that we ourselves follow our own advice and aren’t using this algorithm.”

Curry told WIRED that the company added the algorithm to its libraries in 2004 and 2005 at a time when elliptic curve algorithms were becoming the rage and were considered to have advantages over other algorithms. The algorithm was approved by NIST in 2006 for a standard governing random number generators.

BSafe has six random number generators in it, some are hash-based and several that are elliptic-curve based, like the algorithm in question. Curry says they chose Dual EC DRBG as the default “on the basis of providing the best security for our customers.”

The algorithm he said had features that gave it advantages over the others.

“The ability to do continuous testing of output, for instance, or the ability to do general sort of prediction resistance and to be able to do re-seeding,” he said. “Those are really attractive features.”

The advisory to RSA developers reads as follows:

Due to the debate around the Dual EC DRBG standard highlighted recently by the National Institute of Standards and Technology (NIST), NIST re-opened for public comment its SP 800-90 standard which covers Pseudo-random Number Generators (PRNG).

For more information about the announcement see:

http://csrc.nist.gov/publications/Pu...%20B%20and%20C

The ITL Security Bulletin mentioned in this announcement includes the following:

“Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation: NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.”

The currently released and supported versions of the BSAFE libraries (including Crypto-J 6.1.x and Crypto-C ME 4.0.x) and of the RSA DPM clients and servers use Dual EC DRBG as the default PRNG, but most libraries do support other PRNGs that customers can use. We are providing guidance to our customers on how to change the PRNG from the default in their existing implementation.

In the current product documentation, RSA has provided technical guidance for RSA BSAFE Toolkits and RSA DPM customers to change the PRNG in their implementation.

RSA will change the default RNG in RSA BSAFE Toolkits and RSA DPM as appropriate and may update the algorithm library as needed.
Stan.Dupp is offline   Quote
Old 09-20-2013, 09:43 AM   #2
Stan.Dupp
Valued Poster
 
Stan.Dupp's Avatar
 
Join Date: Oct 27, 2012
Location: Europe
Posts: 324
Default

Guess there are no techy people on this board? Sigh...
Stan.Dupp is offline   Quote
Reply



AMPReviews.net
Find Ladies
Hot Women

Powered by vBulletin®
Copyright © 2009 - 2016, ECCIE Worldwide, All Rights Reserved