According to research performed by a group of professors from Johns Hopkins, the University of Wisconsin and the University of Illinois, the security company RSA used a second security tool developed by the NSA which reduced the time needed to crack secure Internet communications.
At the end of last year is was revealed that the NSA paid RSA $10 million to use the Dual Elliptic Curve random number generator in its products. It has since come to light that the Dual Elliptic Curve algorithm had a built-in flaw which made it easier for the NSA to decrypt data that was encrypted with a random number generated by the Dual Elliptic Curve generator.
According to research seen by Reuters, the team of academic researchers have discovered that a second NSA tool, known as the “Extended Random” extension for secure websites, could reduce the time needed to crack a version of RSA’s Dual Elliptic Curve software by tens of thousands of times.
The company is reported to have told Reuters that it had not intentionally weakened security on any product and noted that Extended Random was not widely adopted. RSA also said that the Extended Random functionality has been removed from its software.
“We could have been more skeptical of NSA’s intentions,” said RSA Chief Technologist Sam Curry. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”
The researchers were able to demonstrate the weakness of the Dual Elliptic Curve random number generator by decrypting TLS connections made using the RSA Share library in several seconds.
Following the release of documents by former NSA contractor Edward Snowden, a presidential advisory group reported that the NSA’s practice of subverting cryptography standards should stop.
The possibility of a back door in the Dual Elliptic Curve random number generator was first mooted back in 2007. Recent research shows that when the NSA’s default parameters are replaced with new values, the current popular cryptography libraries are still vulnerable. According to the report’s authors, “The RSA BSAFE implementations of TLS make the Dual EC back door particularly easy to exploit compared to the other libraries we analyzed. ”
The research concludes that the Extended Random extension allows a client to request longer TLS random numbers from the server, a feature that, if it enabled, would speed up the Dual EC attack by a factor of up to 65,000.