Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Tech Gear

Real Data Encryption Software is More Important than Ever

See also

The NSA story keeps breaking, with the latest revelation that the NSA paid RSA, a subsidiary of EMC, with a deep history in computer and internet security to implement and sell faulty encryption technology to its own clients. The December 2013 Reuters story has sent companies here and abroad scrambling to distance themselves from RSA and has seriously undermined consumer confidence in U.S.-based data encryption software providers at-large.

In September 2013, The New York Times released a statement from the NSA which confirmed that the agency was working to, “break widely used Internet encryption technologies.” That admission wasn’t the kicker, but rather that the agency had resorted to buying the complicity of a company dedicated to protecting customer data security. Moreover, the story of RSA’s involvement has a bright patina of irony to it in that in the 1990s the company successfully prevented NSA from embedding a sophisticated “spying chip” in all computing hardware.

The software used, Bsafe, was a landmark in data encryption, in that it was the first to successfully implement two-key encryption. In a secret deal with the NSA, RSA was paid $10 million to inculcate an algorithm - called Dual Eliptic Curve - that generates flawed, random numbers in its Bsafe technology, and, get this, call it the “preferred” option. This gave NSA a backdoor into the company’s tokens.

The Cost of Giving It UP

The company denies direct complicity, alleging that they were “duped”, and advised its customers to stop using the corrupt algorithm (after the story leaked), but the damage is, as they say, done. The RSA sponsored cyber security-conference to be held in San Francisco this February continues to lose keynote speakers. Boeing lost a multi-billion dollar contract with Brazil, as a result of the NSA’s spying. And across the cyber-sphere, analysts predict a tsunami backlash from European businesses with customers that expect their data to adhere to the EU’s considerably greater regard for individual privacy.

A Firefox executive recently encouraged security researchers to regularly audit Firefox’s source code, which is open source, in the hopes that the global community will help catch and arrest attempts to insert surveillance code into its browser. If this sounds paranoid, it’s worth noting that a small email company named Lavabit recently revealed that the U.S. government had requested information on its customers and then silenced them with a gag order.

Blocking the Backdoor

Most data encryption providers work with the National Institute of Science and Technology (NIST), an agency which provides industry-leading guidance on data encryption security, to ensure their cryptographic engines are safe to the highest industry standards (i.e., FIPS validated), but recent revelations are putting a spotlight on the nature of the relationship between NIST and data encryption providers, in no small part because another revelation from former NSA contractor, Edward Snowden, suggest that random number generators used in a 2006 NIST standard — contains a back door for the N.S.A.

Winmagic (a private Canadian company), looked into the implicated NIST standard (Dual EC DRBG) and determined it had not, which was a welcome relief to the company and its customers. That notwithstanding, speculation about the NSA’s ability to hack into the data encryption industry’s toughest fortresses, such as 256-bit AES encryption, run rampant. Fortunately, the degree of layered encryption this provides would require the kind of effort that could take years to complete. And now that data encryption companies are on to the NSA’s latest backdoor trick, they are focusing their efforts on staying one step ahead of the curve.

Sources:

http://reason.com/blog/2014/01/09/nsa-connection-has-attendees-fleeing-enc

http://techcrunch.com/2013/12/20/nsa-reportedly-paid-a-security-firm-millions-to-ship-deliberately-flawed-encryption-technology/

http://www.bestvpnservice.com/blog/nsa-secretly-partnered-with-rsa-for-backdoors-in-encryption-products/

http://blog.winmagic.com/2013/09/18/keeping-the-random-in-rng/

Advertisement

Don't Miss

  • Massive
    Ubisoft Massive exclusive: 'The Division', PS4 & Xbox One, Activision to Ubisoft & more
    Camera
    Games Exclusive
  • iPhone
    Get your wallet ready: The next iPhone could cost $100 more than your last one
    Video
    Tech Buzz
  • Civ
    Need to catch up on 'Sid Meier's Civilization'? Here is everything you need to know
    Camera
    Games Feature
  • Google Glass
    See how Google Glass is letting sick kids go to the zoo without leaving the hospital
    Tech News
  • Upcoming
    These are 2014's biggest PS4, Xbox One and Wii U games
    Camera
    Games Feature
  • Google
    Google has filed for a patent to develop contact lenses capable of taking photos
    Video
    Headlines

User login

Log in
Sign in with your email and password. Or reset your password.
Write for us
Interested in becoming an Examiner and sharing your experience and passion? We're always looking for quality writers. Find out more about Examiner.com and apply today!