Ho Ho Ho! Those pesky nuisances are in the news again!
In September this year we wrote about flaws in the pseudo random number generator (DUAL_EC_DRBG) which generates arbitrary numbers called nonces, and the fact that the algorithm ‘may’ (we aren’t Private Eye) have been deliberately compromised at the ..ahem.. encouragement of the National Security Agency.
Well, following the Christmas flurry of Snowden the bread sauce has well and truly thickened.
On the one hand it has been revealed that the OpenSSL toolkit has a bug in it which prevents use of the tainted algorithm. Happy Christmas OpenSSL users !
On the other hand Mr Snowden suggests that RSA were paid no less than Ten Million Dollars to poison their BSAFE crypto library. RSA are hotly denying this as we speak. The journalist who made the revelation/accusation; Joseph Menn of Reuters is holding the line. Time will tell unless of course the NSA got to that too.
Battle lines are drawn and this isn’t going away. Buy your season ticket by continuing to read our Threat Of The Week next year.
Thanks for your support and attention in 2013. Have a great Christmas and New Year from all of us at ITC Secure Networking.
Take care.
