14 DAY TRIAL // While the US government may not be taking the privacy of foreign Internet users, or that of its own citizens, seriously, some companies are putting in the effort to help their users out.
Following the disclosures from a couple of weeks ago regarding the fact that some services use a weak mathematical formula by the National Security Agency, RSA, the security arm of storage company EMC Corp sent out an email to its customers, Reuters reports.
The message said that a toolkit for developers had a default random-number generator using the weak formula, and it advised customers to switch to one of several other formulas in the product.
RSA’s warning stresses the fact that users could easily become exposed to hacking by the NSA or other entities who could exploit the same flaw for a long time since security updates are often too few and far between.
The message comes following reports based on documents from the Snowden stash showing the NSA set several cryptography standards, run by the National Institute of Standards and Technology (NIST). This fact means that the NSA also had an easy way to break into all products using these standards.
The situation concerning the RSA is that much more serious since developers who used its “BSAFE” kit used it to write code for Web browsers, various types of software and to created hardware components to increase their security.
This means that if the chosen standard was one of NSA’s creation, the number of tools out there using the flawed formula could be quite large.
Ironically, the formula in question has captured the attention of many over the years as many cryptographers believed it to be flawed by design. Of course, that proved to be true when the NSA leaked documents were published.