Content deleted Content added
Mor.nitesh (talk | contribs) m →Methods |
Mor.nitesh (talk | contribs) m →Methods |
||
Line 18:
The NSA encourages the manufacturers of security technology to disclose backdoors to their products or encryption keys so that they may access the encrypted data.<ref> ("NSA is Changing User's Internet Experience.") Info Security Institute </ref> However, fearing widespread adoption of encryption, the NSA set out to stealthily influence and weaken encryption standards and obtain master keys—either by agreement, by force of law, or by computer network exploitation ([[hacker (computer security)|hacking]]).<ref name="nytimes2">http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=3&_r=0</ref>
According to a Bullrun briefing document, the agency had successfully infiltrated both the [[Secure Sockets Layer]] as well as [[virtual private network]] (VPN).<ref>{{cite
As part of Bullrun, NSA has also been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets".<ref>{{cite news|url=http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html|publisher=New York Times|title=Secret Documents Reveal N.S.A. Campaign Against Encryption}}</ref> ''The New York Times'' has reported that the random number generator [[Dual_EC_DRBG]] contains a back door from the NSA, which would allow the NSA to break encryption keys generated by the random number generator.<ref>{{cite web|url=http://arstechnica.com/security/2013/09/new-york-times-provides-new-details-about-nsa-backdoor-in-crypto-spec/|title=New York Times provides new details about NSA backdoor in crypto spec|publisher=Ars Technica}}</ref> Even though this random number generator was known to be insecure and slow soon after the standard was published, and a potential NSA backdoor was found in 2007 while alternative random number generators without these flaws were certified and widely available, [[RSA Security]] continued using Dual_EC_DRBG in the company's [[BSAFE toolkit]] and [http://www.emc.com/security/rsa-data-protection-manager.htm Data Protection Manager] until September 2013. While RSA Security has denied knowingly inserting a backdoor into BSAFE, it has not yet given an explanation for the continued usage of Dual_EC_DRBG after its flaws became apparent in 2006 and 2007.<ref name="green">{{cite web|url=http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html|title=RSA warns developers not to use RSA products|author=Matthew Green}}</ref> It was reported on December 20, 2013 that RSA had accepted a payment of $10 million from the NSA to set the random number generator as the default.<ref name="RSApaid">{{cite news | url=http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 | title=Exclusive: Secret contract tied NSA and security industry pioneer | date=December 20, 2013 |publisher=Reuters | accessdate=December 20, 2013 | author=Menn, Joseph | ___location=San Francisco}}</ref><ref>{{cite web|author=Reuters in San Francisco |url=http://www.theguardian.com/world/2013/dec/20/nsa-internet-security-rsa-secret-10m-encryption |title=$10m NSA contract with security firm RSA led to encryption 'back door' | World news |publisher=theguardian.com |date=2013-12-20 |accessdate=2014-01-23}}</ref> Leaked NSA documents state that their effort was “a challenge in finesse” and that “Eventually, N.S.A. became the sole editor” of the standard.<ref name="nytimes2"/>
| |||