RSA is warning developer clients to dump a encryption algorithm used by default in two of its products that was discovered to have been weakened by what was alleged to be the National Security Agency.
In a letter sent to clients seen by Wired, RSA "strongly recommends" users dump the Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generation) random number generator from all versions of its BSAFE Library and Data Protection Manage crypto key manager.
BSAFE implemented cryptographic functions into other third party software, meaning scores more products may be weakened and at risk of compromise.
A National Institute of Standards and Technology document found by Ars Technica revealed the Dual_EC_DRBG was used in McAfee Firewall Enterprise Control Center 5.3.1 but only in US Government deployments. Many more products were affected.
RSA's announcement was made it said to “ensure a high level of assurance" in the apps and to urge customers to move to another unspecified pseudorandom number generator.
From its end the company had turned off the Dual_EC_DRBG specification in the products.
It was the first known advisory of its kind by a security company since the New York Times revealed documents leaked by Edward Snowden that declared the NSA may have deliberately weakened the algorithm before in 2006 successfully lobbying the National Institute of Standards and Technology to adopt it as a standard for random number generators.
"Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can," he wrote in a piece for The Guardian.
Asked to respond to the comments, respected cryptographer Peter Guttman of the University of Auckland said he too avoided elliptic curve cryptography.
"I've never liked ECC anyway (even pre-Snowden), it's just way too brittle, make the tiniest mistake and you're toast," he wrote in an email. "Or have some new piece of research come out and you're toast."