Promise of Privacy Unravels
The company is the first to go public with such an announcement in the wake of revelations by the New York Times that the NSA may have (totally) inserted an intentional weakness in the algorithm — known as Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) — and then used its influence to get the algorithm added to a national standard issued by the National Institute of Standards and Technology.
In its advisory, RSA said that ALL versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.
In addition, ALL versions of RSA Data Protection Manager (DPM) server and clients were affected as well.
The company said, “RSA strongly recommends that customers discontinue use of Dual EC DRBG…”