Snowden disclosures prompt warning on widely used computer security formula
SAN FRANCISCO (REUTERS) - In the latest fallout from Edward Snowden's intelligence disclosures, a major US computer security company warned thousands of customers on Thursday to stop using software that relies on a weak mathematical formula developed by the National Security Agency (NSA).
RSA, the security arm of storage company EMC Corp, told current customers in an email that a toolkit for developers had a default random-number generator using the weak formula, and that customers should switch to one of several other formulas in the product.
Last week, the New York Times reported that Snowden's cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government's National Institute of Standards and Technology (NIST), to push for a formula that it knew it could break.
NIST, which accepted the NSA proposal in 2006 as one of four systems acceptable for government use, this week said it would reconsider that inclusion in the wake of questions about its security.