Yet another nasty secret revealed by Snowden leaks! Really RSA, you sold out for only ten million dollars? At least tack another zero in to your price, have a spine after all.
Even notice that when groups go into the private sector they go bad? Thankfully my PGP key is a Diffie-Hellman/DSS not RSA because of proper paranoia. The flawed algorithm Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) was implemented in the BSAFE library.
TL:DR anything using Dual_EC_DRBG to generate random data for encryption or FIPS integrity checking is fucked.
Cisco Systems, Inc.: encryptionIOS Algorithms, ACT-2Lite, CiscoSSL FIPS Object Module (Assembler), IOS Common Cryptographic Module (IC2M) within Cat4K, Cisco IOS-XE, ONS Encryption Card Firmware Algorithms, ONS Controller Card Firmware Algorithms, Adaptive Security Appliance OS, Cavium Nitrox PX (CN1520), Cavium Nitrox PX (CN1610), Adaptive Security Appliance Onboard Acceleration, DRBG, IOS-XE Cryptographic Implementation and MOAR!
Microsoft Corporation: Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations.
Apple: Apple iOS CoreCrypto Module, Apple iOS CoreCrypto Kernel Module, Apple OSX CoreCrypto Module
Check Point Software Technologies aka the company that owns zonealarm!: Check Point Crypto Core, Check Point Security Gateway, VSX, Provider-1, Security Management.
Aruba Networks, Inc.: libancrypto.a
Symantec Corporation: Symantec Cross-Platform Cipher Engine, Symantec SymCrypt Cipher Engine.
Blackberry: BlackBerry Cryptographic Kernel, BlackBerry Cryptographic Algorithm Library, BlackBerry Algorithm Library for Secure Work Space
McAfee, Inc.: McAfee Firewall Enterprise 64-bit Cryptographic Engine Virtual and physical, ePO Agent Handler Cryptographic Module, RSA BSAFE Crypto-J, McAfee Linux OpenSSL
VMware, Inc.: VMware Java JCE (Java Cryptographic Extension) Module, VMware NSS Cryptographic Module .
IBM: IBM LTO Ultrium 6 Cryptographic Firmware Library (Lol this is for tape drives), ICC Algorithmic Core on Windows, TS1140 Cryptographic Firmware Library
Intel Corporation: QuickAssist Technology Software Library for Cryptography on the Intel® Communications Chipset 89xx Series.
Motorola Solutions, Inc.: OpenSSL Crypto library-DRBG
Oracle America, Inc.: T10000C CTR DRBG
Toshiba Corporation: Toshiba Secure Cryptographic Suite for Enterprise SSD, Toshiba Secure Cryptographic Suite for Mobile HDD
Hewlett Packard India Software Operations Pvt Ltd: HP-UX Kernel Cryptographic Module.
Hewlett–Packard Development Company, L.P.: HP NSVLE C API Library
OpenSSL Software Foundation, Inc.: OpenSSL FIPS Object Module
Samsung Electronics Co., Ltd: Samsung OpenSSL Cryptographic Module
AND MANY MOAR!
But wait, there’s MOAR courtesy of Sam Curry, RSA’s chief technology officer.
Now for some hilarity, two Microsoft employees (Dan Shumow and Niels Ferguson) discovered this in 2007 and no one listened! Their presentation,
, was downplayed by Microsoft and Jon Callas, the CTO of Silent Circle. Callas who now looks like an ass stated that: