Cisco, McAfee, Other Firms Addressing NSA-Linked Encryption Algorithm


RSA was the first security firm to issue an advisory over the matter. The firm issued a message to developers Sept. 19, BSafe toolkit, used to implement encryption in thousands of applications, was set up to support the faulty encryption algorithm by default. Cryptographers believe NSA pushed to get the algorithm added as a standard issued by NIST despite it being slower and containing a known weakness. Vendors provided support for the algorithm so businesses could meet the Federal Information Processing Standard (FIPS) certification, which recommended the algorithm as one of the standards required to do business with the U.S. government.

The issue impacts many businesses, said Robert David Graham, a noted cryptography expert and CEO of security consultancy, Errata Security. Firms have to check whether the algorithm was implemented and is in use. Meanwhile, any product updates will have to be applied, Graham said.

"It's not just RSA's products; anybody using Microsoft's crypto libraries or the OpenSSL library has to do the same," Graham said.

Following the RSA recommendations, security firms told CRN that they are addressing customer concerns and determining whether there is a need to issue an advisory about the matter.

Stanley Mesceda, a program manager at SafeNet, an enterprise data protection vendor, said the company uses a mix of hardware-based and other randomizers in its products, making the issue of whether the firm uses the encryption algorithm a moot point. SafeNet was validated by NIST to use the OpenSSL library that supports the questionable encryption algorithm.

"In SafeNet products, we don't use OpenSSL for our randomizer; we have other mechanisms to do the randomization," Mesceda said.

A Cisco Systems spokesperson said the company is completing an internal audit of the products that leverage the standard. The company said the questionable algorithm is not the default random bit generator in Cisco's standard crypto library, but it was implemented as part of compliance efforts in mid-2012.

"AES-CTR is the default selection for the standard crypto library that is deployed across more than 120 Cisco product lines," the company said in a statement issued to CRN. "This default cannot be changed by the user."

Juniper said it also is conducting an audit and "so far has not found any Juniper products that invoke the Dual_EC_DRBG algorithm."

McAfee told CRN that its Firewall Enterprise Control Center supported the Dual_EC_DRBG, but only when it is deployed in federal government or government contractor customer environments, where the FIPS certification has recommended it. "In non-FIPS140-2, non-U.S. government implementations, the product uses the newer SHA1 PRNG random number generator in all other settings," the firm said in a statement.

Symantec refused to comment about the extent of algorithm use in its products. The company is on a NIST validation list for its data loss prevention crypto engine.

Security vendor Thales, which sells hardware security modules that perform encryption for many banks and other financial institutions, told CRN that the "algorithm is supported in a single variant of network encryption appliances in a closed, stand-alone system. The algorithm has not been implemented in any of the company's HSM products, said Richard Moulds, vice president of Thales e-Security.

"We have been aware of the potential flaws in the Dual_EC_DRBG algorithm for a number of years, and as a result we have not implemented this algorithm in any of our HSMs," Moulds said in an email message.

Potential changes in the field of encryption research make crypto systems susceptible to being invalidated at any time, said Tom Cross, director of security research at network security vendor Lancope. Dual_EC_DRBG is supported in Lancope products but not enabled by default.

"It is critical that encryption systems be implemented in such a way that they can be reconfigured in light of changing circumstances," Cross said. "For those customers who have taken the extra step of enabling Dual_EC_DRBG, Lancope has provided guidance regarding how to enable alternatives."

PUBLISHED ON SEPT. 27, 2013