RSA distributed second flawed, NSA-recommended security tool, report claims

Security outfit RSA has already had its name tarnished by the fact that the NSA paid it to distribute a mechanism (the Dual_EC_DRGB “Dual Elliptic Curve” random number generator) that turned out to be flawed. Now Reuters reports that RSA, these days part of EMC(s emc), also distributed a second NSA-recommended tool, the “Extended Random” extension, which researchers say made it easier to crack a version of the Dual Elliptic Curve software. Although Extended Random was included in the Bsafe security suite alongside Dual_EC_DRGB, it was sparsely adopted and was removed in the last 6 months. Again, RSA denies deliberately weakening its products.