Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

TrustyCon vs. RSA and NSA: New conference pushes trustworthy agenda

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 23 Jan 2014 07:21:16 +0000 (UTC)
http://www.networkworld.com/news/2014/012214-trustycon-rsa-nsa-277956.html

By Ellen Messmer
Network World
January 22, 2014
Who do you trust? That's a question asked increasingly by a security industry with a growing sense that the National Security Agency (NSA) has sought to weaken encryption or get backdoors into computers, based on documents leaked by Edward Snowden to the media. Now, trust is also the theme of a new conference called TrustyCon that will vie for attention on Feb. 27 in San Francisco while the big RSA Conference for security pros is also taking place in that city.
TrustyCon, organized by iSec Partners, the Electronic Frontier Foundation (EFF) and Defcon, pretty much sold out in a few days after it was announced last week. Microsoft and Cloudflare are sponsoring the event, with others expected to join them, and proceeds go to the EFF. The rise of TrustyCon has been fueled by industry backlash against the NSA, which the security industry widely believes weakened the crypto algorithm called Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) to be a backdoor for the agency.
A document on the National Institute of Standards and Technology (NIST) website suggests computer scientists there, who opened up a review of the NSA-influenced Dual EC DRBG last year, suspect it is a backdoor too, and will recommend removing Dual EC DRBG as a NIST standard.
TrustyCon is also a backlash against security company RSA, which organizes the huge annual RSA Conference. A recent Reuters report said RSA accepted $10 million from the NSA to make Dual EC DRBG as the default in its BSAFE toolkit. RSA in late December awkwardly responded to this investigative news story by saying there was no “'secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.” Since the BSAFE topic arose, RSA has emphasized it would not knowingly do anything to hurt its customers. 

[...]


--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: