HOME

TheInfoList



Click Here for Items Related To - RSA BSAFE
OR:
RSA BSAFE on:   [Wikipedia]   [Google]   [Amazon]

Dell BSAFE, formerly known as RSA BSAFE, is a
FIPS 140-2 The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a United States, U.S. government of the United States, government computer security standardization, standard used to approve Cryptographic module, cryptographic ...
validated
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
library, available in both C and Java. BSAFE was initially created by
RSA Security RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer security, computer and network security company with a focus on encryption and decryption standards. RSA was named after the initials of its co-founders, ...
, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA business to
Symphony Technology Group STG Partners, LLC (STG) is an American private equity firm and based in Menlo Park, California. Its predecessor, Symphony Technology Group ("Symphony") was founded in 2002Dorbian, Iris (July 1, 2024) STG Rising: Hailing the Newcomer on the 100. ...
in 2020, Dell elected to retain the BSAFE product line. BSAFE was one of the most common encryption toolkits before the RSA patent expired in September 2000. It also contained implementations of the RC''x'' ciphers, with the most common one being RC4. From 2004 to 2013 the default
random number generator Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols is generated that cannot be reasonably predicted better than by random chance. This means that the particular ou ...
in the library was a
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
-approved RNG standard, widely known to be insecure from at least 2006, containing a kleptographic backdoor from the American
National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
(NSA), as part of its secret Bullrun program. In 2013 Reuters revealed that RSA had received a payment of $10 million to set the compromised algorithm as the default option. The RNG standard was subsequently withdrawn in 2014, and the RNG removed from BSAFE beginning in 2015.


Cryptography backdoors


Dual_EC_DRBG random number generator

From 2004 to 2013, the default
cryptographically secure pseudorandom number generator A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also referred t ...
(CSPRNG) in BSAFE was
Dual_EC_DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criti ...
, which contained an alleged backdoor from NSA, in addition to being a biased and slow CSPRNG. The cryptographic community had been aware that Dual_EC_DRBG was a very poor CSPRNG since shortly after the specification was posted in 2005, and by 2007 it had become apparent that the CSPRNG seemed to be designed to contain a hidden backdoor for NSA, usable only by NSA via a secret key. In 2007,
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is an Adjunct Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman ...
described the backdoor as "too obvious to trick anyone to use it." The backdoor was confirmed in the Snowden leaks in 2013, and it was insinuated that NSA had paid RSA Security US$10 million to use Dual_EC_DRBG by default in 2004, though RSA Security denied that they knew about the backdoor in 2004. The Reuters article which revealed the secret $10 million contract to use Dual_EC_DRBG described the deal as "handled by business leaders rather than pure technologists". RSA Security has largely declined to explain their choice to continue using Dual_EC_DRBG even after the defects and potential backdoor were discovered in 2006 and 2007, and has denied knowingly inserting the backdoor. As a cryptographically secure random number generator is often the basis of cryptography, much data encrypted with BSAFE was not secure against NSA. Specifically it has been shown that the backdoor makes SSL/ TLS completely breakable by the party having the private key to the backdoor (i.e. NSA). Since the US government and US companies have also used the vulnerable BSAFE, NSA can potentially have made US data less safe, if NSA's secret key to the backdoor had been stolen. It is also possible to derive the secret key by solving a single instance of the algorithm's
elliptic curve In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the ...
problem (breaking an instance of elliptic curve cryptography is considered unlikely with current computers and algorithms, but a breakthrough may occur). In June 2013,
Edward Snowden Edward Joseph Snowden (born June 21, 1983) is a former National Security Agency (NSA) intelligence contractor and whistleblower who leaked classified documents revealing the existence of global surveillance programs. Born in 1983 in Elizabeth ...
began leaking NSA documents. In November 2013, RSA switched the default to HMAC DRBG with SHA-256 as the default option. The following month, Reuters published the report based on the Snowden leaks stating that RSA had received a payment of $10 million to set Dual_EC_DRBG as the default. With subsequent releases of Crypto-C Micro Edition 4.1.2 (April 2016), Micro Edition Suite 4.1.5 (April 2016) and Crypto-J 6.2 (March 2015), Dual_EC_DRBG was removed entirely.


Extended Random TLS extension

"Extended Random" was a proposed extension for the
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) protocol, submitted for standardization to
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
by an NSA employee, although it never became a standard. The extension would otherwise be harmless, but together with the Dual_EC_DRBG, it would make it easier to take advantage of the backdoor. The extension was previously not known to be enabled in any implementations, but in December 2017, it was found enabled on some
Canon Canon or Canons may refer to: Arts and entertainment * Canon (fiction), the material accepted as officially written by an author or an ascribed author * Literary canon, an accepted body of works considered as high culture ** Western canon, th ...
printer models, which use the RSA BSAFE library, because the extension number conflicted a part of TLS version 1.3.


Product suite history

* Crypto-J is a Java encryption library. In 1997, RSA Data Security licensed Baltimore Technologies' J/CRYPTO library, with plans to integrate it as part of its new JSAFE encryption toolkit and released the first version of JSAFE the same year. JSAFE 1.0 was featured in the January 1998 edition of
Byte The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable un ...
magazine. * Cert-J is a
Public Key Infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...
API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
software library, written in
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
. It contains the cryptographic support necessary to generate certificate requests, create and sign
digital certificates In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a Key authentication, public key. The certificate includes the public key and informati ...
, and create and distribute
certificate revocation list In cryptography, a certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". Publicly trusted C ...
s. As of Cert-J 6.2.4, the entire API has been deprecated in favor of similar functionality provided BSAFE Crypto-J JCE API. * BSAFE Crypto-C Micro Edition (Crypto-C ME) was initially released in June 2001 under the name "RSA BSAFE Wireless Core 1.0". The initial release targeted
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
, EPOC,
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
,
Solaris Solaris is the Latin word for sun. It may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Sol ...
and
Palm OS Palm OS (also known as Garnet OS) is a discontinued mobile operating system initially developed by Palm, Inc., for personal digital assistants (PDAs) in 1996. Palm OS was designed for ease of use with a touchscreen-based graphical user interface. ...
. * BSAFE Micro Edition Suite is a cryptography SDK in C. BSAFE Micro Edition Suite was initially announced in February 2002 as a combined offering of BSAFE SSL-C Micro Edition, BSAFE Cert-C Micro Edition and BSAFE Crypto-C Micro Edition. Both SSL-C Micro Edition and Cert-C Micro Edition reached EOL in September 2014, while Micro Edition Suite remains supported with Crypto-C Micro Edition as its FIPS-validated cryptographic provider. * SSL-C is an SSL toolkit in the BSAFE suite. It was originally written by Eric A. Young and Tim J. Hudson, as a fork of the open library
SSLeay SSLeay is an open-source SSL implementation. It was developed by Eric Andrew Young and Tim J. Hudson as an SSL 3.0 implementation using RC2 and RC4 encryption. The recommended pronunciation is to say each letter s-s-l-e-a-y and was first de ...
, that they developed prior to joining RSA. SSL-C reached End Of Life in December 2016. * SSL-J is a Java toolkit that implements TLS. SSL-J was released as part of RSA JSAFE initial product offering in 1997. Crypto-J is the default cryptographic provider of SSL-J.


Product suite support status

On November 25, 2015, RSA announced End of Life (EOL) dates for BSAFE. The End of Primary Support (EOPS) was to be reached on January 31, 2017, and the End of Extended Support (EOXS) was originally set to be January 31, 2019. That date was later further extended by RSA for some versions until January 31, 2022. During Extended Support, even though the support policy stated that only the most severe problems would be patched, new versions were released containing bugfixes, security fixes and new algorithms. On December 12, 2020, Dell announced the reversal of RSA's past decision, allowing BSAFE product support beyond January 2022 as well as the possibility to soon acquire new licenses. Dell also announced it was rebranding the toolkits to Dell BSAFE.


References


External links


BSAFE Cert-J Support Page

BSAFE Crypto-J Support Page

BSAFE SSL-J Support Page

BSAFE Crypto-C Micro Edition Support Page

BSAFE Micro Edition Suite Support Page
{{SSL/TLS C (programming language) libraries Cryptographic software Transport Layer Security implementation 1996 software