Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 23 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

BlackBerry defends use of Dual EC generator

by The Gurus
January 27, 2014
in Editor's News
Share on FacebookShare on Twitter

BlackBerry has defended its use of the controversial Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) saying that it does not consider the “backdoor” to be a vulnerability.
 
According to security blogger Jeffrey Carr, BlackBerry is the patent-holder for Dual_EC_DRBG, following its acquisition of Certicom in 2009, who licensed its Elliptic Curve cryptography technology to the NSA for $25 million in 2003.
 
Carr said in a blog that this was the year before the NSA convinced RSA Security to make it the default number generator for its BSAFE software for an alleged $10 million. Carr said that three BlackBerry products include Dual EC DRBG: BlackBerry Cryptographic Algorithm Library, Version 6.1; BlackBerry Algorithm Library for Secure Work Space Version 1.0; and BlackBerry Tablet Cryptographic Library Version 5.6. These products were listed as implementers of the technology by NIST.
 
Carr said that since BlackBerry does not deem this to be a vulnerability, the company hasn’t issued an advisory, despite the warning from NIST that SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation no longer be used.
 
“If you are a BlackBerry customer or developer, be advised that it’s apparently up to you to keep informed about possible backdoors among the encryption algorithms included with BlackBerry products,” he said.
 
Responding to Carr, Mike K. Brown, vice president of security product management and research at BlackBerry, said: “The Dual EC DRBG algorithm is only available to third party developers via the Cryptographic APIs on the platform. In the case of the Cryptographic API, it is available if a 3rd party developer wished to use the functionality and explicitly designed and developed a system that requested the use of the API.”
 
He also claimed that BlackBerry did not issue an advisory “because it wasn’t a vulnerability, we only do them for fixes that are needed”.
 
BlackBerry’s policy is that it issues ‘security notices to inform customers about identified software vulnerabilities that we are either working to address, or that we do not believe warrant a specific software update, given the low risk and severity’.
 

FacebookTweetLinkedIn
Tags: BlackBerryNSASurveillance
ShareTweetShare
Previous Post

Daily News Digest – 27th January 2013

Next Post

Journalist who made up “Hack Heaven” story barred from legal profession

Recent News

Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023
Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information