- In 2003, Certicom announced that it licensed its Elliptic Curve Cryptography technology to the NSA for US$25 million.
- In 2004, the NSA convinced RSA to make it the default CPRNG (Crypto Pseudo Random Number Generator) for its BSAFE software for an alleged US$10 million.
- In December, 2005 NIST issued its draft standard for Dual_EC_DRBG.
- In February, 2006, RSA announced that BSAFE had conformed with Suite B cryptography requirements issued by the NSA.
- In March, 2006, RSA announced that the NSA had chosen BSAFE "for use in a classified communications project".
- Starting in March, 2006 and continuing into 2007, security researchers Kristian Gjøsteen, Berry Schoenmakers and Andrey Sidorenko, Dan Shumow and Niels Ferguson, and Bruce Schneier all published articles warning about weaknesses in Dual EC DRBG. The final NIST standard SP 800-90A published in June 2006 included mention of those weaknesses as unresolved.
BlackBerry LtdAccording to NIST's DRBG Validation List, the following BlackBerry products include Dual EC DRBG:
- BlackBerry Cryptographic Algorithm Library, Version 6.1 which apparently provides advanced cryptographic functionality to systems running BlackBerry 10 OS and components of BlackBerry Enterprise Service 10.
- BlackBerry Algorithm Library for Secure Work Space Version 1.0. ""The BlackBerry Algorithm Library for Secure Work Space provides a suite of cryptographic services utilized by the BlackBerry Cryptographic Library for the BlackBerry Secure Work Space (BBSWS). BBSWS provides the secure operation and management of iOS and Android devices when used in conjunction with BlackBerry® mobile device management solutions."
- BlackBerry Tablet Cryptographic Library Version 5.6. "The BlackBerry Tablet Cryptographic Library is the software module that provides advanced cryptographic functionality to BlackBerry Tablets."
"The Dual EC DRBG algorithm is only available to third party developers via the Cryptographic APIs on the platform. In the case of the Cryptographic API, it is available if a 3rd party developer wished to use the functionality and explicitly designed and developed a system that requested the use of the API."I then asked if BlackBerry has forwarded the NIST warning about not using Dual EC DRBG to its customers or developers and received this response:
"To your other question, the reason we didn’t issue an advisory is because it wasn’t a vulnerability. We only do them for fixes that are needed. You can read more about that process here: http://bizblog.blackberry.com/2013/07/security-privacy-malware-notices-advisories/. "Therefore, since this warning from NIST:
"Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation: NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used."
does not meet BlackBerry's definition of a vulnerability, the company hasn't issued an advisory. If you are a BlackBerry customer or developer, be advised that it's apparently up to you to keep informed about possible backdoors among the encryption algorithms included with BlackBerry products.