It started with the Guardian and New York Times publishing details on the NSA's Bullrun program aimed at subverting encryption and leaked by Edward Snowden. "The documents show that the agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely", reported the Guardian.
"Eventually, NSA became the sole editor", the document states; referring to a NIST standard dating back to 2006. This was NIST's SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation algorithm.
Following these revelations, NIST soon recommended that the algorithm no longer be used while it reopened public comment on the relevant drafts. But one problem is that many users will not know if the suspect algorithms are part of the security products they use, and the new NIST deliberations could take many months to complete.
In the meantime, RSA has become the first major security firm to write to its developer customers and recommend that its own implementation of the algorithm should be avoided. "To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG," says the email.
All versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C; and all versions of RSA Data Protection Manager (DPM) server and clients are affected.
"RSA's warning underscores how the slow-moving standards process and industry practices could leave many users exposed to hacking by the NSA or others who could exploit the same flaw for years to come," reports Reuters. But it added, "It was unclear how the company could reach all the former customers of its development tools, let alone how those programmers could in turn reach all of their customers."
Update
Infosecurity received the following comment from an RSA spokesperson after this article was published:
RSA is NOT warning anyone to stop using RSA products; following NIST’s decision to strongly recommend against the use of the community developed Dual EC DRBG algorithm, our advisory recommends that our customers make a configuration adjustment to choose one of the alternative cryptographic Pseudo-Random Number Generators (PRNGs) built into the RSA BSAFE toolkit and RSA Data Protection Manager products.
The Dual EC DRBG algorithm is NOT an RSA-owned or developed algorithm. It was a community-developed algorithm that was subsequently approved as a standard by NIST. It was since widely adopted for use in commercial cryptographic products by many organizations (including RSA).
You can reference the official statement made by RSA on its blog posted Friday, Sept. 20, 2013, for additional information.