+1.800.357.1019

+1.800.357.1019

Feel free to call us toll free at +1.800.357.1019.

If you are in the area you can reach us at +1.360.359.4400.

Standard support
6:30am - 4:00pm PST, Monday - Friday, Free

Premium support
If you own Townsend Security 24x7 support and
have a production down issue outside normal
business hours, please call +1.800.349.0711
and the on-call person will be notified.

International customers, please dial +1.757.278.1926.

Townsend Security Data Privacy Blog

NSA Influenced Encryption Algorithms

Posted by Patrick Townsend on Oct 4, 2013 11:43:00 AM

In light of the public revelations about the NSA’s attempt to weaken encryption standards including the random number generation standard named Dual_EC_DRBG (NIST Special Publication 800-90), and the recommendation by RSA Security to their customers to avoid using this algorithm, it is natural that our customers would ask if we are using this technology in our products.

Data-Privacy-Ebook I can confirm that we are NOT using this algorithm in any of our security products including our flagship enterprise key management solution, Alliance Key Manager. Further, the secure TLS connections for key retrieval and encryption services only allow 2048-bit RSA encryption. We do not allow the negotiation of other, potentially weak, connection methods. We implement strong cryptography in our solutions, we maintain all of the source code for our applications, our source code is independently reviewed by security professionals and cryptographers, and our solution is FIPS 140-2 validated by a NIST-certified testing laboratory. There are no known weaknesses in our encryption and key management applications and processes.

I am encouraged that NIST has opened a public review of the Dual_EC_DRBG standard and am fully confident that they will resolve any security issues that exist in the standard using an open, public review process.

I have full confidence in the security professionals at NIST. I have watched their work over many years, benefited from their guidance and diligence in the area of security, and consider them to be some of the most honorable, intelligent, and hard working members of the security community. We owe them the chance to do what they do best - review the standards, bring the best minds to the process, and publish credible and defensible standards.

Patrick

Topics: NIST, Data Privacy, Encryption Key Management

The Definitive Guide to AWS Encryption Key Management
 
Definitive Guide to VMware Encryption & Key Management
 

 

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all