this post was submitted on 10 Apr 2026
60 points (96.9% liked)

Privacy

5497 readers
250 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
60
Yikes, Encryption’s Y2K Moment is Coming Years Early (www.eff.org)
submitted 16 hours ago by schnurrito@discuss.tchncs.de to c/privacy@lemmy.dbzer0.com
22 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Redjard@reddthat.com 6 points 12 hours ago (1 children)

My dude, rsa is fine. This article is talking about a company called rsa, not rsa encryption.
I have never heard of doubt about rsa's security, given enough size. The main issue with raa is that it needs to be thousands of bits in size due to not being very efficient. And of course it is not post quantum.

[–] bearboiblake@pawb.social 1 points 2 hours ago* (last edited 2 hours ago) (1 children)

I have never heard of doubt about rsa’s security

With all due respect, you must have missed it somehow, there's a lot of information about it online. Here's a link to Cloudflare's blog about the topic.

Now, to what extent this is worth worrying about, absolutely is up for discussion, and as you said RSA itself is not going to really matter either way in a post-quantum world. My comment wasn't really meant to start a serious discussion on cryptoanalysis, I'm not a cryptographic expert by any means, but there are serious concerns about NSA cracking or backdooring various popular encryption algorithms and they've been circulating the Internet for decades at this point!

[–] Redjard@reddthat.com 1 points 7 minutes ago

You linked the article I was talking about.

There are two, different, unrelated things:

RSA, Rivest–Shamir–Adleman, an asymmetric encryption, that comes in sizes like rsa2048 and rsa4096. It is now, having largely been replaced by ecdsa, which is using elliptic curves, a different kind of mathematics. The main benefit of EC is smaller key sizes.
If you have old ssh keys, they are likely id_rsa. New ones are likely id_ecdsa.

The NSA tried to backdoor elliptic curves, long after rsa the encryption was already around (rsa encryption dates back to the 70s). This presumably nsa-backdoored EC implementation is quite famous, and what your article is talking about on the technical side. This EC has been largely abandoned. An ssh key named id_ecdsa or id_ed25519 will be using a known secure EC using different safe seed values.

Now, RSA encryption and EC encryption are two separate categories, an asymmetric encryption algorithm is either RSA or EC (or something else), but never both.

Enter stage left the company "RSA", RSA Security LLC.
This is a company originally founded to market rsa encryption, hence the name. It has long been owned by another company within which it now deals with many different encryption algorithms and related tech.
It does not own the rsa algorithm, and it of course has no influence over it. The algorithm is set in stone and has been for decades. If you try to change it you are making something new with a different name.

This company was naturally dealing with the hot new encryption tech of 2014, called EC cryptography. Which, as you may recall, is mutually exclusive to being the rsa algorithm.

RSA Security LLC was apparenlty influenced by the nsa to adopt their broken EC cryptography. This of course makes the company, their products, etc., all suspect.

Now stay with me here. The company RSA Security LLC, which is suspect, is not related to the algorithm called RSA. If the company is suspect, this does not call the RSA algorithm into question, which has been subject of cryptographic analysis for decades and predates RSA Security LLC by a number of years.

The suspect thing is a special EC crptographic implementation, which excludes the rsa algorithm being involved.

Now let's read the article:

[...] Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm into which the NSA allegedly inserted a backdoor and then paid RSA to use.

An EC algorithm. Meaning not RSA.
"paid RSA". Since this is definitely not RSA encryption, it must be RSA Security LLC.
"paid RSA". You cannot pay an algorithm, only a company. Thus, this is RSA Security LLC.