Posted: April 16, 2014
In September, 2013, documents leaked by Edward Snowden revealed a possible backdoor vulnerability in the Dual_EC_DRBG algorithm used to generate random numbers. Both RSA and NIST later released guidelines recommending that the Dual_EC_DRBG algorithm no longer be used for random number generation.
Some of VanDyke Software's products use RSA BSafe CryptoC-ME libraries. However, VanDyke Software products which use RSA BSafe libraries do not use (and have never used) the Dual_EC_DRBG algorithm in any way, nor can our products be configured to use this algorithm.
Recently, new information was brought to light regarding a second tool known as "Extended Random" (ER). Developed by the NSA, ER is reported to allow significantly increased success rates of attacks on SSL/TLS encryption based on random numbers generated using Dual_EC_DRBG.
VanDyke Software products do not use (and have not ever used) either the ER or the Dual_EC_DRBG algorithms in any way, and cannot be configured to do so.