VanDyke Software

Security Advisory

Security Advisory

Dual_EC_DRBG and Extended Random (ER) Algorithms not used in VanDyke Software products

Posted: April 16, 2014


In September, 2013, documents leaked by Edward Snowden revealed a possible backdoor vulnerability in the Dual_EC_DRBG algorithm used to generate random numbers. Both RSA and NIST later released guidelines recommending that the Dual_EC_DRBG algorithm no longer be used for random number generation.

Some of VanDyke Software's products use RSA BSafe CryptoC-ME libraries. However, VanDyke Software products which use RSA BSafe libraries do not use (and have never used) the Dual_EC_DRBG algorithm in any way, nor can our products be configured to use this algorithm.

Recently, new information was brought to light regarding a second tool known as "Extended Random" (ER). Developed by the NSA, ER is reported to allow significantly increased success rates of attacks on SSL/TLS encryption based on random numbers generated using Dual_EC_DRBG.

VanDyke Software products do not use (and have not ever used) either the ER or the Dual_EC_DRBG algorithms in any way, and cannot be configured to do so.

Revision History

April 16, 2014 - Security Advisory published.

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.