Secure messaging app Threema and NIST SP 800-90A

Recently the RSA, a major US computer security firm, told its customers that a random number generator, Dual EC DRBG (NIST 800-90A) used in its software may contain a NSA backdoor and advised it’s customers to discontinue its use: Deliberately flawed? RSA Security tells customers to drop NSA-related encryption algorithm. As this is one of a number of random number generators used in elliptic curve cryptography used in secure messaging app Threema we contacted the Kasper Systems to check this wasn’t a known flaw in their service, see their response below:

Image

While not revealing the random number generator used, it does offer some reassurance that this particular vulnerability isn’t included in the software. Further details of the encryption used can be found in the Threema FAQ.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s