Security biz RSA has warned its customers to stop using the default random-number generator in its encryption products. They fear that the NSA can easily crack data secured by the algorithm.

Any encryption software that really locks down your files requires an unpredictable random value to create strong cryptographic keys.

Documents leaked by whistleblower Edward Snowden show that the NSA cracked Dual_EC_DRBG during its inception. RSA's BSafe toolkit and Data Protection Manager software use Dual_EC_DRBG by default.

"Despite many valid concerns about this generator, RSA went ahead and made it the default generator used for all cryptography in its flagship cryptography library," noted Green late last week. "The implications for RSA and RSA-based products are staggering. In a modestly bad but by no means worst case, the NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe."

The NSA's alleged weakening of encryption algorithms was part of a wider campaign aimed at making it easier for spooks to decrypt supposedly secure internet communications. As reported earlier, other tactics included attempts to persuade technology companies to insert backdoors in their products, and running so-called man-in-the-middle attacks to hoover up the world's online chatter and transactions.