BSAFE

BSAFE
Developer(s)Dell, formerly RSA Security
Initial release1996
Written inC, assembly, Java
Operating systemBSD, Linux, macOS, Microsoft Windows, Android, iOS, AIX, Solaris
TypeCryptography library, Commercial software
LicenseProprietary
Websitewww.dell.com

Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C and Java. BSAFE was initially created by RSA Security, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA business to Symphony Technology Group in 2020, Dell elected to retain the BSAFE product line.[1][2] BSAFE was one of the most common encryption toolkits before the RSA patent expired in September 2000. It also contained implementations of the RCx ciphers, with the most common one being RC4. From 2004 to 2013 the default random number generator in the library was a NIST-approved RNG standard, widely known to be insecure from at least 2006, containing a kleptographic backdoor from the American National Security Agency (NSA), as part of its secret Bullrun program.[3] In 2013 Reuters revealed that RSA had received a payment of $10 million to set the compromised algorithm as the default option.[3] The RNG standard was subsequently withdrawn in 2014, and the RNG removed from BSAFE beginning in 2015.

  1. ^ "BSAFE support and billing update | Dell US". www.dell.com. Archived from the original on 2021-07-26. Retrieved 2021-07-26.
  2. ^ RSA (September 1, 2020). "RSA Emerges as Independent Company Following Completion of Acquisition by Symphony Technology Group". RSA. Archived from the original on September 4, 2020. Retrieved June 7, 2023.
  3. ^ a b Menn, Joseph (December 20, 2013). "Exclusive: Secret contract tied NSA and security industry pioneer". San Francisco. Reuters. Archived from the original on September 24, 2015. Retrieved May 11, 2021.