backtop


Print 25 comment(s) - last by TSS.. on Dec 25 at 5:32 AM

RSA responded saying that it had no idea the NSA algorithm was flawed

Former U.S. National Security Agency (NSA) contractor Edward Snowden has brought many NSA secrets to light this year, the most recent being a "secret" contract between the agency and security industry leader RSA. 
 
According to more documents leaked by Snowden, the NSA entered into a $10 million contract with RSA to place a flawed formula within encryption software (which is widely used in personal computers and other products) to obtain "back door" access to data. 
 
The RSA software that contained the flawed formula was called Bsafe, which was meant to increase security in computers. The formula was an algorithm called Dual Elliptic Curve, and it was created within the NSA. RSA started using it in 2004 even before the National Institutes of Standards and Technology (NIST) approved it. 
 
According to the RSA, it had no idea that the algorithm was flawed, or that it gave the NSA back door access to countless computers and devices. The NSA reportedly sold the algorithm as an enhancement to security without letting the RSA in on its real intentions. 
 
In fact, RSA responded to media reports about its contract with the NSA, saying it was never secret at all. It said the fact that RSA worked with NSA was always made public, but that RSA had no idea the government agency was actually sabotaging its encryption product. 


"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries.  We categorically deny this allegation," said RSA in a blog post.

"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security."

Many in the security community were surprised at RSA's entanglement with the NSA, but the latest news of a $10 million contract as well has really shocked the industry.

RSA is known as a pioneer in the realm of computer security, and has notoriously fought off the NSA in previous attempts at breaking encryption. 

Back in the 1990s, RSA -- which was started by MIT professors in the 1970s and is now a subsidiary of EMC Corp. -- rallied against the Clinton administration's "Clipper Chip," which was supposed to be a required component in computers and phones that would allow government officials to bypass encryption with a warrant.

RSA created a public campaign against the Clipper Chip, and it was eventually tossed out. However, it resorted to export controls to stop enhanced cryptography from crossing U.S. borders, and RSA fought further. RSA then established an Australian division that could ship the products it wanted.

RSA told customers to stop using the NSA formula in Bsafe when NIST issued new guidance in September 2013.

Source: RSA



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Not a day goes by...
By Argon18 on 12/23/2013 1:26:23 PM , Rating: 3
"The Pentagon considers our Founding Fathers terrorists."

If you want to point the finger, it should be pointed at the top. One of Obama's biggest campaign promises was "bringing accountability to Washington!" yet he's done the exact opposite. Whether it's the Fast n Furious scandal putting thousands of assault weapons into drug cartel hands, or the $Billions in public debt he's created, or the flubbed Guantanamo trials, or failed ObamaCare rollout, or this spying on Americans that Snowden exposed, Obama has failed miserably at "bringing accountability to Washington".

In fact, in each of those examples, nobody got fired, nothing changed, Obama claimed he has "complete confidence" in the people behind these colossal screw-ups. Obama and his cronies and appointees are a pack of criminals taking a shit on the American people.


RE: Not a day goes by...
By MrBlastman on 12/23/2013 1:31:55 PM , Rating: 2
Indeed, they are, and our people are bending over and taking it, because they are being told it is all "okay."


RE: Not a day goes by...
By KCjoker on 12/23/2013 6:17:51 PM , Rating: 3
I'm just glad the media is reporting and calling out Obama for all those things. /sarcasm


RE: Not a day goes by...
By name99 on 12/23/2013 8:50:54 PM , Rating: 4
Hell, why didn't you add Benghazi in there and get the wing nut trifecta?

Your overall point makes sense, but you lose credibility by immediately then plunging into a morass of conspiracy theories, irrelevancies, and half-baked understandings of what's specifically relevant to the Obama administration and what has been part of the Washington consensus for at least thirty years.


RE: Not a day goes by...
By integr8d on 12/24/2013 12:33:35 AM , Rating: 2
Wake up homey. There's no such thing as a conspiracy theory anymore; only possibilities. And anyone who considers any of this stuff to be outside of the possible, well, good luck.

What is directly relevant to Obama is no different than what encompasses DC. People point at Obama because Obama currently runs these departments. So it's appropriate. We can track back to who did what and when. And yes, that's all still relevant. But Obama is in a direct position to change the direction now. So it falls on him. And it falls on his supporters to apply pressure.


RE: Not a day goes by...
By Argon18 on 12/24/2013 4:50:10 PM , Rating: 1
I guess you were taking a nap between 2000 and 2008, when the left-wing nuts took the "blame Bush" approach to everything under the sun. I got a parking ticket; it's Bush's fault!!111


"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki