RSA Responds to Claim that it Gave NSA Back Door Access in Exchange for $10M
December 23, 2013 11:43 AM
comment(s) - last by
RSA responded saying that it had no idea the NSA algorithm was flawed
Former U.S. National Security Agency (NSA) contractor
has brought many NSA secrets to light this year, the most recent being a "secret" contract between the agency and security industry leader RSA.
According to more documents leaked by Snowden, the NSA entered into a $10 million contract with RSA to place a flawed formula within encryption software (which is widely used in personal computers and other products) to obtain "back door" access to data.
The RSA software that contained the flawed formula was called Bsafe, which was meant to increase security in computers. The formula was an algorithm called Dual Elliptic Curve, and it was created within the NSA. RSA started using it in 2004 even before the National Institutes of Standards and Technology (NIST) approved it.
According to the RSA, it had no idea that the algorithm was flawed, or that it gave the NSA back door access to countless computers and devices. The NSA reportedly sold the algorithm as an enhancement to security without letting the RSA in on its real intentions.
In fact, RSA responded to media reports about its contract with the NSA, saying it was never secret at all. It said the fact that RSA worked with NSA was always made public, but that RSA had no idea the government agency was actually sabotaging its encryption product.
"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," said RSA in a
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security."
Many in the security community were surprised at RSA's entanglement with the NSA, but the latest news of a $10 million contract as well has really shocked the industry.
RSA is known as a pioneer in the realm of computer security, and has notoriously fought off the NSA in previous attempts at breaking encryption.
Back in the 1990s, RSA -- which was started by MIT professors in the 1970s and is now a subsidiary of EMC Corp. -- rallied against the Clinton administration's "Clipper Chip," which was supposed to be a required component in computers and phones that would allow government officials to bypass encryption with a warrant.
RSA created a public campaign against the Clipper Chip, and it was eventually tossed out. However, it resorted to export controls to stop enhanced cryptography from crossing U.S. borders, and RSA fought further. RSA then established an Australian division that could ship the products it wanted.
RSA told customers to stop using the NSA formula in Bsafe when NIST issued new guidance in September 2013.
This article is over a month old, voting and posting comments is disabled
RE: Avoid RSA
12/23/2013 5:01:20 PM
It isn't a cipher, it is a pseudo random number generator. Modern OSs these days use a combination of entropy sources that feed a 'pool', including hardware generated random numbers. It would be very odd for Logmein to opt to use its own random number generator, but possible. I'm rather curious how you would know that Logmein uses Duel Elliptical, yet get random number generation confused with cipher algorithms?
"DailyTech is the best kept secret on the Internet." -- Larry Barber
NSA Employees Gave Edward Snowden Login Credentials, Passwords
November 8, 2013, 10:37 AM
eBay to Spin Off PayPal Business Next Year
September 30, 2014, 7:28 AM
Facebook to Use Your Browsing Data to Sell Offsite Display Ads
September 29, 2014, 3:52 PM
After Microsoft Complains, EU Rejects Google's Search Settlement for Second Time
September 23, 2014, 4:58 PM
Microsoft Expands Free Office 365 to All College Students
September 22, 2014, 3:21 PM
Apple Adds New Password Protection for Third Party iCloud Apps
September 17, 2014, 8:50 PM
Facebook Tests Moments App, Aims to Keep Your Private Memories Private
September 17, 2014, 5:46 PM
Most Popular Articles
New AT&T Mobile Share Value "Double Data" Promotion Lasts Through October
September 28, 2014, 8:32 AM
Update: Apple Releases iOS 8.0.2 Update to Make Up for Botched 8.0.1 Release
September 25, 2014, 8:19 PM
Appalling Negligence: Decade-Old Windows XPe Holes Led to Home Depot Hack
September 8, 2014, 8:58 PM
TiVo Mega Features 24TB of Storage, Can Record Three Years* Worth of TV Content
September 8, 2014, 8:45 AM
FBI Outraged That Apple, Google are Adopting Digital "Locks" to Protect Users
September 26, 2014, 1:00 PM
Latest Blog Posts
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information