RSA Responds to Claim that it Gave NSA Back Door Access in Exchange for $10M
December 23, 2013 11:43 AM
comment(s) - last by
RSA responded saying that it had no idea the NSA algorithm was flawed
Former U.S. National Security Agency (NSA) contractor
has brought many NSA secrets to light this year, the most recent being a "secret" contract between the agency and security industry leader RSA.
According to more documents leaked by Snowden, the NSA entered into a $10 million contract with RSA to place a flawed formula within encryption software (which is widely used in personal computers and other products) to obtain "back door" access to data.
The RSA software that contained the flawed formula was called Bsafe, which was meant to increase security in computers. The formula was an algorithm called Dual Elliptic Curve, and it was created within the NSA. RSA started using it in 2004 even before the National Institutes of Standards and Technology (NIST) approved it.
According to the RSA, it had no idea that the algorithm was flawed, or that it gave the NSA back door access to countless computers and devices. The NSA reportedly sold the algorithm as an enhancement to security without letting the RSA in on its real intentions.
In fact, RSA responded to media reports about its contract with the NSA, saying it was never secret at all. It said the fact that RSA worked with NSA was always made public, but that RSA had no idea the government agency was actually sabotaging its encryption product.
"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," said RSA in a
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security."
Many in the security community were surprised at RSA's entanglement with the NSA, but the latest news of a $10 million contract as well has really shocked the industry.
RSA is known as a pioneer in the realm of computer security, and has notoriously fought off the NSA in previous attempts at breaking encryption.
Back in the 1990s, RSA -- which was started by MIT professors in the 1970s and is now a subsidiary of EMC Corp. -- rallied against the Clinton administration's "Clipper Chip," which was supposed to be a required component in computers and phones that would allow government officials to bypass encryption with a warrant.
RSA created a public campaign against the Clipper Chip, and it was eventually tossed out. However, it resorted to export controls to stop enhanced cryptography from crossing U.S. borders, and RSA fought further. RSA then established an Australian division that could ship the products it wanted.
RSA told customers to stop using the NSA formula in Bsafe when NIST issued new guidance in September 2013.
This article is over a month old, voting and posting comments is disabled
So I'm supposed to believe you're too dumb to know about backdoors?
12/25/2013 4:00:26 AM
If you really didn't understand they were back-dooring your software then I REALLY can't trust you know what you're doing.
A security firm who can't see a backdoor when it smacks them in the face is by definition NOT a security firm right?
"University professor Matthew Green suggested that RSA Security (or an RSA Security employee) was pressured by the U.S. government to use it.
So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow — which has real performance implications — it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing. And the killer is that RSA employs a number of highly distinguished cryptographers! It's unlikely that they'd all miss the news about Dual_EC.
—Matthew Green, cryptographer and research professor at Johns Hopkins University
Even the college professor thinks your full of it. So you're either too stupid to run a security company (employs HIGHLY distinguished cryptographers remember!), or you ALLOWED a backdoor. I believe they knew exactly what was happening and it seems the cryptography professor thinks the same. I don't see how you can't know this as an authority on the subject. Isn't that like saying Einstein doesn't know what E=MC^2 is when he's the one who came up with it? RSA came up with much of the security we use today, but has no idea what security is or how to keep their own stuff secure? Did they write the code for this stuff or YOU? Even if THEY did, you didn't look at it before you put it in your products? YOU KNEW. PERIOD.
Either way I now want you out of business and not in control of any security period. Snowden looks better every day, while the exact opposite is true of our govt and the people running it. Every day they grow even more guilty than the day before. More and more it looks like a bunch of people are upset that some dude outed their ILLEGAL actions. I'm pretty sure the founding fathers would think Snowden was a hero, and our Govt is full of traitors. We don't need the constitution stepped on "for our own safety", but we DO need the constitution to keep us safe from YOU. And for those about to say Snowden put a bunch of people in danger...Would they be in any danger (BS but whatever) if the Govt hadn't broken laws that he outed? Would he be in the news if there was NOTHING TO OUT? YOU put them in danger, not the guy who uncovered it. YOU put them in danger by BREAKING THE LAW to begin with.
If it's so important to nail Snowden for "breaking the law", why isn't it just as important to put all of those that clearly BROKE the law behind bars too (lying under oath, tapping everyone etc)? Why do you get a pass? Because you decided the constitution doesn't mean squat and your ILLEGAL actions are OK in your own minds "for our safety"?? Heck, I guess we live in chaos then, where we all decide to follow only the laws we LIKE, and screw the ones we don't. If a country has lost trust in USA, blame yourselves for breaking laws everyone THOUGHT we followed.
If you keep printing FAKE money (backed by nothing but faith soon if not already, devaluing it with every printing) nobody will believe in the dollar soon either.
Merry Christmas to everyone but Congress+Obama (oh and the people running obamacare site) I hope santa leaves these people some coal from now until the end of time ;)
"We are going to continue to work with them to make sure they understand the reality of the Internet. A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis
NSA Employees Gave Edward Snowden Login Credentials, Passwords
November 8, 2013, 10:37 AM
Facebook Will Force Android, iOS Users to Use Messenger App This Week
July 29, 2014, 11:26 AM
Amazon Launches 3D Printing Store
July 28, 2014, 1:00 PM
Google to Announce $1 Billion Twitch Purchase
July 25, 2014, 12:33 PM
Quick Note: European Central Bank Hacked, Personal Information Stolen
July 24, 2014, 5:20 PM
EU Privacy Watchdogs Meet with Google Over "Right to be Forgotten" Requests
July 24, 2014, 12:29 PM
Report: New UK Broadband Users Give Porn Filters the Shaft
July 23, 2014, 11:49 AM
Most Popular Articles
Kindle Fire Phone Review Roundup -- A Solid "Meh"
July 23, 2014, 2:09 PM
Ford Details ’15 F-150’s 325hp, 2.7L EcoBoost V6; Demonstrates 732-lb Weight Loss
July 22, 2014, 6:55 PM
Windows 9 Will Merge Windows, Windows Phone, Windows RT in 2015
July 23, 2014, 3:33 PM
Comcast Memo: Harassing Customers During Retention Calls Actually IS Our Policy
July 22, 2014, 5:19 PM
Sony's Xperia Z3 Gets Detailed in Leaked Photos
July 25, 2014, 2:30 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information