Security firm RSA "categorically denies" accepting money from NSA to use flawed crypto code

[Shawn Knight]

Last week, Reuters ran a story claiming the National Security Agency paid security firm RSA $10 million to use a known flawed random number generator in their BSAFE toolkit. The firm has since categorically denied the allegation, saying they have never entered into any contract or engaged in any project with the intent of weakening RSA’s products or introducing backdoors for anyone’s use.

In a blog post on the matter, the company said they have worked with the NSA previously as a vendor and an active member of the security community but the relationship was never kept a secret. Their goal has always been to strengthen commercial and government security, the post stated.

The post outlines the use of Dual EC DRBG, starting in 2004 with the decision to use it as the default in BSAFE toolkits. RSA noted that at the time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

When concerns surfaced about the algorithm in 2007, RSA relied upon the National Institute of Standards (NIST) as the arbiter of the discussion and when the NIST suggested the algorithm should no longer be used in September 2013, they passed along the information to customers and discussed the changes openly in the media.

RSA also points out that the algorithm in question is only one of multiple choices available within BSAFE toolkits and said users have always been free to choose whichever one best suits their needs.

Permalink to story.

https://www.techspot.com/news/55113-security-firm-rsa-categorically-denies-accepting-money-from-nsa-to-use-flawed-crypto-code.html

 

[David Friedman]

Reading the RSA blog post, I note that they do not deny receiving a ten million dollar payment from NSA, nor do they admit it and say what it was for, nor do they say when they received it. The only thing they say is that they did not deliberately make a weak pseudorandom number the default for their software and that they continued using that generator as the default for years after security experts had pointed out problems with it because they trusted the NIST.

The post amounts to "we are not guilty," with no evidence offered and no explanation or denial of the purported evidence that they are.

 

[sdms96825]

Reading the RSA blog post, I note that they do not deny receiving a ten million dollar payment from NSA, nor do they admit it and say what it was for, nor do they say when they received it. The only thing they say is that they did not deliberately make a weak pseudorandom number the default for their software and that they continued using that generator as the default for years after security experts had pointed out problems with it because they trusted the NIST.

The post amounts to "we are not guilty," with no evidence offered and no explanation or denial of the purported evidence that they are.

Nor, of course, are they under oath. Why would anyone believe any self-serving statement that they made?

 

[cliffordcooley]

It is not in either ones best interest to use flawed code. I don't believe the accusation against RSA.

 

[Guest]

I think RSA's response has told us everything we need to know. Unwaveringly non-committal, less than 300 words in total, denies absolutely nothing and eschews the risk of difficult questions from the press by being presented as a blog post instead of a proper response to the many media outlets that have requested comment.

Quite simply, they knew exactly what the money was for. They try to claim that they chose the most appropriate algorithm, but presumably they would have done that without a $10m bribe so the argument falls flat on its face. They were complicit to the end and they surely knew the massive risk it exposed them to, but they probably reasoned that the NSA of all people would be competent enough to keep their clandestine subversion of security protocols a secret. How wrong they were.

RSA, formally one of the world's most trusted IT security companies, is dead - they will never regain that trust and without it they have nothing. I'm sure EMC are hard at work on a strategy, whether it be a simple rebrand (works on most people most of the time but probably not going to cut it this time round) or a full restructure of assets ahead of the formal termination of the "RSA" brand name.

So long RSA, rot in hell with your NSA handlers.

 

[Darth Shiv]

That they didn't know isn't unbelievable or unreasonable. Getting paid to use a certain algorithm is a bit odd but in this field and with this tech there is seriously no way you could possibly know all the weaknesses of any number gen technique. What I would expect is the publicly known weaknesses are not present. The NSA obviously wouldn't make a weakness of that random number generator public. Why would they - they want a hush hush exploit? How/why could the RSA be crucified for this?