Forgot your password?
typodupeerror
Businesses Communications Encryption Government Your Rights Online

RSA Flatly Denies That It Weakened Crypto For NSA Money 291

Posted by timothy
from the problem-with-denials dept.
The Register reports that RSA isn't taking quietly the accusation reported by Reuters, based on documents released by Edward Snowden, that the company intentionally used weaker crypto at the request of the NSA, and accepted $10 million in exchange for doing so. RSA's defends the use of the Dual Elliptic Curve Deterministic Random Bit Generator, stating categorically "that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."
This discussion has been archived. No new comments can be posted.

RSA Flatly Denies That It Weakened Crypto For NSA Money

Comments Filter:
  • Yeah, right (Score:5, Funny)

    by Anonymous Coward on Monday December 23, 2013 @03:05AM (#45764915)

    Tell it to 60 Minutes.

    • by Taco Cowboy (5327) on Monday December 23, 2013 @04:23AM (#45765143) Journal

      It's a very sad day when we have media which prostituting themselves to the BIG BROTHER and companies betraying the trust of their customers for some breadcrumbs.

      If all that happened in a banana republic we may say "Oh, but they are banana republics".

      But no. All these are happening in the United States in America !

      What hath my beloved country turned into ?

      • by Anonymous Coward on Monday December 23, 2013 @04:46AM (#45765209)

        you should read the article in el reg
        what they say is that they participated in the use of the Dual Elliptic Curve Deterministic Random Bit Generator as an industry standard alongside other random number generators that they also delivered with their software. They notified their customers when the potential of a backdoor presented itself and they pretty much behaved like a company working to give their customers usable tools, not sell them down the river
        It also begs two additional questions
        1. How much can you trust any use of mathematical tools that you do not understand
        Up to this point we have all laid a great amount of trust in key generation, which at most we know how to install and build a pass phrase for

        2. How much can you trust Snowden
        Up to this point he was just making claims against an agency that largely cannot (or will not) comment about their practices. Now he is making claims against a public company that could pursue him civilly for libel

        • by Taco Cowboy (5327) on Monday December 23, 2013 @04:58AM (#45765247) Journal

          I do not trust Snowden just because he is Snowden. I do not know that guy in person. I only heard of his name after what he has disclosed what NSA had done - PRISM / GCHQ / tapping on foreign leaders, and so on.

          Every single "story" about a leak that has been linked to Snowden file is just that, a "story".

          After reading them, I re-traced the link back to the matter itself. If there are articles related to the matter, I give them a good read up.

          The case regarding RSA for example - there have been case studies since 2006 (and earlier) that can be used as reference to what has just been reported.

          That is why I say it is a very sad day when my country has turned into something worse than a banana republic.

          • by Alioth (221270) <no@spam> on Monday December 23, 2013 @05:50AM (#45765353) Journal

            If they didn't do it for the NSA, why did they make a slow and vulnerable RNG the default? Of course we can apply the principle "Never attribute to malice that which can adequately be explained by incompetence". In which case it's immaterial anyway to our company's purchasing decisions on security products: we either avoid RSA because they are in cahoots with the NSA, or the alternative - because they are flat out incompetent (which is entirely believable, given their earlier security breaches).

            • by PopeRatzo (965947) on Monday December 23, 2013 @08:37AM (#45765907) Homepage Journal

              "Never attribute to malice that which can adequately be explained by incompetence".

              In this case, I think it's more adequately explained by $10million.

            • by fuzzyfuzzyfungus (1223518) on Monday December 23, 2013 @08:52AM (#45765965) Journal
              It's always an, um, excellent, sign when the company's own spokesweasels are asking you to accept the 'we were incompetent, really!' excuse.

              "we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

              Their 'categorical denial' of the story is not a denial that they did enter a contract or engage in a project that did weaken RSA's product and introduce a backdoor into their products for somebody's use; but merely the assertion that they never did so intentionally. Slightly different things there...
              • Interesting observation.

                Perhaps the story instead is that the RSA did not purposefully weaken their encryption during development for the benefit of "security" agencies such as the NSA. Any backdoors or weakened encryption were bugs created during development. However, when these problems were discovered (possibly by the aforementioned agencies), rather than fix the problems the RSA agreed to leave the problems in their code for a nominal fee.

                That would imply both incompetence /and/ malfeasance. It also mea

              • by Joce640k (829181)

                It's always an, um, excellent, sign when the company's own spokesweasels are asking you to accept the 'we were incompetent, really!' excuse.

                Yep. It's hilarious watching the weasels destroy a company by trying to avoid admitting something.

                They should have said: "Hey, it's $10 million bucks, what would you have done?"

                • They should have said: "Hey, it's $10 million bucks, what would you have done?"

                  I'll go further on that: "It's $10 million bucks from our own government's black program who could put us out of business or have us convicted of something." This might have been an offer they couldn't safely refuse - and it's *supposedly* from the *good* guys.

            • by Anubis IV (1279820) on Monday December 23, 2013 @11:32AM (#45766885)

              If they didn't do it for the NSA

              I know you're stating that rhetorically, but I'd like to answer it anyway. Read their relevant parts of their "denial" again:

              Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

              we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use.

              They never denied entering a contract with the NSA. All they denied was that they entered a contract with the intention of undermining their own products, which is not something that they were being accused of by most reasonable people. As you said, it's far easier to attribute this to incompetence than malice, and most of us aren't accusing them of intentionally sabotaging their own products; we're accusing them of being negligent in their duties by not being careful enough in accepting gifts from players in the game who have competing interests. Moreover, as a publicly traded company, they've already had to disclose the budget of the division that received the funds, so we know that the funds were received and that a contract does exist.

              TL;DR: It's a standard non-denial denial. They denied the worst possible stuff that the sensationalists were accusing them of, while using strong words like "categorical" to give the impression they were denying everything, when really, they were merely denying a set of claims taken in whole, leaving wide open the accusations of the very realistic misdeeds they stood accused of.

          • by Nutria (679911)

            That is why I say it is a very sad day when my country has turned into something worse than a banana republic.

            Dude, power always accretes more power. You should be old enough to know that.

          • banana republic (Score:3, Interesting)

            by Anonymous Coward

            Change did not come over night. You had patriot act over 10 years ago. You had George Bush senior saying he does not consider atheists citizens or something along that lines. You know what you are - Theocracy. You say your church and state are seperate, but your politicians, media and even citizens don't agree. Hell, majority of your people don't even belive evolution and vote for creationism. What can you expect in that kind of environment?

        • by makomk (752139) on Monday December 23, 2013 @06:19AM (#45765435) Journal

          Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. That happened a year or two after it was introduced back in 2006 or 2007, yet they didn't notify their customers or change it from being the default until 2013, leaving those customers using crypto that RSA basically knew was backdoored for years. (It should've been even more obvious to RSA that there was a backdoor than it was to the rest of the crypto community, since the people with the ability to backdoor it had bribed them to use it as the default in their crypto product.)

          • Re: (Score:3, Informative)

            by cold fjord (826450)

            Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. .... leaving those customers using crypto that RSA basically knew was backdoored for years.

            Nobody has proven that any backdoor exists. It has only been shown that the form of the curve might allow for one. For all anyone outside of NSA actually knows, that form of a curve may be particularly resistant to analysis (like what NSA did with DES that everyone was suspicious of for 20 years until differential cryptanalysis was rediscovered in academia), or it could be a troll to suck in the intelligence services of other countries with NSA knowing that it only looks vulnerable.

            The "crypto library dev

        • by FlyHelicopters (1540845) on Monday December 23, 2013 @06:20AM (#45765437)

          2. How much can you trust Snowden Up to this point he was just making claims against an agency that largely cannot (or will not) comment about their practices. Now he is making claims against a public company that could pursue him civilly for libel

          Eh? Really? Repeat that back to yourself and see if it makes any more sense the second time around...

          Snowden is wanted for serious crimes against the government of the United States of America, the penalties for which involve spending the rest of his life in a 8x10 foot concrete cell by himself.

          I think he is way, way past civil liabilities against a company or any suing it might do against him in a court of law.

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          2. How much can you trust Snowden

          What does that have to do with anything? Its not like he's got his own personal talk show, like Glenn Beck, Rush Limbaugh, etc, where he constantly spews nonsense and conspiracy theories. All Snowden did was obtain some documents showing a US Agency completely ignoring the US Constitution, and doing a lot of unconstitutional, immoral, shady, and creepy things. Snowden isnt making any statements or news conferences, the news is coming straight from the NSA (against their will, of course, which is why its

        • by AHuxley (892839)
          Nice talking points AC.
          RE: 2. How much can you trust Snowden
          Most of that would have been picked up on by http://cryptome.org/2013-info/06/whistleblowing/whistleblowing.htm [cryptome.org] and many others with gov document/tech skills known/trusted by to the press around the world.
          The press know they cannot publish 'junk' again and again.
          The press goto people with document skills and get some background re the dates and content - too old, new, wrong format, layout, names, locations, style, fonts - something stands ou
        • by Clsid (564627) on Monday December 23, 2013 @10:45AM (#45766557)

          Are you seriously suggesting that Snowden is not trustworthy? I would definitely support the guy that had to run away from his country because of a massive information leak than some crude government/corporation propaganda. It truly makes me wonder why you are posting as an anonymous coward and spread FUD about the only way we could have found out about such things in the first place.

          • by Anonymous Coward

            Are you seriously suggesting that Snowden is not trustworthy? I would definitely support the guy that had to run away from his country because of a massive information leak than some crude government/corporation propaganda. It truly makes me wonder why you are posting as an anonymous coward and spread FUD about the only way we could have found out about such things in the first place.

            Different AC here ... You are making a very naive assumption. That if one side is lying the other side is telling the truth. That's silly. Both sides may be lying.

            The truth is Snowden has an agenda. It is therefore plausible that he is exaggerating. He is also under the control of dubious masters, formerly China and now Russia. It is mildly plausible that he needed to keep China or needs to keep Russia happy with his leaks and/or believe he is valuable asset so that they continue to protect him.

            Or to

            • by lennier (44736)

              Snowden has an agenda.

              It's worse than that - I hear he has a quorum and takes minutes, too.

              Why do people of a certain political stripe use that word as if it's an insult? Is Roberts Rules of Order [wikipedia.org] the new Protocols of Zion, or something?

        • by pegr (46683) on Monday December 23, 2013 @12:17PM (#45767235) Homepage Journal

          Snowden has made no such claims. The claim originated from a leaked document. He provided the document to journalists. The document speaks for itself.

          Is the document genuine? That is an entirely different question. I suspect that it is, though no one at the NSA will say. How do you confirm the authenticity of the document? Well, a simple initial approach may be to consider the accuracy of previous document releases. By that standard, it's genuine.

    • by game kid (805301) on Monday December 23, 2013 @04:40AM (#45765193) Homepage

      I can imagine Samuel L. Jackson popping out of nowhere to tell RSA, "Yes you did! YES YOU DID." Actually I kinda wish that happened.

  • Trust none of them (Score:5, Insightful)

    by CuteSteveJobs (1343851) on Monday December 23, 2013 @03:08AM (#45764925)
    RSA denying it? "Well, he would, wouldn't he?" - Mandy Rice-Davies

    If this story turns out to be true, then RSA's name is mud. Only a complete and utter moron would buy from them after this.

    Same goes for the other companies who have been selling us out. Even Google and Microsoft who are now leaking stories about them boldly protecting their backbones from the NSA have been handing over our data, and in the case of Microsoft took cold hard cash to add backdoors to Skype and God knows what else. If you trust *any* of these companies you are a complete and utter moron.
    • by khasim (1285) <brandioch.conner@gmail.com> on Monday December 23, 2013 @03:17AM (#45764957)

      An even easier test of trust:

      The post, carefully worded to avoid discussing whether or not the company took $10m from the NSA, concluded with the following statement:

      Did RSA take $10 million from the NSA and if so for what service?

      So far it looks like they aren't arguing that they did NOT take the money.

    • Links (Score:5, Informative)

      by CuteSteveJobs (1343851) on Monday December 23, 2013 @03:34AM (#45765017)
      Microsoft handed the NSA access to encrypted messages â Secret files show scale of Silicon Valley co-operation on Prism â Outlook.com encryption unlocked even before official launch â Skype worked to enable Prism collection of video calls â Company says it is legally compelled to comply http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data [theguardian.com]

      "Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple" http://gizmodo.com/google-to-government-let-us-publish-national-security-512647113 [gizmodo.com]

      And look at the chronology of this:
      23 September 2013: BBC News - RSA warns over NSA link to encryption algorithm http://www.bbc.co.uk/news/technology-24173977 [bbc.co.uk]
      21 December 2013: NSA Gave RSA $10 Million To Promote Crypto It Had Purposely Weakened https://www.techdirt.com/articles/20131220/14143625655/nsa-gave-rsa-10-million-to-promote-crypto-it-had-purposely-weakened.shtml [techdirt.com] How apt: Techdirt said the story was from the "from the say-bye-bye-to-credibility,-rsa dept"

      Fuck you RSA. Fuck you NSA.
      • Re:Links (Score:5, Interesting)

        by Taco Cowboy (5327) on Monday December 23, 2013 @04:41AM (#45765199) Journal

        Microsoft handed the NSA access to encrypted messages à Secret files show scale of Silicon Valley co-operation on Prism ...

        I won't be able to represent anybody but myself but my companies, at least the time I was running them, never get involved with NSA / CIA / FBI or any of those alphabet agencies.

        Yes, from time to time they did flag us (and even contacted some of my co-workers). What we did in return was to move part of our operations out of USA in order to not getting involved.

        • You realize that moving them out of the US simply makes their job easier. Now they no longer need to ask, no longer even need their secret courts, now they can just do whatever they want outside of the US.
      • Re: (Score:3, Insightful)

        by Taelron (1046946)
        Everyone keeps forgetting that Microsoft handed the keys to the kingdom to the NSA back in 1999 and NT 4.0 SP5 http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]
    • by AmiMoJo (196126) *

      Only a complete and utter moron world but stuff from a company with close links to a national security agency regardless.

    • by VortexCortex (1117377) <VortexCortex AT ... trograde DOT com> on Monday December 23, 2013 @04:26AM (#45765149)

      Only a complete and utter moron would buy from them after this.

      Remember how the RSA SecureID authentication system was hacked? [pcmag.com]

      Now, the way you do these tokens is to have a counter or timer inside them that's synchronized with an external system. You simply encrypt the counter and that's your verifiable ID code. The server can authenticate a couple counts in the past or present to give a wider window, and updates if drift is detected to stay in sych.

      There's a concept in security called "single point of failure" that all competent security researchers are aware of and attempt to avoid, but RSA didn't. They didn't let you seed your own SecureIDs. Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim. Additionally, RSA can grant access to other people, say the NSA, by seeding a SecureID with a duplicate of yours. Furthermore, if RSA is compromised then everyone who uses SecureID is at risk, they've made themselves a single point of failure.

      A better approach is to allow businesses to seed your security cards yourself, and run your own servers. This way there's no single point of failure for the entire card system -- Compromise one business doesn't leak to others. You don't have to rely on external servers for validation so even if all external lines are cut, your intranet can still validate cards. And you don't have to worry about the NSA compromising the folks you bought the cards from after you purchased them -- Only your systems know the authentication codes -- The crackers have to crack your database.

      It wasn't surprising to me that RSA would get compromised because they were the single point of failure, it was only a matter of time (if not pre-compromised from inception). It wasn't surprising at all when defense related companies like Lockheed Martin and L-3 Communications were compromised thanks to RSA's SecureID breech. [computerworld.com]

      Now, given the ineptitude you'd have to have as a team of premier security researchers to screw the pooch this badly in the design of your security product, and given how asinine it would be to select the absolute worst and slowest random number generator as the default for your BSafe security product, knowing you have many embedded platform use-cases, and given that it was known well in advance that trusting the PRNG was ill advised... Then considering Snowden leaks info explaining that the NSA was paying RSA to botch and weaken their security systems. Yeah, that makes perfect sense.

      Given a gag order I'd understand RSA keeping quiet on this. If they cared about security of their customers then at that point we'd see RSA engineering a completely new line of security products with a goal to put our minds at ease, and inexplicably discontinue their past offerings. However, since they opened their fool mouths and claimed not to be screwing up everything on purpose... At least if they were forced to mess things up this bad I could understand, and once the spying apparatus has been dismantled I'd consider RSA still viable. However, if the NSA wasn't paying RSA to botch their security systems, then they can never be trusted again.

      I use YubiKey [yubico.com] instead. I can run my own server, install my own codes in the tokens, or let yubico do it if the application doesn't require such security. The protocol and server source code is open. [yubico.com] I hear Google's partnering with them too. [wired.com]

      Sad, really. Now anything RSA has touched I'm distancing myself from.

      • by game kid (805301)

        The protocol and server source code is open. I hear Google's partnering with them too.

        I'm not quite sure that's a bullet point, especially if they're doing sentence 2 to stop sentence 1 [arstechnica.com].

      • by Jah-Wren Ryel (80510) on Monday December 23, 2013 @05:38AM (#45765317)

        Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim.

        I have personal experience implementing a SecureID based system and I can say that is not true.

        Yes, RSA seeds the tokens. No there is no external reliance on RSA to validate them in the field. You do have to run their authentication server, but it does not phone home at all. RSA is not an active participant in each authentication, they can't stop valid tokens from continuing to work. I can say this categorically because I worked with a SecureID system on an air-gapped network. It was physically impossible to phone home to RSA.

      • by Bob_Who (926234)

        Well stated. Thanks for the well written insight.

      • by Bert64 (520050)

        There's not a single point of failure in the RSA case, they generate the seed values and give you the ones which correspond with the tokens, so your own server performs the authentication and RSA can't break it in that way, although they may be able to effect a denial of service through the license enforcement code.

        The rest is correct however, they retain copies of all the seeds and can thus predict the token value at any time. That should have been a red flag to anyone, and I often recommended against usin

    • Re: (Score:3, Insightful)

      by Threni (635302)

      Weaselly language:

      > "that we have never entered into any contract or engaged in any project with the
      > intention of weakening RSA's products, or introducing potential 'backdoors' into our
      > products for anyone's use."

      So, potential backdoors are out. How about backdoor? Known, functional backdoors, not the prospect of future backdoors?

      Weakening? Nobody mentioned weakening. That $10,000,000 you took from that spy organisation - that was to strengthen, not weaken.

      Contract? No contract. I rewarded my

      • by penix1 (722987)

        I rewarded my daughter for tidying her room. At no point was a contract, written or otherwise, created.

        Actually, there was the moment you agreed to pay her for her cleaning services. Verbal, but still a contract.

        • Illegal contracts are unenforceable in court so there is no point even writing them down. Hilarious precedent when a bunch of highwaymen tried to sue each other over broken contract. Court hanged them all. Let us hope for same outcome with NSA and RSA Bonnie and Clueless.
  • Hell I also do not trust PGP.

    I trust GNUPG as long as Canonical doesn't improve it.

  • by Etherwalk (681268) on Monday December 23, 2013 @03:13AM (#45764941)

    The problem is that the NSA has been lying to everyone with doublespeak--asking permission for X warrants when the warrants really covered umpteen billion warrants, things like that. So while this press release categorically denies "that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries[,]" it could still be truthful even if any ONE of the facts in that list is false.

    For example, "known" flawed random number generator--suppose the NSA knew it was flawed and RSA didn't. This denial does not contradict that.

    In the context of a topic where companies and government agencies are lying regularly by using careful diction, even a "strong" "categorical" denial has to eliminate the possibility of loopholes in order for it to be believable.

    • by Trepidity (597) <delirium-slashdot&hackish,org> on Monday December 23, 2013 @03:18AM (#45764961)

      That was my read of the statement as well. Essentially all they're denying is that they openly sold the rights to backdoor their software. It could still be the case that they wink-wink sold those rights. Or it could be the case that they were just dupes rather than in cahoots with the NSA; it's not entirely implausible that they thought they were helping out the NSA by making the change for a reason unrelated to backdooring the software.

  • But in that thought process RSA would be the first to stand up for the constitution on a list that includes all major telecoms and even other governments. Unlikely.
  • It's called LYING... (Score:2, Informative)

    by Anonymous Coward

    It's called lying, and American Law specifically allows partners of the NSA to issue any form of false statement to the public, their shareholders, their investors, or any other non-governmental entity. In other words, once any individual or corporation gets in bed with the NSA, you can never again believe a word they say.

    Google lies through its teeth, Microsoft lies through its teeth. These two companies now compete with one another as to which can provide the NSA with greatest value.

    RSA is evil beyond any

    • by Dogtanian (588974)

      It's called lying, and American Law specifically allows partners of the NSA to issue any form of false statement to the public, their shareholders, their investors, or any other non-governmental entity. In other words, once any individual or corporation gets in bed with the NSA, you can never again believe a word they say.

      Taking the highlighted section above at face value, logically that would mean that they were legally able to claim "We have never had any involvement with the NSA" when the complete opposite was the case.

      While this may come across as smartassery in other situations, I've no doubt that in this case some weasel of a lawyer could- and would- use this in defending a company caught in flagrante with the NSA. This renders *any* company that *might* plausibly be involved with the NSA (including virtually all Ame

  • by waddgodd (34934) on Monday December 23, 2013 @03:14AM (#45764947) Homepage Journal

    They didn't do it for NSA money, that was just gravy. They did it for Mossad money and got the NSA to chip in after the fact.

  • They're just claiming again that they assumed the NSA were good people.

    This all happened in 2006. RSA adopted DUAL_EC. RSA was sold to EMC. NIST released the standard. Microsoft researchers showed the flaws in DUAL_EC. The flaws in DUAL_EC have been known since 2006, the only thing we didn't know was that they were deliberate.

    Also it's interesting to note that an anonymous organization paid for the same DUAL_EC algorithm to be added to Open SSL. With Open SSL at least they didn't make it the default but it's not far off from what RSA did.
    http://arstechnica.com/security/2013/12/nsas-broken-dual_ec-random-number-generator-has-a-fatal-bug-in-openssl/ [arstechnica.com]

    • This all happened in 2006. RSA adopted DUAL_EC. RSA was sold to EMC. NIST released the standard. Microsoft researchers showed the flaws in DUAL_EC. The flaws in DUAL_EC have been known since 2006, the only thing we didn't know was that they were deliberate.

      So... IF there was indeed a ~$10 million move afoot to slide Dual EC_DRBG into BSAFE and common use, why then was its implementation in the OpenSSL library left unattended? I can easily imagine that a bit of firm anonymous advocacy or subtle pressure on developers would have yielded results -- in the least a segfault-free product.

      This empirically suggests that no such move was afoot. There are enough real controversies facing us today, we should be careful when going out on limbs.

      Perhaps Snowden caught wi

  • by anarkhos (209172) on Monday December 23, 2013 @03:17AM (#45764955)

    Well, of course they HAVE to deny this.

    But who am I to believe, the RSA or their long list of security hiccups.

    Oh, and Microsoft denies this too. That's good enough for me!

    Our fatherly corporate overlords would never lie for a buck, or $10M...

  • Sorry RSA (Score:5, Insightful)

    by danheskett (178529) <danheskett@@@gmail...com> on Monday December 23, 2013 @03:17AM (#45764959)

    This is why you don't get in bed with government. Because we can never trust you, ever. And since you are not open source and have systematically reduced your transparency over the decades, you can't prove that your aren't lying.

    • Re:Sorry RSA (Score:5, Insightful)

      by _Shad0w_ (127912) on Monday December 23, 2013 @04:53AM (#45765229)

      I don't think you could prove they were lying even if they were open source. All looking at the source code would tell you is that they implemented Dual_EC_DRBG; exactly the same as looking at the OpenSSL source code will tell you. I doubt there would be a handy comment saying "/* Implemented a known-weak method on behalf of the NSA. */" around it.

      The problem Dual_EC_DRBG, as far as I can tell, is in the choice of constants used in it; the constants are defined by the NIST standard.

  • They very well could have had a few employees that accepted $10 million to do it.
  • by waynemcdougall (631415) <slashdot@codeworks.gen.nz> on Monday December 23, 2013 @03:22AM (#45764983) Homepage

    17. RSA agrees that should the existence of this contract, the general nature of the agreements made herein, or the relationship bewtern the RSA and NSA be made public then the RSA shall, with due expediency, issue the following denial: "we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

  • Oh, Sure... (Score:4, Insightful)

    by BlueStrat (756137) on Monday December 23, 2013 @03:24AM (#45764993)

    I believe them.

    Just as much as I believe that Nigerian Prince's nephew's super deal for helping him get funds out of the country.

    C'mon, RSA guys. I know you're pretty butt-hurt about this revelation from the Snowden release. Heck, I can even understand that you guys may well have received an "offer you can't refuse" from the NSA, et al.

    You'd be much better off playing that angle, rather than attempt a laughably-preposterous and totally unbelievable denial. The denial gets you no sympathy or possible assistance out of your situation at all from the public, only hatred, vitriol, and the ends of many of your careers.

    Remember that when making deals with the Empire, Darth has a nasty habit of "altering the deal". Though you "pray" he "doesn't alter it further", it never fails to eventually happen. Neville Chamberlain, 'nuff said.

    Strat

    • by AHuxley (892839) on Monday December 23, 2013 @04:06AM (#45765091) Homepage Journal
      We are top officials of the Federal Institution for Standards Review panel who are interested in the testing of cryptography in our country with academics which are
      presently working in the USA. In order to commence this business, we solicit your assistance to enable us to sell into your company, the said fully tested cryptography standard.

      The following represents the source of the cryptography . During the last regime in the USA, the Government officials set up departments and awarded themselves
      private contracts which were grossly over invoiced in various Federal grants which informed the setting up of the Conflict Records Research Agency by the present Government to advice on the aforementioned.
      We have identified a lot of inflated contract sums which are presently floating in the Central Bank of the USA ready for payment, amongst which is the said sum of US$10,000,000 (Ten Million United States Dollars) that we solicit your assistance for the export.
      As we are unable to manage the export all by ourselves by virtue of our position as civil servants and members of the Panel, I have therefore been delegated as a matter of trust by my colleagues on the Panel to solicit for an overseas partner into whose hardware we would run the said code.
  • Come On (Score:5, Insightful)

    by SuperKendall (25149) on Monday December 23, 2013 @03:25AM (#45764997)

    The government has a new encryption algorithm that is "amazingly strong". Only they are paying YOU to use it? And that does not throw up any red flags in a company based on SECURITY?

    • Re:Come On (Score:5, Interesting)

      by Anonymous Coward on Monday December 23, 2013 @03:45AM (#45765045)

      Just to play devil's advocate, here's a plausible scenario which makes RSA look stupid but not evil:

      NSA approaches RSA with their fancy new NIST/FIPS standard and says that it prefers that government agencies and contractors use Dual_EC_DRBG as soon as possible. Maybe they have super secret intel that China broke SHA-1. Who knows. All the RSA knows is that the NSA mission statement includes counter-intelligence--i.e. protecting the government.

      Because so many agencies and contractors use products based on BSafe, the NSA wants to fast track an upgrade. The NSA says that it would pay RSA for the trouble of integrating Dual_EC_DRBG into BSafe as the default FIPS-compliant mode, and for the trouble of getting it tested and certified by NIST. It offers $10 million, which is a reasonable sum for that not inconsiderable effort on the part of RSA.

      I still wouldn't trust RSA as far as I could throw them, but in this scenario everybody is being sincere and earnest. But for a company like RSA, suspicion should have been the order of the day. But as others have mentioned before, RSA is more managerial driven these days. While their researchers may have raised an eye brow, at this point they don't have the clout to veto an executive decision, because all the famous guys (the ones with a spine and a reputation to burnish) have left.

      • Ok, I can buy that is at least a plausible scenario. So then the question would be, where are the technical guys that at least raised an eyebrow at the time but were overruled by management...

        • by game kid (805301)

          Probably being kept from so much as breathing a word about the eyebrow-raising by their work contracts with said management.

  • Non-denial denial (Score:5, Informative)

    by dido (9125) <dido@im[ ]ium.ph ['per' in gap]> on Monday December 23, 2013 @03:58AM (#45765075)

    As usual with these things, it's a non-denial denial. "RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use." Emphasis added. The first part says that they can't say whether they've taken any money from the NSA, so the story of them receiveing $10 million from the NSA could still be true. The second part leaves a lot of wiggle room. The word "intention" is the weasel. The statement leaves open the possibility that they could have taken the money from the NSA in good faith, in the same way that Mozilla takes Google's money in exchange for making Google the default search engine in Firefox. They didn't know then what the NSA's true intentions were in pushing use of Dual_EC_DRBG (never that mind it's several orders of magnitude slower than any other CPRNG algorithm described in NIST SP 800-90A). They were already using it in BSAFE as early as 2004, and the algorithm became a NIST recommendation in 2006. The possibility of a backdoor in the algorithm was floated publicly in 2007, a few months after it was published. I for one don't buy that they did all this in good faith, but there's no way to prove it unless some cryptographer who was employed by RSA at the times in question blows the whistle and says they had suspicions with the algorithm and the NSA's intentions for it.

    The NSA wasn't always thought of as so evil. They modified the DES s-boxes so as to strengthen it against a cryptanalytic technique (differential cryptanalysis) that was known only to them and IBM since at least 1974, and kept classified until it was independently discovered by the academic cryptographic community in the late 1980s, so there may be some reason to give RSA the benefit of the doubt.

  • by melchoir55 (218842) on Monday December 23, 2013 @04:03AM (#45765087)

    Given the state of affairs in the United States, I would think that every country on earth should be reviewing their reliance on American tech (especially in cryptography). Do you really want your parliament having discussions over skype? Or using Microsoft Windows to conduct their Seriously Secret activity? Microsoft is implicated in compromising Skype, so there is every reason to suspect they have also compromised Windows and every other piece of software they make. Google mail? Apple phones? RSA security? The list goes on.

    If I were a foreign government I would dump serious subsidies into my domestic software development industry. This extends to our allies as well. After all, if the USA is willing to spend insane resources and flaunt the law/morality by spying upon its own citizenry to a degree hardly less severe than 1984... why wouldn't they be using the very same backdoors on you?

    • by deanklear (2529024) on Monday December 23, 2013 @08:01AM (#45765761)

      U.S. cloud providers have already lost business over the NSA leaks, but now the Information Technology and Innovation Foundation (ITIF) has a report putting a dollar amount on the short-term costs: $21.5 to $35 billion over the next three years.

      ITIF based these estimates in part on the Cloud Security Alliance survey showing that 10 percent of officials at non-U.S. companies cancelled contracts with U.S. providers and 56 percent of non-U.S. respondents are hesitant to work with U.S. cloud based operators after the leaks.

      And before you have pity on US firms losing this cash, remember that they have been knowingly aiding the NSA and the CIA and any other government entity that came knocking for years, and they would still be handing over our data (and they probably still are) without any concerns had Snowden not exposed the extent of the NSA's illegal, immoral, unconstitutional, and and brazenly stupid surveillance program.

      When Angela Merkel is comparing the NSA to the Stasi, we've got problems. When Chinese tech firms become more trusted than American tech firms, we've got problems. When a schmuck wearing a military costume -- which is a disgrace to people who served their country instead of their government -- lies to congress about spying on Americans and gets away with it, we've got problems. "General" Keith B. Alexander was head of Army Intelligence and missed the piles of evidence pointing towards 9/11, and even after he helped the state security apparatus morph into the world's largest and most expensive spying effort, the organization under his control has still failed to stop a single terrorist attack.

      The NSA, the CIA, and Mr. Alexander are a disgrace to our country, but they are unfortunately typical of American government, and the corporations that have been colluding with them for years. They're more interested in their own careers and dollar signs than they are about upholding the Constitution, but when they are caught, they hide behind their military titles and bullshit legalese because they have no redeeming qualities as individuals or as organizations.

      If it seems personal, its because it is personal. It may just be a coincidence that I am flagged constantly when I cross the border for "random" searches, but I live in a country where I can't even find out why I seem to be a magnet for the attention of the security state. For my own protection, I am not allowed to know what my government is doing. And now that the NDAA has passed, an American agent could pick me up and detain me indefinitely without a trial.

      Thanks for protecting American ideals from those totalitarian invaders, Mr. Alexander. You're doing a heckuva job.

  • by bl968 (190792)

    What you thought he said, "We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

    What he actually said "We did it for the money"

  • by FudRucker (866063) on Monday December 23, 2013 @05:59AM (#45765365)
    they are not going to confess that they betrayed the trust of their customers and the people, eventually the truth will come out and heads will roll
  • They have denied, in effect, that they even are competent to evaluate cryptosystems or that they are competent to protect their customers as they claim. This denial I think is actually worse for them than saying they actually knew what they were doing and did so anyway.

  • by CuteSteveJobs (1343851) on Monday December 23, 2013 @06:16AM (#45765419)
    RSA's official response is limp and evasive. It makes no mention of the $10M payment. Even the PR spokesliars couldn't turn this truck load of pig shit into a silk purse https://blogs.rsa.com/news-media-2/rsa-response/ [rsa.com]

    > We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

    Then why did they have to pay you to use a 'good' algorithm? If all they had to do is convince you it was awesome that would have been enough. How fucking dumb do you think we are?

    > This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.

    Fuck you, RSA. You made it the default, knowing most people would trust and use it for that reason. You fucking well know if one of the options was starred 'NSA paid us $10M to make this one the default' no one would have touched it. Remember the public suspicion when Microsoft's NSAKEY was discovered. Don't bullshit us that RSA didn't know about that.

    > We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.

    Then you should have gone back to NSA and said "Hey look, you paid us $10M to use a flawed algorithm. You are supposedly experts in encryption. We aren't stupid. What the fuck are you trying to pull on us and our customers?"

    And that's the scenario that assumes they *didn't* know.

    > When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.

    Fuck you. It was out in the open by then. You could hardly hide it them, and you still didn't warn your customers their data might have been compromised.

    > RSA, as a security company, never divulges details of customer engagements,

    Like $10M Bribes? Or agreements with one customer to fraudulently sell flawed software to other customers? I bet lawyers everywhere can smell big class actions off this one!

    > but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSAâ(TM)s products, or introducing potential âbackdoorsâ(TM) into our products for anyoneâ(TM)s use.

    Oh fucking puleaze. "intention" is a bullshit cop out that means you did it but didn't fucking us over wasn't the primary reason. If that $10M was so clean, show us the contract and the minutes of meetings. If you don't, don't expect us to trust you. And if they don't exist even though this is all above board, why?

    RSA is either incompetent or malicious. Either way it can't be trusted again. Security companies can't operate unless their customers trust them. RSA is dead.
    • by bytesex (112972)

      "Then why did they have to pay you to use a 'good' algorithm? If all they had to do is convince you it was awesome that would have been enough. How fucking dumb do you think we are?"

      Amateurs and open source developers are not the only people using crypto. A lot of the time it's government or other (contract-) workers that need to comply with standards. To make something part of a standard, you need to pay. If only because it's work.

  • by XaXXon (202882) <[moc.liamg] [ta] [noxxax]> on Monday December 23, 2013 @06:30AM (#45765489) Homepage

    Snowden: 100% accuracy so far.

    RSA: For profit company that looks really bad right now and there's no downside to them lying.

    I'll go with the 100% guy with nothing to gain.

  • we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use.

    Not corrupt, just incompetent.

  • by Kazoo the Clown (644526) on Monday December 23, 2013 @08:04AM (#45765771)
    This is supposed to make us feel better? That instead of taking money to undermine security they were duped into it? Aren't they saying here, that they didn't knowingly undermine encryption, they were simply incompetent? These guys are toast in any case, time to turn the lights off and go home...
  • We need reporters that can craft absolutely air-tight, weasel-proof questions to force both corporate and governmental officials into an inescapable corner.

    Even Bill Clinton would be impressed by the linguistic gymnastics now being displayed by liars of the highest order.
  • by StormReaver (59959) on Monday December 23, 2013 @09:21AM (#45766081)

    Let's assume, for the same of argument, that RSA is being completely honest and sincere: their product is not compromised by the U.S. Government. Given that the U.S. Government can just slap any company in the U.S. with a National Security Letter; the violation of which comes with prison time, and which prohibits the recipient from even saying they got one; we can't trust any U.S. (or U.K., for that matter) company's word that they haven't been compromised by the Government.

    So as our computer security companies start to decline, and our economy (which has a huge computer company component to it) declines even further, we can all tip our hats to the corrupt polititians that gave our three-letter agencies the power to deal a body blow to the very country they are supposed to be protecting; and to the agencies that use that power to harm us more than any terrorist plot ever could.

  • by tom229 (1640685) on Monday December 23, 2013 @01:20PM (#45767729)
    If you're like me you're wondering exactly what the implications of this revelation are in the real world. This article [sophos.com] and this discussion [stackexchange.com] helped clear it up for me.

    Thankfully, this PRNG likely isn't used in any implementation of OpenSSL. It also doesn't appear to be used, at least in newer versions, of Microsoft applications. It may be used in any older Java, and C applications though (especially those linking RSA's BSafe library).

    If anyone has anymore information or clarification that would be great.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...