RSA Flatly Denies That It Weakened Crypto For NSA Money 291
The Register reports that RSA isn't taking quietly the accusation reported by Reuters, based on documents released by Edward Snowden, that the company intentionally used weaker crypto at the request of the NSA, and accepted $10 million in exchange for doing so. RSA's defends the use of the Dual Elliptic Curve Deterministic Random Bit Generator, stating categorically "that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."
I quit trusting them a decade ago (Score:2, Informative)
Hell I also do not trust PGP.
I trust GNUPG as long as Canonical doesn't improve it.
It's called LYING... (Score:2, Informative)
It's called lying, and American Law specifically allows partners of the NSA to issue any form of false statement to the public, their shareholders, their investors, or any other non-governmental entity. In other words, once any individual or corporation gets in bed with the NSA, you can never again believe a word they say.
Google lies through its teeth, Microsoft lies through its teeth. These two companies now compete with one another as to which can provide the NSA with greatest value.
RSA is evil beyond any doubt, but Google and Microsoft are infinitely worse. Remember, Bill Gates gave you Common Core, the inBloom full surveillance child database created in partnership with Rupert "Fox News" Murdoch and the Xbox One NSA spy platform this year alone. Meanwhile Google, the R+D arm of the NSA, moved forward significantly with its programs to build autonomous, self-driving, killing machines for use in future US military invasions.
Links (Score:5, Informative)
"Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple" http://gizmodo.com/google-to-government-let-us-publish-national-security-512647113 [gizmodo.com]
And look at the chronology of this:
23 September 2013: BBC News - RSA warns over NSA link to encryption algorithm http://www.bbc.co.uk/news/technology-24173977 [bbc.co.uk]
21 December 2013: NSA Gave RSA $10 Million To Promote Crypto It Had Purposely Weakened https://www.techdirt.com/articles/20131220/14143625655/nsa-gave-rsa-10-million-to-promote-crypto-it-had-purposely-weakened.shtml [techdirt.com] How apt: Techdirt said the story was from the "from the say-bye-bye-to-credibility,-rsa dept"
Fuck you RSA. Fuck you NSA.
Non-denial denial (Score:5, Informative)
As usual with these things, it's a non-denial denial. "RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use." Emphasis added. The first part says that they can't say whether they've taken any money from the NSA, so the story of them receiveing $10 million from the NSA could still be true. The second part leaves a lot of wiggle room. The word "intention" is the weasel. The statement leaves open the possibility that they could have taken the money from the NSA in good faith, in the same way that Mozilla takes Google's money in exchange for making Google the default search engine in Firefox. They didn't know then what the NSA's true intentions were in pushing use of Dual_EC_DRBG (never that mind it's several orders of magnitude slower than any other CPRNG algorithm described in NIST SP 800-90A). They were already using it in BSAFE as early as 2004, and the algorithm became a NIST recommendation in 2006. The possibility of a backdoor in the algorithm was floated publicly in 2007, a few months after it was published. I for one don't buy that they did all this in good faith, but there's no way to prove it unless some cryptographer who was employed by RSA at the times in question blows the whistle and says they had suspicions with the algorithm and the NSA's intentions for it.
The NSA wasn't always thought of as so evil. They modified the DES s-boxes so as to strengthen it against a cryptanalytic technique (differential cryptanalysis) that was known only to them and IBM since at least 1974, and kept classified until it was independently discovered by the academic cryptographic community in the late 1980s, so there may be some reason to give RSA the benefit of the doubt.
Re:RSA's name is now mud (Score:5, Informative)
Re:Trust none of them (Score:5, Informative)
Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim.
I have personal experience implementing a SecureID based system and I can say that is not true.
Yes, RSA seeds the tokens. No there is no external reliance on RSA to validate them in the field. You do have to run their authentication server, but it does not phone home at all. RSA is not an active participant in each authentication, they can't stop valid tokens from continuing to work. I can say this categorically because I worked with a SecureID system on an air-gapped network. It was physically impossible to phone home to RSA.
Re:It's a very sad day (Score:5, Informative)
Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. That happened a year or two after it was introduced back in 2006 or 2007, yet they didn't notify their customers or change it from being the default until 2013, leaving those customers using crypto that RSA basically knew was backdoored for years. (It should've been even more obvious to RSA that there was a backdoor than it was to the rest of the crypto community, since the people with the ability to backdoor it had bribed them to use it as the default in their crypto product.)
Re:It's a very sad day (Score:3, Informative)
Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. .... leaving those customers using crypto that RSA basically knew was backdoored for years.
Nobody has proven that any backdoor exists. It has only been shown that the form of the curve might allow for one. For all anyone outside of NSA actually knows, that form of a curve may be particularly resistant to analysis (like what NSA did with DES that everyone was suspicious of for 20 years until differential cryptanalysis was rediscovered in academia), or it could be a troll to suck in the intelligence services of other countries with NSA knowing that it only looks vulnerable.
The "crypto library developers" don't control NIST standards, do they? Did they have actual proof that anything was bad? No, only their suspicions. Since it was a NIST standard and NSA signed off on it, you would need more than some open source developer with a personal theory to result in any real action.
NSA may simply have been trying to spread elliptic curve technology for all anybody actually knows. You may recall that it looked highly promising at the time, but the problem with new things is always to get people to adopt them. DES lingered in use far longer than it should have since people weren't moving off from it. Everyone is entitled to their own ideas, ever suspicious ones.
Feel free to use crypto that isn't NIST compliant, there are markets that won't use it. That is more opportunity for everyone else.
Re:I don't trust anyone (Score:5, Informative)
The division that accepted the $10m was only grossing around $30m at the time.