Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses Communications Encryption Government Privacy United States

Reuters: RSA Weakened Encryption For $10M From NSA 464

Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
This discussion has been archived. No new comments can be posted.

Reuters: RSA Weakened Encryption For $10M From NSA

Comments Filter:
  • RSA sold you out (Score:5, Insightful)

    by Anonymous Coward on Friday December 20, 2013 @07:53PM (#45750763)

    The NSA sold its own customers out to the US government for the price of an NYC apartment.

    • by MichaelSmith ( 789609 ) on Friday December 20, 2013 @08:07PM (#45750827) Homepage Journal

      NSA has customers? Surely not the voters.

      • by Nerdfest ( 867930 ) on Friday December 20, 2013 @08:33PM (#45750965)

        NSA has customers?

        Not any more.

        • NSA has customers?

          Not any more.

          They probably do have "customers", in a sense: foreign governments with whom they've made deals.

          I would like to answer the question asked in OP, though: SSL has weaknesses, but they are not related to this.

          • I think they'll even lose their government contracts, as they know there's no honour among thieves. As for SSL and most of the rest of RSA's business, there are better open solutions. Not packaged as nicely, but available.

            • I think they'll even lose their government contracts, as they know there's no honour among thieves. As for SSL and most of the rest of RSA's business, there are better open solutions. Not packaged as nicely, but available.

              I bed they don't. They (the NSA) will instead get funding boost to "make reforms".

    • *EMC Corp* now (Score:5, Interesting)

      by Anonymous Coward on Friday December 20, 2013 @08:18PM (#45750881)

      They're owned by EMC now, all that data held on EMC kit and in EMC 'clouds' secured by RSA software. Or rather *not* secured by *NSA* software so the NSA can break in easier.

      Wow, that is trillions in damage even before we get to the criminal law book.

    • by Anonymous Coward on Friday December 20, 2013 @09:20PM (#45751165)

      TYPO: you mean RSA sold out its customers

    • Voting systems too. (Score:5, Interesting)

      by Anonymous Coward on Saturday December 21, 2013 @01:09AM (#45752125)

      A while back Ron Rivest (the R in RSA) announced the Three Ballot cryptography for voting systems which was touted a system that would let voters check if their ballot was counted without jeopardizing the anonymity of the secret ballot. The really cool thing about it was that the crypto was a one-way system without any key at all. So it seemed to be uncrackable since there was no trusted key-keeper.

        Shortly before the publication was accepted, Andrew Appel at Princeton University and Charles Strauss at Los Alamos National Laboratory published articles showing it was invertable and not anonymous in practical election situations.

      http://www.cs.princeton.edu/~appel/papers/DefeatingThreeBallot.pdf [princeton.edu]

      http://www.cs.princeton.edu/~appel/voting/Strauss-ThreeBallotCritique2v1.5.pdf [princeton.edu]

        Imagine if that had been adopted... Sort of makes you wonder about everything RSA has touched including SSL.

      • by cryptizard ( 2629853 ) on Saturday December 21, 2013 @04:02AM (#45752457)
        That is how academia works. You can never be 100% sure that something is secure without extensive evaluation and peer review. Ron Rivest has published hundreds of papers, it's guaranteed that some of them contain mistakes. Insinuating that he did it because the NSA told him too is patently ridiculous.
  • by bob_super ( 3391281 ) on Friday December 20, 2013 @07:57PM (#45750785)

    Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

    • by Anonymous Coward on Friday December 20, 2013 @08:09PM (#45750839)

      Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

      A massive exodus to where exactly?

      When an organization like the RSA can be bought, what in the hell makes you think the rest aren't too, regardless of country.

      • by gmuslera ( 3436 ) on Friday December 20, 2013 @08:54PM (#45751061) Homepage Journal
        Companies/organizations from other countries aren't forced by law to both do it, and not tell that they did it. Even if you includes countries like UK, Sweden, South Korea and a few others as compromised, there is plenty of room for independent development. And, of course, open source solutions indepently reviewed. But the point is, if you want security, don't buy anything from US companies. Weakening crypto means that not only NSA can access it.
        • by TheGratefulNet ( 143330 ) on Friday December 20, 2013 @10:13PM (#45751429)

          if you want security, don't buy anything from US companies

          I'm both sad and PISSED OFF that the nsa has fucked america in such a way.

          this has clearly hurt (and will continue to hurt) our economy.

          isn't the current theme "its the economy, stupid!" ?

          if so, then we really should make the nsa pay for this loss of stature in the world, loss of trust and loss of business.

          dare I say it, its border-line treason. there should be mass jailings for all who had anything to do with SEVERLY DAMAGING OUR ECONOMY in this way.

    • by JoeyRox ( 2711699 ) on Friday December 20, 2013 @08:26PM (#45750915)
      Like most criminals they probably never expected to be caught.
    • Link in "summary" no longer good. Try this one:
      http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 [reuters.com]

    • by pla ( 258480 ) on Friday December 20, 2013 @10:28PM (#45751505) Journal
      that's a surprisingly low number.

      That statement stands on its own. $10M? For a company (well, a division of EMC, anyway) whose very existence depends on their reputation and ability to keep secrets safe?

      As much as I damn both the NSA and corporate greed in general, I find TFA borderline unbelievable. Now, I find it a lot more believable that the NSA "paid" $10M plus a "gentleman's agreement" to allow the children of the entire executive board of EMC to continue taking in oxygen from the atmosphere...
      • Re: (Score:3, Interesting)

        by real gumby ( 11516 )

        $10M? For a company (well, a division of EMC, anyway) whose very existence depends on their reputation and ability to keep secrets safe?

        RSA was an independent company at the time, and quite small. This was probably a significant deal, especially for the government division.

        Plus I believe TFA (can't reload it now) said it was handled by the executives directly; the technical team was not involved. So Jim Bizdos may not even have understood what he was getting into. For if he had I would bet he would have asked for more....

    • The $10M is just to compromise the order of the preferred algorithm to use. That this was insecure was blatantly obvious, and the MS researchers pretty much proved it right away.

      Next year, we'll find out the real number they paid to compromise the other supposedly secure algorithms.

  • RSA Stock (Score:5, Interesting)

    by Anonymous Coward on Friday December 20, 2013 @07:58PM (#45750791)

    RSA is publicly traded, is it not? Reuters is giving them a full weekend to come up with a PR response before the markets open on Monday.

    -Also, that wasn't my initial reaction. My initial reaction was to pick my jaw up off the floor. And I thought it couldn't get much worse. Edward Snowden for man of the year.

    • Re:RSA Stock (Score:5, Informative)

      by McGruber ( 1417641 ) on Friday December 20, 2013 @09:57PM (#45751363)

      RSA is publicly traded, is it not? Reuters is giving them a full weekend to come up with a PR response before the markets open on Monday.

      RSA Security, Inc. was acquired by EMC Corporation (http://www.nyse.com/about/listed/lcddata.html?ticker=emc) in 2006 and is now a division of EMC.

      • oh, that figures! emc is a bunch of asswipes. what I saw during an interview there made me walk^H, no, run away from that place.

        • Re:RSA Stock (Score:5, Interesting)

          by Billly Gates ( 198444 ) on Friday December 20, 2013 @10:25PM (#45751497) Journal

          oh, that figures! emc is a bunch of asswipes. what I saw during an interview there made me walk^H, no, run away from that place.

          Did you see what they did to the inventor and founder of VMWare? They paid her only 6 figures with no fucking stock options..?!

          When she complained and threatened to sue they fired her. They said .. but but we have her a 100k a bonus! Meanwhile the CEO of EMC got huge bonuses from vmware revenue.

          What douchbags. I got angry and wished she would ahve hired a better lawyer before the acquisition. But her investors forced in and EMC took advantage. They are greedy self centered assholes.

  • by bill_mcgonigle ( 4333 ) * on Friday December 20, 2013 @08:02PM (#45750803) Homepage Journal

    "... We are now merely haggling over the price."

    Oh, no, wait, it's $10M.

    (apologies to George Bernard Shaw)

    P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).

  • SSL Security (Score:5, Informative)

    by Vellmont ( 569020 ) on Friday December 20, 2013 @08:08PM (#45750831) Homepage

    "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
    No. SSL doesn't specify the method to produce random numbers. Why would it? The NIST method is very very slow, so I'd be surprised if any browsers or servers used it as the random number source.

    • Re:SSL Security (Score:4, Insightful)

      by Anonymous Coward on Friday December 20, 2013 @08:32PM (#45750953)

      The article submitter (or maybe the Slashdot "editors" and I use the term loosely) probably just wanted to link whore by playing a game of Madlibs and associating anything related to cryptography and the big-bad NSA. The elliptic curve thing.. that people already assumed was flawed in 2006 years before Snowden became cool and that nobody used*... is *not* how the NSA would operate if it wanted to be *effective* at spying on everyone.

      Remember kids: Snowden said that the NSA hates it when you use cryptography. If the NSA could just click a button and decrypt everyone's traffic, then they wouldn't have gone to the major expense and risk to bypass the encryption that Google/Yahoo/etc. were using, now would they?

      * No really, nobody used it. Try to do anything with that RNG in OpenSSL and guess what... your program segfaults because in 7 years nobody even did rudimentary unit tests of the code, much less tried to do anything with it.

      • Re:SSL Security (Score:4, Informative)

        by Anonymous Coward on Friday December 20, 2013 @09:26PM (#45751199)

        Nobody used? Try a ton of people used.

        Commercial products that must be FIPS certified tend to use libraries like BSafe, not OpenSSL. OpenSSL has received FIPS certification, but it's really difficult to ship a product using OpenSSL and keep that certification, because FIPS certification is not just about source code and algorithms.

        And I doubt RSA was the only company the NSA approached to use Dual_EC_DRBG by default. I know for a fact that it's used in several other commercial products. And because it's so slow and so suspicious, it's reasonable to believe that these companies were coaxed to use it, too.

  • by surfdaddy ( 930829 ) on Friday December 20, 2013 @08:13PM (#45750849)
    I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught. We have a Constitution, which includes protections against unreasonable search. And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. They are so FUCKING PARANOID that EVERYTHING is on the table, including the privacy and liberty of the citizens. I lower my head in FUCKING SHAME as to what has become of this country.
    • by Anonymous Coward on Friday December 20, 2013 @08:35PM (#45750967)

      I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught.

      And now you know why they were so careful to teach you that. Because it's a lie. You see, the easiest slave to control is one who doesn't realize he's a slave.

      • by bob_super ( 3391281 ) on Friday December 20, 2013 @08:48PM (#45751029)

        I cringe every time I see elementary school children reciting the pledge of allegiance.
        Start them young...

        • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Friday December 20, 2013 @09:53PM (#45751329) Homepage Journal

          The Pledge is an affront to all that school stands for. Unthinking obedience simply isn't compatible with intellectual growth or rational questioning. Obedience to a nation is also incompatible with the international semi-borderless worlds of science and art. Neither paints nor positrons have any respect for local laws or political boundaries. Boundaries exist to maximize the benefits within and minimize contagion from flawed systems, the notion of "loyalty" to any standard is relatively modern as society goes and has been a failure from start to, well, it hasn't finished yet but it's time for philosophers to stop poking at their navels and start thinking about metanations and paranations, how to draw on what has always worked (cooperation across strengths) to derive a notion that is functional, rational, sane and likely to (as an early Megadeth noted) work this time.

      • You see, the easiest slave to control is one who doesn't realize he's a slave.

        "Totalitarian" governments control their populations physically, with chains, clubs, physical restriction. "Democracies" control their populations mentally, with imagery, thoughts, mental restriction.

        They're both the same process - one implemented in hardware, the other in software.

    • by BringsApples ( 3418089 ) on Friday December 20, 2013 @08:53PM (#45751059)
      Ahh, but you see my friend, my countryman... this is our time to shine. This is the very reason that America was ever great. This is the time to revolt in the proper way. It's not our country that's gone down the tubes, but our government. When The People break the law, the governing body has to step in to set them right. When the government breaks the law, The People have to step up to set them right. If not, then The People need to get used to getting fucked regularly by the power that develops in their stead.
    • by FridayBob ( 619244 ) on Friday December 20, 2013 @10:00PM (#45751371)

      ... And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. ... I lower my head in FUCKING SHAME as to what has become of this country.

      That's exactly how I feel. But, if our representatives in the Federal government no longer seem to be on our side, that's because they aren't. They don't work for us anymore: they work for their donors. Among the latter are a collection of corporations (e.g. Booz Allen Hamilton) that make up some 80% of the NSA. The problem is that the executives of those companies have learned that giving large political "donations" to key politicians is probably the best kind of investment they can ever make. As a result, the politicians involved have become heavily dependent on these companies in order to get re-elected and will do anything they are asked in order to keep those donations coming. Every other civilized country recognizes this as corruption, and we used to as well, but unfortunately our laws now say it's legal.

      If you understand this, then you know there is only one solution to this problem: we urgently need to get big money out of politics.

      How can we do that? It would be difficult to do in any other country, but the United States Constitution happens to include Article Five [wikipedia.org], which describes an alternative process through which the Constitution can be altered: by holding a national convention at the request of the legislatures of at least two-thirds (at least 34) of the country's 50 states. Any proposed amendments must then be ratified by at least three-quarters (38 States).

      Are we using this yet? Yes we are! WOLF-PAC [wolf-pac.com] was launched in October 2011 for the purpose of passing a 28th Amendment to the U.S. Constitution that will end corporate personhood* and publicly finance all elections**. Since then, many volunteers have approached their State Legislators about this idea and their efforts have often been met with unexpected bi-partisan enthusiasm! So far, 50 State Legislators [youtube.com] have authored or co-sponsored resolutions to call for a Constitutional Convention to get money out of politics! Notable successes have been in Texas, Idaho and Kentucky.

      But, if the State Legislators are also corrupt, why are they helping us? Well, maybe they aren't as corrupt as you think. But even if they are, the important thing is that they seem usually to be just as fed up with the Federal government as we are -- so much so that they are quite often happy to help out with this effort. After all, it's a pretty simple proposal that speaks to Democrats and Republicans alike.

      .

      *) The aim is not to end legal personhood for corporations, but natural personhood. The latter became a problem following the Citizens United v. Federal Election Commission ruling, which grated some of the rights of natural persons to corporations and makes it easier for them to lend financial support to political campaigns.

      **) At the State level, more than half of all political campaigns are already publicly financed in some way, so there's nothing strange about doing the same for political campaigns for federal office.

  • Catastrophic (Score:5, Insightful)

    by Anonymous Coward on Friday December 20, 2013 @08:17PM (#45750875)

    Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.

    No RSA product can ever be trusted again.

    • Re:Catastrophic (Score:5, Insightful)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Friday December 20, 2013 @10:29PM (#45751511) Journal

      Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.

      No RSA product can ever be trusted again.

      Except that RSA destroyed their whole business a couple of years ago when it was found that they'd left the root keys for their SecureID tokens on an unsecured, network-connected machine. After that no one could trust them again.

      But people did, and they'll continue doing so after this, watch and see.

  • by Anonymous Coward on Friday December 20, 2013 @08:17PM (#45750877)

    TLS's current big problems are:
    - RC4, which is actually crackable given a few bytes of known-plaintext prefix (like "GET /") by a Nation State Adversary in real time; NSA secretly control PCI DSS standard and used the excuse of the BEAST attack (CVE-2011-3389) to push RC4 as solution for PCI compliance, instead of TLS 1.2
    - The CA PKI letting any CA impersonate any and every site; we need at minimum certificate transparency, DANE, and maybe something more
    - The unencrypted ClientHello, which is what makes the FLYING PIG metadata trawling possible (nothing you couldn't do with Snort, in fact, it IS done with Snort)

    All of these are going to be addressed by the TLS WG going forward: most urgently, RC4, which will be replaced with djb's ChaCha20_Poly1305 ciphersuite, courtesy of agl (live on Google servers and with Chrome dev and canary builds right now). More secure than AES-128-GCM or AES-256-GCM, I think - certainly has a higher security margin against both confidentiality and integrity.

    The problem of the curves is a big problem, but what makes those curves (specifically Jerry Solinas @ NSA generated the SHA-1 hash seeds for Certicom) bad is mostly implementation choices: bad random numbers for DSA & ECDSA (hello Sony attack), which this subversion massively helps with, and non-constant-time addition ladders and lack of curve point validation, which can result in practical timing attacks and partial key disclosure leaks. djb & Lange already have a group of Safecurves which avoid all of these attacks and which are incidentally incredibly fast, and EdDSA's nonces are deterministic so no entropy needed during signatures, only keygen.

    Oh, and - in similar news, which in other circumstance, I would have submitted, and might if for some crazy reason this gets ignored by the IETF chair, but I doubt it - there have been strong calls for the head of the co-chair of the crypto advisory board at the IRTF. He (openly) works for the NSA, which is now clearly a conflict of interest, and we caught him pushing a similarly-backdoored PAKE standard, which the TLS WG resoundingly rejected.
    http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html

  • by Threni ( 635302 ) on Friday December 20, 2013 @08:24PM (#45750905)

    "amirite?"

    This wouldn't have been posted 10, or even 5, years ago. I don't want to see it. Please don't lower your standards.

  • by dgatwood ( 11270 ) on Friday December 20, 2013 @08:27PM (#45750921) Homepage Journal

    I'm assuming for the moment that this evidence is, in fact, legitimate. Given how heinous the NSA's actions have been lately, it seems completely in character, which makes that likely a safe assumption. However, just to give them the benefit of the doubt, everyone involved should receive a fair trial. With that said, everyone involved should be tried for high crimes against the United States and its allies. These are accusations of very serious crimes.

    Deliberately compromising the secure communications of hundreds of millions of computers all around the world just so a bunch of pencil-dicked asshats can play their little spy games goes so far beyond unconscionability that it borders on a crime against humanity. Such ends-justify-means thinking is fundamentally incompatible with any form of liberty or justice. Our data is fundamentally easier to crack not just by our own government, but also by organized crime syndicates, foreign governments, and even terrorist groups. In all likelihood, even military communications gear is less secure, which means our troops are at elevated risk during a time of war as a direct result of their actions. That's treason, even by the absolute strictest definition thereof. Further, such deliberate weakening of crypto endangers the lives of dissidents in countries with oppressive regimes, many of which are considered our enemies—an act that could also be considered treason.

    Their actions, if true, clearly constitute providing material support to terrorists and treason by means of providing material aid to our enemies in a time of war. Therefore, according to U.S. law, everyone involved should be immediately treated as enemy combatants, deported to an appropriate holding facility outside our borders—preferably the one affectionately known as "Gitmo"—and tried before a military tribunal.

    In addition to prosecution of individuals, there should be consequences for the groups involved. RSA should be immediately dissolved and all its assets destroyed. Further, at this point, it should be abundantly clear to anyone with even the slightest understanding of crypto that nothing short of the complete and total elimination of the NSA and a constitutional amendment clearly and plainly banning any similar organization from ever existing in the future can even begin to restore trust in cryptography and computers. That organization is fundamentally malevolent, and its very existence is inherently incompatible with the very concepts of security and privacy. No matter what successes they may have had, nothing can possibly even come close to justifying such a heinous breach of the public's trust.

  • by JoeyRox ( 2711699 ) on Friday December 20, 2013 @08:32PM (#45750957)
    They advertised and sold a product promising to secure customers' data yet they intentionally put an algorithmic backdoor inside that could be used not only by the US government but also discovered and used by hackers to compromise customers' security.
  • by cervesaebraciator ( 2352888 ) on Friday December 20, 2013 @08:35PM (#45750971)
    Let's get together and make tons of new cryptographic systems. We'll keep selling out and weakening them until the NSA hits budget limits. We get rich; the NSA won't have money to continue spying. Win; win.
  • They didn't know! (Score:5, Insightful)

    by hawguy ( 1600213 ) on Friday December 20, 2013 @08:43PM (#45751009)

    "They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption."

    Right, the NSA, known to be codebreakers, paid them $10M to include their "special" algorithm, and no one had any idea that it could be compromised. Right. Why else would they pay them to use it?

    • Re:They didn't know! (Score:5, Interesting)

      by edelbrp ( 62429 ) on Friday December 20, 2013 @09:13PM (#45751139)

      A different era. They might have actually thought the NSA were honestly helping. Back then the NSA was probably perceived as being as much about hardening encryption as breaking it.

      • If it was better, why would the NSA have to pay them to use it?

      • Probably even more so. Remember, for example, DES; the NSA modified the candidate cipher that become DES in a way that many people thought weakened it. Instead, it strengthened it, adding protections against a cryptographic attack that the civilian world would not even discover for years to come. When that technique came to light, and it was discovered how much more vulnerable the pre-NSA version of the then-most-common symmetric cipher suite was than it would otherwise have been, the NSA was hailed as the

  • by Anonymous Coward on Friday December 20, 2013 @09:26PM (#45751195)

    I've followed the Snowden releases, curious as anyone else as to the ways and means of the NSA. Until now, the only real 'news' for me was the incredible scope of the NSA's reach and their staggering, seemingly unlimited budget. But this crosses the line. This little stunt has mammoth, wide reaching and enduring ramifications. This is beyond just storing "metadata", hooking in to Google's pipes or recording German heads of state. This action by the NSA is egregiously unethical on so many levels. There is no legitimate justification for intentionally weakening security of this nature. They might as well have gone to Schlage and told them that, from now on, they may only build deadbolts out of cheap low-grade plastic with a faux metal finish.

    The actions of the NSA carry immense potential risks for millions of people. Exploitation of the RSA weakness could lead to completely unnecessary breaches of privacy, political manipulation, loss of safety or financial loss. All in the name of protecting the country. The burden of risk created by weakening RSA is ultimately placed largely on the public. What benefit do we gain from this?

    This is not how I want my country to be governed

  • by kriston ( 7886 ) on Friday December 20, 2013 @09:40PM (#45751241) Homepage Journal

    Having worked with pre-2000 versions of RSA BSAFE, the thing that the NSA paid RSA to do was to change the default selection of the random number generator with a weaker one. Nobody had to use the default version--it was just picked if you didn't specify one (or a callback to your own RNG). We had our own multi-threaded rendezvous noise generator thing since this was back before hardware entropy engines.

    Oh, and before that, the NSA had unsuccessfully tried to get RSA to tell people that 512-bit keys were safe enough. It wasn't successful mostly because the old guard was still running the company then.

  • by enigmatic ( 122657 ) on Friday December 20, 2013 @09:55PM (#45751351)

    The sum of money does seem low, but when an agency like the NSA
    comes calling, I have a feeling that it they make you a proposal you
    cannot refuse.

    (Or you can do what Lavabit did, and just shut it down)

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Friday December 20, 2013 @10:42PM (#45751583)
    Comment removed based on user account deletion
  • Former RSA employee (Score:4, Interesting)

    by cryptoengineer2 ( 3469925 ) on Saturday December 21, 2013 @12:40AM (#45752015)
    I worked at RSA from the late 90s thru the late 2000s, and was close to RSA Labs, though not in that group.

    I am appalled.

    RSA had, for a long time, an antagonistic relationship with the NSA; we wanted to push good crypto to the world, and the USG felt otherwise.

    I knew the people involved, and I don't think any of the original RSA Labs (which was what the RSA Data Security Inc people became) would have compromised their integrity in this manner. What's more, BSAFE (the SW library compromised), became more or less a dead duck after 2000, when the patent on the RSA algorithm expired; free libraries such as BouncyCastle became much more viable.

    After RSADSI was bought by Security Dynamics (which later renamed itself RSA Security), there was a gradual Borgification of RSA Labs, with it being assimilated more and more into the mother company (SecurID was always the main source of revenue, not RSA encryption).

    I haven't been able to find the date at which the bribe took place, but 10 million seems very low. If Coviello approved this, I hope he's sued by stockholders.

    ce

  • by WOOFYGOOFY ( 1334993 ) on Saturday December 21, 2013 @07:10AM (#45752837)

    Following this. This headline is not exactly true. 1) RSA was paid 10M to make the NSA algo the default in their bSecure product. We have no direct evidence that RSA (now owned by EMC) KNEW the RNG (random number generator) in the NSA compromised algo had been compromised. This is 20/20 hindsight.

    2) at the time, *some* people were suspiious generally of work done by NSA cryptographers for a variety of reason- the NSA had fought for the Clippe r Chip in the 90s ; the NSA was generally hsotile to strong encryption for civiliians etc. However, those opinions were countered by the majority of people who plausibly considered that the NSA had a real interest in seeing real encryption be used by US corporations etc. We now know who was right, the skeptics, but we didn't know that at the time that deal went down.

    This is what's called "plausible deniability" or "cover" in intelligence circles and everywhere else now but that's the point- it IS plausible, entirely, that RSA was taking money (and not a lot to RSA) to make it the default because they believed the NSA.

    Overall, at the time, the people who believed the NSA participated in encryption with the public out of a concern to see it done right were the majority.

    Just keeping the story as straight as possible because what we're interested in is the truth as far as we can discern it, right?

If all else fails, lower your standards.

Working...