/// The One Big Question About RSA and Its Relationship With the NSA

December 24, 2013  |  All Things Digital


Last week, the Internet security world was jolted by a Reuters report detailing a secret $10 million payment to the security company RSA from the National Security Agency. The source of the information, Reuters said, came from new documents from former NSA contractor Edward Snowden. The point of the payment, according to the report, was to help the NSA boost the adoption of a formula it had created for generating random numbers, which was then inserted as the default option on RSA security products. The result would essentially amount to the creation of a “back door,” giving the NSA the ability to decrypt Internet traffic that had been encrypted using a product known as BSafe. On Sunday, RSA, a division of storage and IT giant EMC best known for its widely used security tokens, denied the report in a corporate blog post. It said that it has worked with the NSA for years and has never kept the relationship a secret, doing so with the intent of strengthening security products used in both the government and private sectors. But its explanation is incomplete — RSA’s statement has been attacked by many — and leaves many questions. Among them is one big one that hangs above all the others: What did RSA know about the algorithm that was ultimately found to contain the “back door,” and, perhaps more importantly, if it did have some idea, why did it say nothing about it for six years? The problematic formula is known as Dual EC DRBG, which stands for Dual Elliptic Curve Deterministic Random Bit Generator . Generating a random number is a crucial function in encrypting communications on the Internet. RSA included the software libraries for using it in BSafe products beginning in 2004. At the time, the method was on its way to being approved by the U.S.

Read more:
The One Big Question About RSA and Its Relationship With the NSA


Do Good Better 2014 vertical banner

Leave a Reply