RSA Encryption Intentionally Flawed, Courtesy of the NSA


Sun, Dec 22nd, 2013 21:00 by capnasty NEWS

According to Josep Menn of Reuters, the National Security Agency (NSA) would've reportedly paid $10 million to the security firm RSA in order to implement an intentionally flawed encryption scheme:

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products.

The RSA was quick to deny the allegations:

RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone?s use.

Of course, not everyone one is buying it.

Elsewhere, security researcher, software developer and gaming hobbyist Ethan Heilman explains how this is not the first time that the NSA has purposely had backdoors installed. It would appear that for the United States, spying on allies is but the norm.

1946-1970, The Ultra Secret: After WW2, the British Empire sold captured German Enigma cipher machines to many allied countries and former colonies1. The US and the UK had broken Enigma but had kept this fact secret so that countries would use these broken ciphers. To clarify: the British sold machines they knew they could break to allied nations, then the US and the UK spied on those countries for nearly 30 years exploiting the weaknesses in those machines.



You may also be interested in:

"It was a classic case of the revolution not being televised." #OccupyGezi
American copyright lobby attacks Canadian politicians for supporting balanced copyright
America’s Corporate Shell Game
Obama's Secrecy Tent
"Politics": a Dirty Word for Canadians