Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

Non-denying denial? RSA aims to distance itself from NSA scandal

Published time: December 24, 2013 18:42
AFP Photo / David Paul Morris

AFP Photo / David Paul Morris

Security firm RSA denies accusations that it entered into a secret contract with the National Security Agency to promote the use of weak security algorithms. The denial comes after a media report detailed information of the alleged hush-hush deal.

Last week, Reuters reported that RSA accepted $10 million from the National Security Agency in exchange for making a specific algorithm - Dual EC DRGB - the default option in its BSAFE security toolkit, which is used to enhance security in many computer products.

The deal was allegedly part of the NSA’s attempts to embed weak encryption software - also created by the agency - in security systems so that it could easily gain access to them later.

In a press release issued on Sunday, RSA denied allegations that it was hiding its involvement with the NSA.

“Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries,” the statement read. “We categorically deny this allegation."

“We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security," the statement continued.

"RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the firm stated.

Notably, the company did not deny allegations that it accepted money from the NSA to make its preferred algorithm the default option in BSAFE. It only explicitly pushed back against the claim that its partnership with the NSA was made secret.

The press release also stated that RSA’s intention was never to weaken its products; the original report suggested the company may have been deceived by the NSA. It added that multiple outlets have taken issue with the company’s actions following the 2004 debut of Dual EC DRGB.

Researchers at Microsoft revealed glaring weaknesses in the code in 2007, yet RSA continued to list the software as its default option for another five years – until reports based on revelations by Edward Snowden shed light on the NSA’s campaign to embed weak encryption software into security systems.

As The Verge noted, RSA’s insistence that it relied on guidance from the National Institute of Standards when it came to recommending Dual EC DRGB suggests the company recognized the software was weak, yet declined to address the issues in question. The press release notes that the algorithm was “only one of multiple choices available,” but RSA continued to list the algorithm as the default choice despite its vulnerabilities.

The situation is a marked turnaround from RSA’s previous position concerning NSA involvement in personal computing software. As RT reported last week, RSA was able to successfully fend off attempts by the Clinton administration to embed chips in computers that would enable the government to easily bypass encryption.

Following the 2001 attacks on the World Trade Center, however, RSA established closer ties to the government, which ultimately allowed the NSA to influence the weakening of third-party security systems.

Comments (3)

 

Jie Ling 25.12.2013 06:20

RSA is worse the corrupt, never trust a American security product or anything from the West the NSA has paid off or hacked it, bye bye privacy for all, everyone last person on the planet.

 

Tom Greg 25.12.2013 04:55

[quote name='Bob Watson' time='25.12.2013 02:39']RT isn't worth coming to anymore. You don't post qualified posts BUT you do post assinine "but last month her payment was <$12348&g t; just working on the laptop" kind of posts. And I thought this was the Real Alternative for news. VERY DISAPPOINTED![/quote ]

Then don't

 

Ed Camilo 25.12.2013 00:41

All those bandits work together!The NSA and all other american secret agencies must be dismantled if the US wants to regain any credibility and respect.

Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us