The security people at RSA aren’t a very happy bunch at the moment – just days after being accused of taking a $10 million ‘bribe’ from the NSA in order to facilitate it’s spying, the company has hit back with a strongly-worded denial of the allegations.
Claims that RSA had taken a bribe emerged last Friday in a report from Reuters – specifically, the report alleged that the NSA had given it $10 million to make a flawed cipher – known as a Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) – the default in one of its security products, which is used by companies all over the world.
RSA, which is owned by EMC, said that it began using Dual EC DRBG as its default cipher back in 2004, long before the generator became standardized. However, a backdoor was discovered in the algorithm in 2007, which weakened the strength of any encryption that relied on it, something that makes spying a whole lot easier for someone like the NSA. Finally, in 2013, RSA warned its customers not to use the algorithm at all.
Previously, the NSA, which pushed for the use of Dual EC DRBG, has been accused accused of inserting secret backdoors into numerous encryption algorithms via its “BULLRUN” program.
Now, RSA has issued a response to these allegations, and not surprisingly it’s gone on the offensive, stating that it categorically denies any allegation that it knew the Dual EC DRBG was flawed, offering several reasons why it chose to use it:
We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.
RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.
More cynical readers will note that RSA doesn’t offer any comment on whether it accepted any money from the NSA, but it would a shock if the allegations turn out to be true. After all, RSA does have a history of confrontation with the NSA – the company was one of several that opposed a 1990s plan to include chips in PCs that would allow the US government to spy on agencies, and more recently it’s own algorithms have been hacked by spooks, as have those of affiliated VeriSign.
But in spite of RSA’s denial, Reuters reporter Joseph Menn continues to insist that the allegations are true.
We stand by our RSA story.
— Joseph Menn (@josephmenn) December 23, 2013