RSA denies taking $10m from NSA to default backdoored algorithm

RSA denies taking $10m from NSA to default backdoored algorithm

Summary: RSA Security has refuted reports that it signed a $10 million contract with the NSA to use the questioned Dual Elliptic Curve algorithm as the default pseudorandom number generator in its products.

TOPICS: Security, EMC, Government

EMC-owned RSA Security has denied reports that the company had entered into secret contracts with the NSA worth $10 million to use the flaws Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) as the default pseudorandom number generator for the company's encryptions products.

Over the weekend, sources told Reuters that as part of the US National Security Agency's (NSA) efforts to promote Dual_EC_DRBG, the use of the algorithm by RSA allowed the agency to point to its usage within government to help push for its inclusion in the National Institute of Standards and Technology's Recommendation for Random Number Generation Using Deterministic Random Bit Generators (PDF).

"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," RSA responded today in a blog post.

RSA said it made the decision to use Dual_EC_DRBG as the default in 2004, and that the algorithm was only one of a number of algorithms available to its users.

"RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the company said.

Dual_EC_DRBG has been under fire as a questionable cryptographic algorithm for much of its existence. In November 2007, security expert Bruce Schneier detailed the flaws in the algorithm's use of secret constants.

"If you know the secret numbers, you can predict the output of the random number generator after collecting just 32 bytes of its output," Schneier wrote.

"To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

In September, the National Institute of Standards and Technology (NIST) recommended against the use (PDF) of Dual_EC_DRBG. Following that recommendation, RSA did the same. Memos from the documents released by Edward Snowden, and seen by The New York Times, said that Dual_EC_DRBG contained a backdoor for the NSA.

RSA was acquired by EMC for $2.1 billion in 2006.

Topics: Security, EMC, Government


Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Me thinks RSA doth protest too much.

    Based on all the articles about RSA specifically choosing a flawed, not so random number generator that was being pushed by the NSA to be the "default" for ALL encryption systems that used a random number generator, combined with RSA apparently getting 10 million dollars from the NSA immediately after following the NSA'a advice, it certainly appears that RSA was paid to deliberately create a flawed encryption system.

    So, the question RSA needs to answer is, what SPECIFIC service did they provide to the NSA in exchange for the 10M windfall?? Apparently, so far, no one that has examined what is available of RSA's books can find anything.
  • If you take the money

    I bet they deny it. Such a revelation could destroy their business. They should have thought about that before they took the money.
  • Use of API

    At one point to use RSA you had to use their API only as "directed.." In theory that would allow the same code to generate a weaker or more crackable results while other entities could use the same code (but using the API's in a diff manner) generate stronger code.

    Thus they could claim "no $$ for backdoors" and "no $$ to weak the code".. they didn't; they could have just mandated a weaker method via the API.

    It is also possible that using the API "as directed" strengthened against some attacks and added weaknesses for others..
    Harry Hawk
  • National Security -- NOT!

    The NSA really went too far with this one, because the damage isn't limited to the NSA. Not only is it easier for the NSA to Spy on Americans, but it's easier for EVERYONE, from Nation States to your friendly neighborhood hacker.
  • Defunding the Federal Government... looking better and better.
  • liar liad pants on fire

    Hey america wake up they took your 10 million so our govt can spy on us . There is nothing else to discuss these stupid pages like this drowned you in articles instead of you doing something about basically treason
  • They needed money and they sold out. Simple.

    Fortunately there were others with better morals who saw through the scam and warned the industry it was being scammed. It could have been a lot worse and to those customers who didn't pay attention, they got about as much "protection" as armor made out of cardboard.

    Shrinkwrap EULAs being what they are, nobody can really sue RSA for being backdoored but it may lead to a lot of others finally getting the message: trust nothing and verify everything when it comes to security.
    terry flores