RSA denies taking $10m from NSA to default backdoored algorithm

RSA Security has refuted reports that it signed a $10 million contract with the NSA to use the questioned Dual Elliptic Curve algorithm as the default pseudorandom number generator in its products.
Written by Chris Duckett, Contributor

EMC-owned RSA Security has denied reports that the company had entered into secret contracts with the NSA worth $10 million to use the flaws Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) as the default pseudorandom number generator for the company's encryptions products.

Over the weekend, sources told Reuters that as part of the US National Security Agency's (NSA) efforts to promote Dual_EC_DRBG, the use of the algorithm by RSA allowed the agency to point to its usage within government to help push for its inclusion in the National Institute of Standards and Technology's Recommendation for Random Number Generation Using Deterministic Random Bit Generators (PDF).

"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," RSA responded today in a blog post.

RSA said it made the decision to use Dual_EC_DRBG as the default in 2004, and that the algorithm was only one of a number of algorithms available to its users.

"RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the company said.

Dual_EC_DRBG has been under fire as a questionable cryptographic algorithm for much of its existence. In November 2007, security expert Bruce Schneier detailed the flaws in the algorithm's use of secret constants.

"If you know the secret numbers, you can predict the output of the random number generator after collecting just 32 bytes of its output," Schneier wrote.

"To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

In September, the National Institute of Standards and Technology (NIST) recommended against the use (PDF) of Dual_EC_DRBG. Following that recommendation, RSA did the same. Memos from the documents released by Edward Snowden, and seen by The New York Times, said that Dual_EC_DRBG contained a backdoor for the NSA.

RSA was acquired by EMC for $2.1 billion in 2006.

Editorial standards