Today In a blog post, RSA has categorically denied accusation about any secret partnership with the National Security Agency to insert backdoor. "Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation." "We have never entered into any contract or engaged in any project with the intention of weakening RSA’s products" the company said. The company gave the following reasons for choosing and promoting the flawed Dual EC DRBG: "We made the decision to use Dual EC DRBG as the default in the BSAFE tool-kit in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption." However, a backdoor was discovered in the algorithm in 2007 detailed by security expert Bruce Schneier, which weakened the strength of any encryption that relied on it. "The Dual EC DRBG was one of several different random number generators available and the customers was free to choose whichever one best suited their needs" RSA said. Finally, in 2013 on National Institute of Standards and Technology (NIST) recommendations, RSA warned its customers not to use the algorithm at all. Although the RSA's argument appears solid, but an important point to be noted that, the RSA does not offer any comment on whether it accepted any money from the NSA for not for promoting their encryption, neither they have mentioned that, why RSA continued to use the flawed algorithm till 2013 as a default algorithm in BSAFE, rather than removing it completely.
Today In a blog post,
RSA has categorically denied accusation about any secret partnership
with the National Security Agency to insert backdoor.
"Recent press coverage has asserted that RSA entered into a “secret
contract” with the NSA to incorporate a known flawed random number
generator into its BSAFE encryption libraries. We categorically deny
this allegation."
"We have never entered into any contract or engaged in any project
with the intention of weakening RSA’s products" the company said.
The company gave the following reasons for choosing and promoting the
flawed Dual EC DRBG:
"We made the decision to use Dual EC DRBG as the default in the
BSAFE tool-kit in 2004, in the context of an industry-wide effort to
develop newer, stronger methods of encryption. At that time, the NSA had
a trusted role in the community-wide effort to strengthen, not weaken,
encryption."
However, a backdoor was discovered in the algorithm in 2007 detailed by
security expert Bruce Schneier, which weakened the strength of any
encryption that relied on it.
"The Dual EC DRBG was one of several different random number generators
available and the customers was free to choose whichever one best suited
their needs" RSA said.
Finally, in 2013 on National Institute of Standards and Technology
(NIST) recommendations, RSA warned its customers not to use the
algorithm at all.
Although the RSA's argument appears solid, but an important point to be
noted that, the RSA does not offer any comment on whether it accepted
any money from the NSA for not for promoting their encryption, neither
they have mentioned that, why RSA continued to use the flawed algorithm
till 2013 as a default algorithm in BSAFE, rather than removing it
completely.
Read more: http://thehackernews.com/2013/12/rsa-denied-accusation-of-inserting.html
Read more: http://thehackernews.com/2013/12/rsa-denied-accusation-of-inserting.html
LEM Microsite (2)
RSA denied accusations of inserting secret backdoor for the NSA
Mohit Kumar, The Hacker News - Monday, December 23, 2013
68 109 7 Reddit4 StumbleUpon3
RSA has denied accusation of inserting secret backdoors for the NSA
According to media reports in September, documents released by
whistleblower Edward Snowden have confirmed the existence of backdoor in
some technologies RSA.
Last Friday, The Reuters News Agency accused the Security firm RSA for
taking a $10 million ‘bribe’ from the National Security Agency (NSA) in
order promote a flawed encryption by including it in its BSAFE product
to facilitate NSA spying.
Read more: http://thehackernews.com/2013/12/rsa-denied-accusation-of-inserting.html
Read more: http://thehackernews.com/2013/12/rsa-denied-accusation-of-inserting.html
No comments:
Post a Comment