Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
NSA Paid RSA $10 Million to Use Flawed Security Standard
http://www.tomsguide.com/us/nsa-rsa-secret-deal,news-18020.html
NSA Paid RSA $10 Million to Use Flawed Security Standard
By Paul Wagenseil
December 21, 2013 7:54 AM
RSA Security was paid $10 million by the National Security Agency (NSA) to fold a deliberately flawed encryption standard into its software, a Reuters report says.
The company, whose SecurID tokens and software are used by millions of smartphone users and corporate employees worldwide, made a pseudo-random number generator called Dual_EC_DRBG the default selection in its BSAFE encryption software toolkit in 2006.
Two sources told Reuters reporter Joseph Menn that setting Dual_EC_DRBG as the default was key to a $10 million contract the company had signed with the NSA that year. The BSAFE division had taken in only $27.5 million in revenue in 2005.
"Now we know that RSA was bribed," security expert Bruce Schneier told CNET following the publication of the Reuters story. "I sure as hell wouldn't trust them."