NSA Paid RSA $10 Million to Use Flawed Security Standard
http://www.tomsguide.com/us/nsa-rsa-secret-deal,news-18020.html
NSA Paid RSA $10 Million to Use Flawed Security Standard
By Paul Wagenseil
December 21, 2013 7:54 AM
RSA Security was paid $10 million by the National Security Agency (NSA) to fold a deliberately flawed encryption standard into its software, a Reuters report says.
The company, whose SecurID tokens and software are used by millions of smartphone users and corporate employees worldwide, made a pseudo-random number generator called Dual_EC_DRBG the default selection in its BSAFE encryption software toolkit in 2006.
Two sources told Reuters reporter Joseph Menn that setting Dual_EC_DRBG as the default was key to a $10 million contract the company had signed with the NSA that year. The BSAFE division had taken in only $27.5 million in revenue in 2005.
"Now we know that RSA was bribed," security expert Bruce Schneier told CNET following the publication of the Reuters story. "I sure as hell wouldn't trust them."