RSA says no deal with NSA

Security company, RSA, has denied allegations that it entered into a "secret contract" with the National Security Agency (NSA) and created 'back door' in its products for translating encrypted messages or communications.

RSA, a computer and network security company that was founded in 1982 and is located in Bedford, Massachusetts, was acquired by EMC Corporation in 2006 and since then it operates as a division of EMC.

The company has been under the scanner following rumors that claim the company entered into a $10 million contract with NSA to use a weaker mathematical formula in a number of its security products. The weaker formula is reported to have enabled RSA to create a 'back door' for NSA to crack encrypted messages or communications.

RSA previously declined to comment on the allegations but on Sunday, December 22, it officially dismissed the on-going rumors.

"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," RSA said. "We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security."

In 2006, RSA's new CEO, Art Coviello, is said to have agreed with NSA that the company will adopt its Dual Elliptic Curve algorithm (also known as Dual EC DRBG) as a default option in its products, which is supposed to generate random numbers. However, RSA denies the claims and said that it took a decision to use Dual EC DRBG as the default in its BSAFE toolkits in 2004. Moreover, "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption," RSA said.

"We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance.

"When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.

"When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media," the company explained.

The NSA debate started after Edward Snowden, a former contractor with the agency, leaked classified data to the media. The leaked documents brought to light the agency's secretive phone tapping and data collection program under the name of national security.

The leaked government documents also highlight "project Bullrun," which deals with NSA's abilities to decrypt specific network communication technologies. The documents also revealed that NSA worked with some encryption products vendors to add 'back door' access to their software as well as hardware products "to make them exploitable."

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics