Send to Kindle

The accumulation of hundreds of leaked documents and formerly secret operational methods used by the NSA in the last six months has led to a bit of a numbing effect, with some new leaks being met with a shrug of indifference. But the latest and most explosive entry in that ledger–the report that the spy agency paid RSA Security $10 million in 2004 to implement a compromised random-number generator as the default in one of its key products–has shaken the security community and sent shockwaves through the industry that may be felt for years to come.

The allegation surfaced Friday in a story by Reuters that asserted that the NSA had a secret contract with RSA through which the security company agreed to make Dual EC-DRBG the default random number generator in its BSAFE crypto library. BSAFE is a key component used by developers in a number of products. In September, the news broke that Dual EC-DRBG had been compromised during the development process at NIST and deliberately weakened by the NSA so that the agency would have the ability to break products that incorporate it. In the wake of that revelation, RSA officials advised their customers to stop using Dual EC-DRBG and choose another RNG, and NIST also issued guidance that advised against using Dual EC-DRBG.

The implications of RSA, one of the foundational technology providers in the security industry, knowingly agreeing to make a compromised random number generator the default choice for its customers are troubling not just for the company itself but for its customers and the security of the Internet, as well. If true, it would mean that the company had set up its customers’ products to fail and given the NSA the ability to compromise them at any time, without users’ knowledge.

While NSA has remained mum on the allegation, RSA officials on Sunday issued a carefully worded response, saying that the company had “never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.”

The company was independent at the time of the introduction of Dual EC-DRBG into BSAFE in 2004, but was later acquired by EMC for $2.1 billion. RSA officials said in the statement that the decision to use Dual EC-DRBG was done for valid technology reasons and that there were several other RNGs available to users in BSAFE, as well.

“Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries.  We categorically deny this allegation,” the RSA statement says.

“We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”

The RSA-NSA allegations have been a prime topic of conversation in the security community since the story broke, and some experts say that the issue, combined with other recent surveillance revelations, could deal a major hit to the level of trust that users have in the Internet.

“We no longer know who to trust. This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix,” cryptographer Bruce Schneier wrote in a post on the allegations.

Image from Flickr photos of Michael Himbeault.  

Send to Kindle
Categories: Cryptography, Government, Web Security

Comment (1)

  1. Shawn
    1

    Bruce says we don’t know whom to trust, but surely we know whom we should NOT trust. The problem with the NSA is that it uses court order gags and threats of fines and imprisonment to keep its secrets. So even the people we might have trusted we now can’t.

    It’s odd that RSA, the company that should definitely KNOW whether BSAFE was backdoored, advised everyone to stop using it and then made another statement implying that it wasn’t!

    RSA’s last statement looks like puppetry. The NSA has realized that saying anything is pointless because they have a deserved reputation, so they’ll just have everyone they control tell all their lies.

Comments are closed.