Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RSA Flatly Denies That It Weakened Crypto For NSA Money

timothy posted about 9 months ago | from the problem-with-denials dept.

Businesses 291

The Register reports that RSA isn't taking quietly the accusation reported by Reuters, based on documents released by Edward Snowden, that the company intentionally used weaker crypto at the request of the NSA, and accepted $10 million in exchange for doing so. RSA's defends the use of the Dual Elliptic Curve Deterministic Random Bit Generator, stating categorically "that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

cancel ×

291 comments

Sorry! There are no comments related to the filter you selected.

Yeah, right (5, Funny)

Anonymous Coward | about 9 months ago | (#45764915)

Tell it to 60 Minutes.

It's a very sad day (5, Insightful)

Taco Cowboy (5327) | about 9 months ago | (#45765143)

It's a very sad day when we have media which prostituting themselves to the BIG BROTHER and companies betraying the trust of their customers for some breadcrumbs.

If all that happened in a banana republic we may say "Oh, but they are banana republics".

But no. All these are happening in the United States in America !

What hath my beloved country turned into ?

Re:It's a very sad day (4, Interesting)

Anonymous Coward | about 9 months ago | (#45765209)

you should read the article in el reg
what they say is that they participated in the use of the Dual Elliptic Curve Deterministic Random Bit Generator as an industry standard alongside other random number generators that they also delivered with their software. They notified their customers when the potential of a backdoor presented itself and they pretty much behaved like a company working to give their customers usable tools, not sell them down the river
It also begs two additional questions
1. How much can you trust any use of mathematical tools that you do not understand
Up to this point we have all laid a great amount of trust in key generation, which at most we know how to install and build a pass phrase for

2. How much can you trust Snowden
Up to this point he was just making claims against an agency that largely cannot (or will not) comment about their practices. Now he is making claims against a public company that could pursue him civilly for libel

I don't trust anyone (5, Insightful)

Taco Cowboy (5327) | about 9 months ago | (#45765247)

I do not trust Snowden just because he is Snowden. I do not know that guy in person. I only heard of his name after what he has disclosed what NSA had done - PRISM / GCHQ / tapping on foreign leaders, and so on.

Every single "story" about a leak that has been linked to Snowden file is just that, a "story".

After reading them, I re-traced the link back to the matter itself. If there are articles related to the matter, I give them a good read up.

The case regarding RSA for example - there have been case studies since 2006 (and earlier) that can be used as reference to what has just been reported.

That is why I say it is a very sad day when my country has turned into something worse than a banana republic.

Re:I don't trust anyone (4, Insightful)

Alioth (221270) | about 9 months ago | (#45765353)

If they didn't do it for the NSA, why did they make a slow and vulnerable RNG the default? Of course we can apply the principle "Never attribute to malice that which can adequately be explained by incompetence". In which case it's immaterial anyway to our company's purchasing decisions on security products: we either avoid RSA because they are in cahoots with the NSA, or the alternative - because they are flat out incompetent (which is entirely believable, given their earlier security breaches).

Re:It's a very sad day (0, Troll)

Anonymous Coward | about 9 months ago | (#45765407)

3. How can an "additional" question be "begged"?

Re:It's a very sad day (5, Informative)

makomk (752139) | about 9 months ago | (#45765435)

Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. That happened a year or two after it was introduced back in 2006 or 2007, yet they didn't notify their customers or change it from being the default until 2013, leaving those customers using crypto that RSA basically knew was backdoored for years. (It should've been even more obvious to RSA that there was a backdoor than it was to the rest of the crypto community, since the people with the ability to backdoor it had bribed them to use it as the default in their crypto product.)

Re:It's a very sad day (5, Insightful)

FlyHelicopters (1540845) | about 9 months ago | (#45765437)

2. How much can you trust Snowden Up to this point he was just making claims against an agency that largely cannot (or will not) comment about their practices. Now he is making claims against a public company that could pursue him civilly for libel

Eh? Really? Repeat that back to yourself and see if it makes any more sense the second time around...

Snowden is wanted for serious crimes against the government of the United States of America, the penalties for which involve spending the rest of his life in a 8x10 foot concrete cell by himself.

I think he is way, way past civil liabilities against a company or any suing it might do against him in a court of law.

Re:It's a very sad day (1)

Anonymous Coward | about 9 months ago | (#45765375)

What hath my beloved country turned into ?

Haven't humans grown up from patriotism yet?

Re:Yeah, right (5, Funny)

game kid (805301) | about 9 months ago | (#45765193)

I can imagine Samuel L. Jackson popping out of nowhere to tell RSA, "Yes you did! YES YOU DID." Actually I kinda wish that happened.

methinks (0)

Anonymous Coward | about 9 months ago | (#45764919)

the lady doth protest too much

Actually ... (5, Interesting)

Taco Cowboy (5327) | about 9 months ago | (#45765181)

the lady doth protest too much

Actually, I think that lady is trying very hard to circumvent the truth.

Witness:

... that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use

What the Snowden paper has revealed was not about "any contract" nor "any project", rather, it's about a one-time payment of $10 million (under table or not, unfortunately the Snowden's paper didn't state clearly) - and the result is a crippled RSA product for the rest of us.

If the $10 million payment was an under table transaction, then there would be *NO* contract signed nor any *official project".

What it entailed would be a change of a couple of lines of code, that is all to it.

Re:Actually ... (5, Insightful)

sjames (1099) | about 9 months ago | (#45765227)

And, of course, the weasel words. Their intention was not to weaken the crypto, that was a side effect. The intention was to pocket $10mil and perhaps a favor to be named later.

Maybe Snowden Stole a Honeypot (0)

Sanians (2738917) | about 9 months ago | (#45765355)

Well, we could pick at their wording [rsa.com] , but assuming we take their use of the word "categorically [reference.com] " to mean what the word means, it's rather hard to suggest that they intended to say anything other than what their statement says on the surface: it didn't happen.

Obviously they could be lying, but so could Reuters, or maybe Snowden forged the documents, or maybe Reuters simply misunderstood them, or maybe it's just some sort of bullshit NSA internal documentation intended to mislead any spies who happen to steal the information. (...and it did get stolen, which almost seems to kick that last idea into the realm of possibility.)

Hell, now that I think about it, that might also explain Google et. al.'s denial of their involvement with the NSA as well. I mean, if you can't actually spy on everything your enemies do on the internet, you might just settle for convincing them that you can, so that they're afraid to use the internet and are therefore at a disadvantage by not utilizing a valuable tool. It might also cause them to choose methods of communication that you can easily monitor.

Maybe Edward Snowden stole a honeypot. Wouldn't that just be hilarious? Has he revealed anything that's independently verifiable?

Re:Maybe Snowden Stole a Honeypot (0)

Anonymous Coward | about 9 months ago | (#45765389)

Maybe Edward Snowden stole a honeypot. Wouldn't that just be hilarious? Has he revealed anything that's independently verifiable?

That's precisely the trouble with all of Snowden's crap.

What's happened to America? Sweet fuck all. It's brought out the, "Is it okay for the American government to do whatever the fuck it wants with its power?" argument, and answers from the people are pointing to, "Derrr, yah okay."

The result has not been a crippling of the NSA (or the UKUSA security apparatus), but an overt permission from the people.

I would assume that any file of intelligence documents made available to an employee/contractor would be riddled with falsehoods anyway, so that - in the event of a wholesale lifting and publication - there would be damage limitation. in fact, it is so irresponsible to give one person access to so much secret information that either the NSA is completely incompetent or it would have a reason to permit one contractor access to so many documents.

Re:Maybe Snowden Stole a Honeypot (0)

Anonymous Coward | about 9 months ago | (#45765491)

in fact, it is so irresponsible to give one person access to so much secret information that either the NSA is completely incompetent or it would have a reason to permit one contractor access to so many documents.

Exactly the same story that we saw with Bradley Manning. Why does an anonymous low-level private need uncontrolled access to gigabytes of diplomatic cables and other SCI? It's as if the "need to know" principle is no longer considered important. That is a much bigger problem than anything else that has happened.

Re:Maybe Snowden Stole a Honeypot (0)

Anonymous Coward | about 9 months ago | (#45765479)

Nah, they wouldn't be shitting themselves if they could just say "Oh that crazy Snowden, he fell for our fake document cache." Not that they could really fool sysadmins and have sysadmins doing meaningful work for them.

Captcha: orgies

Re:Actually ... (1)

Luckyo (1726890) | about 9 months ago | (#45765395)

I'll give you even better one. They were working on IMPROVING national SECURITY!

Re:Actually ... (1)

Darinbob (1142669) | about 9 months ago | (#45765377)

And would Snowden know this? It's not the sort of thing the NSA would be stupid enough that some low level IT flunky would find. It's one thing to report that your job was involved with siphoning up meta data but for this sort of thing it's pure speculation.

Trust none of them (5, Insightful)

CuteSteveJobs (1343851) | about 9 months ago | (#45764925)

RSA denying it? "Well, he would, wouldn't he?" - Mandy Rice-Davies

If this story turns out to be true, then RSA's name is mud. Only a complete and utter moron would buy from them after this.

Same goes for the other companies who have been selling us out. Even Google and Microsoft who are now leaking stories about them boldly protecting their backbones from the NSA have been handing over our data, and in the case of Microsoft took cold hard cash to add backdoors to Skype and God knows what else. If you trust *any* of these companies you are a complete and utter moron.

Re: Trust none of them (1)

Anonymous Coward | about 9 months ago | (#45764937)

Their name is already mud. Either they intentionally weakened their crypto for the NSA, or they are incompetent. Either way they can't be trusted with your secrets.

Re: Trust none of them (2)

sumdumass (711423) | about 9 months ago | (#45764979)

Or the entire story about them doing so is subterfuge designed to possibly make foreign nations think changing encryption companies protects them when it doesn't or it was planted by a competitor standing to benefit from the same concept.

There are possibilities that this is all a game of sorts. Spying is more or less a game anyways. Sometimes you plant information in order to make something believable. Sometimes you plant information to find leaks. Sometimes you plant information in order to confuse people.

RSA's name is now mud (5, Interesting)

CuteSteveJobs (1343851) | about 9 months ago | (#45765037)

The Guardian ran the story. If it wasn't true RSA could sue their arses off in court for the value of their now worthless business. Guardian wouldn't dare run it unless they could prove it is true. http://www.theguardian.com/world/2013/dec/20/nsa-internet-security-rsa-secret-10m-encryption [theguardian.com]

Re:RSA's name is now mud (3, Interesting)

sumdumass (711423) | about 9 months ago | (#45765059)

Unless they could prove what? That a few documents that no one else can access the originals for said something that cannot be validated unless someone specifically admitted to it?

  The Guardian isn't saying RSA did something, they are saying documents released by Snowden say RSA did something. The Guardian can also think they were snowden documents and they still be NSA planted documents or it could all be a conspiracy but all we know for sure is that there is a news report about something that purports to be documents taken without permission by someone who is wanted for crimes in the US and hiding out in Russia after leaving China is claiming that a company worked with a spy agency and sold back doors to 10 million.

If it turns out to be wrong or incorrect, the Guardian issues a retraction.

Re:RSA's name is now mud (5, Insightful)

CuteSteveJobs (1343851) | about 9 months ago | (#45765177)

What you are saying is incorrect. In the UK if I tell you a lie about someone, and you repeat it publicly, you can be sued for libel. The fault is yours for not verifying the damaging information before you published it. Merely printing a retraction isn't enough, because once the accusation is made it sticks in the public mind. Otherwise I can call you a pedo, and retract it later. It doesn't work that way. Sometimes a retraction might satisfy the defamed party, but if the damage is significant they can decide to sue you anyway. In this case no one would ever trust RSA again, so the damage is severe. If the story was fake, RSA could sue the Guardians arse off.

As for your theory that competitors leaked this to damage RSA, you have not offered a shred of evidence, and your premise that the Guardian can print untrue stories without being sued for libel is false.

Re:RSA's name is now mud (4, Interesting)

Pav (4298) | about 9 months ago | (#45765179)

Errr... no...

The UK has tough defamation laws... so much so that many choose to litigate in the UK for stuff published worldwide. Existing in that legal climate would make The Guardian very careful - I'd imagine their legal team are used to vetting stories such as this one.

As an aside - perhaps the tough libel laws are a plus for the UK media. It at least forces Murdoch to spy [wikipedia.org] to get his dirt in the UK rather than simply lie [wikipedia.org] as he would in the USA.

Re:RSA's name is now mud (4, Informative)

CuteSteveJobs (1343851) | about 9 months ago | (#45765215)

Yes! America went so far as making a special law to protect their citizens exercising their free speech rights from being sued by British libel laws http://www.theguardian.com/media/greenslade/2010/aug/11/medialaw-barack-obama [theguardian.com]

Re:RSA's name is now mud (2)

Pav (4298) | about 9 months ago | (#45765289)

I think the crowd that want to completely rid the UK of libel laws are very mistaken... yes, they make investigative journalism much more tedious and expensive, but they also protect journalists from being gradually replaced by glorified PR people which has largely happened in many other places around the world. I'm not saying there aren't plenty of hacks in the UK, but they at least need to keep some fingertips brushing reality occasionally. At least the UK electorate can be informed should they choose to be (which perhaps is rarely for some).

Re:RSA's name is now mud (1)

makomk (752139) | about 9 months ago | (#45765449)

Why? Running glorified PR pieces is the safest thing you can do under British libel law. Also, it certainly didn't stop our journalists going off the rails and smearing random members of the public on the front page, since random members of the public don't have the money for a libel suit - it just blocked criticism of large businesses and the wealthy.

Re:RSA's name is now mud (1)

oobayly (1056050) | about 9 months ago | (#45765323)

I don't see the point, it's not like we're ever allowed to extradite Americans to the UK.

Yes, I'm being facetious, and you can argue that the (according to the US embassy in London) the US haven't refused a single extradition request to the UK's 10 refusals [usembassy.gov] , and they do seem to say that the treaty is fair, but a UK MP says that there is a 7:1 disparity in US:UK extraditions [telegraph.co.uk] . Which to me suggest that either UK citizens are far more likely to break US laws than their own, or that the required proof required for extradition requests is different between the two countries.

The other difference is: [politics.co.uk]

Home office statistics reveal that since the start of 2004, not one single US citizen has been extradited to the UK for crimes alleged to have been committed on US soil. The traffic is very much one way, however.

Don't take this as a criticism of Americans, it just shows how our politicians will sell us off for a few favours.

Re: RSA's name is now mud (0)

Anonymous Coward | about 9 months ago | (#45765347)

Are you really that naÃve that you defend NSA after all they have done?

Snowden is authentic. Get it to your head.

NSA has a history of weakening cryptographical products (Crypto AG for instance). Don't you think they'd subvert RSA too?

And here you are. In denial. Why?

Re:RSA's name is now mud (1)

bugs2squash (1132591) | about 9 months ago | (#45765195)

With the Grauniad's track record, RSA could well be a misspelling of the RAF, the NSA or you may even have nailed it and they are in fact talking about MUD.

Re:RSA's name is now mud (0)

Anonymous Coward | about 9 months ago | (#45765345)

>The Guardian ran the story.

The Guardian lied about GCQH destroying their computers. Why wouldn't they lie about this?

The Guardian destroyed the computers to protect their sources, in the presence of GCHQ staff. But the story they propagated was twisted to make their journalistic target look bad.

Unless they (the press) are facilitating access to the original documents rather than 'interpreting' them, do not believe them. In my experience they lie as hard and fast as governments do.

Re:Trust none of them (5, Interesting)

khasim (1285) | about 9 months ago | (#45764957)

An even easier test of trust:

The post, carefully worded to avoid discussing whether or not the company took $10m from the NSA, concluded with the following statement:

Did RSA take $10 million from the NSA and if so for what service?

So far it looks like they aren't arguing that they did NOT take the money.

Links (4, Informative)

CuteSteveJobs (1343851) | about 9 months ago | (#45765017)

Microsoft handed the NSA access to encrypted messages â Secret files show scale of Silicon Valley co-operation on Prism â Outlook.com encryption unlocked even before official launch â Skype worked to enable Prism collection of video calls â Company says it is legally compelled to comply http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data [theguardian.com]

"Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple" http://gizmodo.com/google-to-government-let-us-publish-national-security-512647113 [gizmodo.com]

And look at the chronology of this:
23 September 2013: BBC News - RSA warns over NSA link to encryption algorithm http://www.bbc.co.uk/news/technology-24173977 [bbc.co.uk]
21 December 2013: NSA Gave RSA $10 Million To Promote Crypto It Had Purposely Weakened https://www.techdirt.com/articles/20131220/14143625655/nsa-gave-rsa-10-million-to-promote-crypto-it-had-purposely-weakened.shtml [techdirt.com] How apt: Techdirt said the story was from the "from the say-bye-bye-to-credibility,-rsa dept"

Fuck you RSA. Fuck you NSA.

Re:Links (5, Interesting)

Taco Cowboy (5327) | about 9 months ago | (#45765199)

Microsoft handed the NSA access to encrypted messages à Secret files show scale of Silicon Valley co-operation on Prism ...

I won't be able to represent anybody but myself but my companies, at least the time I was running them, never get involved with NSA / CIA / FBI or any of those alphabet agencies.

Yes, from time to time they did flag us (and even contacted some of my co-workers). What we did in return was to move part of our operations out of USA in order to not getting involved.

Re:Links (2)

FlyHelicopters (1540845) | about 9 months ago | (#45765457)

You realize that moving them out of the US simply makes their job easier. Now they no longer need to ask, no longer even need their secret courts, now they can just do whatever they want outside of the US.

Re:Links (2, Insightful)

Taelron (1046946) | about 9 months ago | (#45765249)

Everyone keeps forgetting that Microsoft handed the keys to the kingdom to the NSA back in 1999 and NT 4.0 SP5 http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]

Re:Trust none of them (1)

AmiMoJo (196126) | about 9 months ago | (#45765127)

Only a complete and utter moron world but stuff from a company with close links to a national security agency regardless.

Re:Trust none of them (5, Interesting)

VortexCortex (1117377) | about 9 months ago | (#45765149)

Only a complete and utter moron would buy from them after this.

Remember how the RSA SecureID authentication system was hacked? [pcmag.com]

Now, the way you do these tokens is to have a counter or timer inside them that's synchronized with an external system. You simply encrypt the counter and that's your verifiable ID code. The server can authenticate a couple counts in the past or present to give a wider window, and updates if drift is detected to stay in sych.

There's a concept in security called "single point of failure" that all competent security researchers are aware of and attempt to avoid, but RSA didn't. They didn't let you seed your own SecureIDs. Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim. Additionally, RSA can grant access to other people, say the NSA, by seeding a SecureID with a duplicate of yours. Furthermore, if RSA is compromised then everyone who uses SecureID is at risk, they've made themselves a single point of failure.

A better approach is to allow businesses to seed your security cards yourself, and run your own servers. This way there's no single point of failure for the entire card system -- Compromise one business doesn't leak to others. You don't have to rely on external servers for validation so even if all external lines are cut, your intranet can still validate cards. And you don't have to worry about the NSA compromising the folks you bought the cards from after you purchased them -- Only your systems know the authentication codes -- The crackers have to crack your database.

It wasn't surprising to me that RSA would get compromised because they were the single point of failure, it was only a matter of time (if not pre-compromised from inception). It wasn't surprising at all when defense related companies like Lockheed Martin and L-3 Communications were compromised thanks to RSA's SecureID breech. [computerworld.com]

Now, given the ineptitude you'd have to have as a team of premier security researchers to screw the pooch this badly in the design of your security product, and given how asinine it would be to select the absolute worst and slowest random number generator as the default for your BSafe security product, knowing you have many embedded platform use-cases, and given that it was known well in advance that trusting the PRNG was ill advised... Then considering Snowden leaks info explaining that the NSA was paying RSA to botch and weaken their security systems. Yeah, that makes perfect sense.

Given a gag order I'd understand RSA keeping quiet on this. If they cared about security of their customers then at that point we'd see RSA engineering a completely new line of security products with a goal to put our minds at ease, and inexplicably discontinue their past offerings. However, since they opened their fool mouths and claimed not to be screwing up everything on purpose... At least if they were forced to mess things up this bad I could understand, and once the spying apparatus has been dismantled I'd consider RSA still viable. However, if the NSA wasn't paying RSA to botch their security systems, then they can never be trusted again.

I use YubiKey [yubico.com] instead. I can run my own server, install my own codes in the tokens, or let yubico do it if the application doesn't require such security. The protocol and server source code is open. [yubico.com] I hear Google's partnering with them too. [wired.com]

Sad, really. Now anything RSA has touched I'm distancing myself from.

Re:Trust none of them (1)

game kid (805301) | about 9 months ago | (#45765205)

The protocol and server source code is open. I hear Google's partnering with them too.

I'm not quite sure that's a bullet point, especially if they're doing sentence 2 to stop sentence 1 [arstechnica.com] .

Re:Trust none of them (5, Informative)

Jah-Wren Ryel (80510) | about 9 months ago | (#45765317)

Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim.

I have personal experience implementing a SecureID based system and I can say that is not true.

Yes, RSA seeds the tokens. No there is no external reliance on RSA to validate them in the field. You do have to run their authentication server, but it does not phone home at all. RSA is not an active participant in each authentication, they can't stop valid tokens from continuing to work. I can say this categorically because I worked with a SecureID system on an air-gapped network. It was physically impossible to phone home to RSA.

Re:Trust none of them (1)

Bob_Who (926234) | about 9 months ago | (#45765337)

Well stated. Thanks for the well written insight.

Re:Trust none of them (1)

Bert64 (520050) | about 9 months ago | (#45765359)

There's not a single point of failure in the RSA case, they generate the seed values and give you the ones which correspond with the tokens, so your own server performs the authentication and RSA can't break it in that way, although they may be able to effect a denial of service through the license enforcement code.

The rest is correct however, they retain copies of all the seeds and can thus predict the token value at any time. That should have been a red flag to anyone, and I often recommended against using them but was always told that rsa are a big company and can be trusted, wont get hacked etc.

Re:Trust none of them (0)

Anonymous Coward | about 9 months ago | (#45765273)

err--- do you mean EMC which now owns RSA, or do you mean the programmer that was told to implement the change, or do you mean the programmer's boss? Or just everyone who worked at the company then known as RSA at the time the payment happened?

One more reason we don't like to call corporations "persons" -- they are so discorporate when it comes to assigning responsibility.

Re:Trust none of them (3, Insightful)

Threni (635302) | about 9 months ago | (#45765293)

Weaselly language:

> "that we have never entered into any contract or engaged in any project with the
> intention of weakening RSA's products, or introducing potential 'backdoors' into our
> products for anyone's use."

So, potential backdoors are out. How about backdoor? Known, functional backdoors, not the prospect of future backdoors?

Weakening? Nobody mentioned weakening. That $10,000,000 you took from that spy organisation - that was to strengthen, not weaken.

Contract? No contract. I rewarded my daughter for tidying her room. At no point was a contract, written or otherwise, created.

The guy might be gullible, but does he think we are?

Re:Trust none of them (2)

penix1 (722987) | about 9 months ago | (#45765379)

I rewarded my daughter for tidying her room. At no point was a contract, written or otherwise, created.

Actually, there was the moment you agreed to pay her for her cleaning services. Verbal, but still a contract.

I quit trusting them a decade ago (1, Informative)

mrmeval (662166) | about 9 months ago | (#45764927)

Hell I also do not trust PGP.

I trust GNUPG as long as Canonical doesn't improve it.

This settles the matter. (1)

Anonymous Coward | about 9 months ago | (#45764931)

They said they didn't do it. Everybody move on and never speak of it again.

Re:This settles the matter. (1)

jandar (304267) | about 9 months ago | (#45765053)

They said they didn't do it intentionaly. Why being specific about intention? This smells.

Re:This settles the matter. (1)

_Shad0w_ (127912) | about 9 months ago | (#45765183)

I suspect because they're not trying to deny that their implementation introduced a weakness, simply that they didn't do it on purpose. They're back handedly admitting to incompetence rather than corruption.

Begin opinion-based reasoning in 3 2 1... (0)

Anonymous Coward | about 9 months ago | (#45764939)

Please substantiate your answers in the space below

Re:Begin opinion-based reasoning in 3 2 1... (1)

Anonymous Coward | about 9 months ago | (#45765011)

Marketing weasels always lie: QED.

Not that strongly worded (5, Insightful)

Etherwalk (681268) | about 9 months ago | (#45764941)

The problem is that the NSA has been lying to everyone with doublespeak--asking permission for X warrants when the warrants really covered umpteen billion warrants, things like that. So while this press release categorically denies "that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries[,]" it could still be truthful even if any ONE of the facts in that list is false.

For example, "known" flawed random number generator--suppose the NSA knew it was flawed and RSA didn't. This denial does not contradict that.

In the context of a topic where companies and government agencies are lying regularly by using careful diction, even a "strong" "categorical" denial has to eliminate the possibility of loopholes in order for it to be believable.

Re:Not that strongly worded (5, Insightful)

Trepidity (597) | about 9 months ago | (#45764961)

That was my read of the statement as well. Essentially all they're denying is that they openly sold the rights to backdoor their software. It could still be the case that they wink-wink sold those rights. Or it could be the case that they were just dupes rather than in cahoots with the NSA; it's not entirely implausible that they thought they were helping out the NSA by making the change for a reason unrelated to backdooring the software.

Maybe not knowingly (2)

MobSwatter (2884921) | about 9 months ago | (#45764943)

But in that thought process RSA would be the first to stand up for the constitution on a list that includes all major telecoms and even other governments. Unlikely.

It's called LYING... (2, Informative)

Anonymous Coward | about 9 months ago | (#45764945)

It's called lying, and American Law specifically allows partners of the NSA to issue any form of false statement to the public, their shareholders, their investors, or any other non-governmental entity. In other words, once any individual or corporation gets in bed with the NSA, you can never again believe a word they say.

Google lies through its teeth, Microsoft lies through its teeth. These two companies now compete with one another as to which can provide the NSA with greatest value.

RSA is evil beyond any doubt, but Google and Microsoft are infinitely worse. Remember, Bill Gates gave you Common Core, the inBloom full surveillance child database created in partnership with Rupert "Fox News" Murdoch and the Xbox One NSA spy platform this year alone. Meanwhile Google, the R+D arm of the NSA, moved forward significantly with its programs to build autonomous, self-driving, killing machines for use in future US military invasions.

Google is involved with the U.S. military? (0)

Anonymous Coward | about 9 months ago | (#45765287)

Are you saying that the self-driving cars by Google are being designed for the military to kill people?

They're right (3, Funny)

waddgodd (34934) | about 9 months ago | (#45764947)

They didn't do it for NSA money, that was just gravy. They did it for Mossad money and got the NSA to chip in after the fact.

They're not denying the article really (5, Interesting)

Error27 (100234) | about 9 months ago | (#45764951)

They're just claiming again that they assumed the NSA were good people.

This all happened in 2006. RSA adopted DUAL_EC. RSA was sold to EMC. NIST released the standard. Microsoft researchers showed the flaws in DUAL_EC. The flaws in DUAL_EC have been known since 2006, the only thing we didn't know was that they were deliberate.

Also it's interesting to note that an anonymous organization paid for the same DUAL_EC algorithm to be added to Open SSL. With Open SSL at least they didn't make it the default but it's not far off from what RSA did.
http://arstechnica.com/security/2013/12/nsas-broken-dual_ec-random-number-generator-has-a-fatal-bug-in-openssl/ [arstechnica.com]

Anyone believe them? (2)

anarkhos (209172) | about 9 months ago | (#45764955)

Well, of course they HAVE to deny this.

But who am I to believe, the RSA or their long list of security hiccups.

Oh, and Microsoft denies this too. That's good enough for me!

Our fatherly corporate overlords would never lie for a buck, or $10M...

Sorry RSA (4, Insightful)

danheskett (178529) | about 9 months ago | (#45764959)

This is why you don't get in bed with government. Because we can never trust you, ever. And since you are not open source and have systematically reduced your transparency over the decades, you can't prove that your aren't lying.

Re:Sorry RSA (4, Insightful)

_Shad0w_ (127912) | about 9 months ago | (#45765229)

I don't think you could prove they were lying even if they were open source. All looking at the source code would tell you is that they implemented Dual_EC_DRBG; exactly the same as looking at the OpenSSL source code will tell you. I doubt there would be a handy comment saying "/* Implemented a known-weak method on behalf of the NSA. */" around it.

The problem Dual_EC_DRBG, as far as I can tell, is in the choice of constants used in it; the constants are defined by the NIST standard.

They May Not Have, But... (1)

ilikenwf (1139495) | about 9 months ago | (#45764971)

They very well could have had a few employees that accepted $10 million to do it.

Re:They May Not Have, But... (1)

Kasar (838340) | about 9 months ago | (#45765153)

If I had accepted $10 million from someone to steer development of a base company product, I probably wouldn't still be working there years later either.

As per the contract (4, Funny)

waynemcdougall (631415) | about 9 months ago | (#45764983)

17. RSA agrees that should the existence of this contract, the general nature of the agreements made herein, or the relationship bewtern the RSA and NSA be made public then the RSA shall, with due expediency, issue the following denial: "we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

Oh, Sure... (3, Insightful)

BlueStrat (756137) | about 9 months ago | (#45764993)

I believe them.

Just as much as I believe that Nigerian Prince's nephew's super deal for helping him get funds out of the country.

C'mon, RSA guys. I know you're pretty butt-hurt about this revelation from the Snowden release. Heck, I can even understand that you guys may well have received an "offer you can't refuse" from the NSA, et al.

You'd be much better off playing that angle, rather than attempt a laughably-preposterous and totally unbelievable denial. The denial gets you no sympathy or possible assistance out of your situation at all from the public, only hatred, vitriol, and the ends of many of your careers.

Remember that when making deals with the Empire, Darth has a nasty habit of "altering the deal". Though you "pray" he "doesn't alter it further", it never fails to eventually happen. Neville Chamberlain, 'nuff said.

Strat

Re:Oh, Sure... (4, Funny)

AHuxley (892839) | about 9 months ago | (#45765091)

We are top officials of the Federal Institution for Standards Review panel who are interested in the testing of cryptography in our country with academics which are
presently working in the USA. In order to commence this business, we solicit your assistance to enable us to sell into your company, the said fully tested cryptography standard.

The following represents the source of the cryptography . During the last regime in the USA, the Government officials set up departments and awarded themselves
private contracts which were grossly over invoiced in various Federal grants which informed the setting up of the Conflict Records Research Agency by the present Government to advice on the aforementioned.
We have identified a lot of inflated contract sums which are presently floating in the Central Bank of the USA ready for payment, amongst which is the said sum of US$10,000,000 (Ten Million United States Dollars) that we solicit your assistance for the export.
As we are unable to manage the export all by ourselves by virtue of our position as civil servants and members of the Panel, I have therefore been delegated as a matter of trust by my colleagues on the Panel to solicit for an overseas partner into whose hardware we would run the said code.

Come On (4, Insightful)

SuperKendall (25149) | about 9 months ago | (#45764997)

The government has a new encryption algorithm that is "amazingly strong". Only they are paying YOU to use it? And that does not throw up any red flags in a company based on SECURITY?

Re:Come On (5, Interesting)

Anonymous Coward | about 9 months ago | (#45765045)

Just to play devil's advocate, here's a plausible scenario which makes RSA look stupid but not evil:

NSA approaches RSA with their fancy new NIST/FIPS standard and says that it prefers that government agencies and contractors use Dual_EC_DRBG as soon as possible. Maybe they have super secret intel that China broke SHA-1. Who knows. All the RSA knows is that the NSA mission statement includes counter-intelligence--i.e. protecting the government.

Because so many agencies and contractors use products based on BSafe, the NSA wants to fast track an upgrade. The NSA says that it would pay RSA for the trouble of integrating Dual_EC_DRBG into BSafe as the default FIPS-compliant mode, and for the trouble of getting it tested and certified by NIST. It offers $10 million, which is a reasonable sum for that not inconsiderable effort on the part of RSA.

I still wouldn't trust RSA as far as I could throw them, but in this scenario everybody is being sincere and earnest. But for a company like RSA, suspicion should have been the order of the day. But as others have mentioned before, RSA is more managerial driven these days. While their researchers may have raised an eye brow, at this point they don't have the clout to veto an executive decision, because all the famous guys (the ones with a spine and a reputation to burnish) have left.

Re:Come On (1)

SuperKendall (25149) | about 9 months ago | (#45765155)

Ok, I can buy that is at least a plausible scenario. So then the question would be, where are the technical guys that at least raised an eyebrow at the time but were overruled by management...

Re:Come On (1)

game kid (805301) | about 9 months ago | (#45765221)

Probably being kept from so much as breathing a word about the eyebrow-raising by their work contracts with said management.

Re:Come On (1)

Anonymous Coward | about 9 months ago | (#45765081)

Actually this happens far more than you might think.

Do some research into In-Q-Tel, which is basically an arm of the CIA that pumps money into selected (mainly startup) companies. It does it under the guise of being a "VC", but it's not. At the end of the day their motivation is to help companies produce products that are beneficial to them, and will often pay for a specific feature to be added to a product for their use.

I'm not at all suggesting that IQT would do anything to weaken a product for other users, but the concept of paying for a specific feature to be implemented is extremely common.

I don't think there's any doubt that RSA was a victim of poor judgement of who to be friends with, but I suspect that's all it comes down to. They trusted the NSA (and to some extent, NIST) where, in hind site, they shouldn't have - but they certainly weren't the only one to make that mistake.

Re:Come On (3, Insightful)

SuperKendall (25149) | about 9 months ago | (#45765279)

the concept of paying for a specific feature to be implemented is extremely common.

I agree with that, but that is the company developing said feature. That makes a lot of sense.

What raises eyebrows is not saying "add this feature", but "add this feature and BTW here's the exact algorithm you will use, oh and BTW2 we aren't going to add any schedule constraints, and BTW3 can you make sure it's the default all of your OTHER customers will be using?"

Parse responsibly, folks (1)

Anonymous Coward | about 9 months ago | (#45765021)

Look at the language. It sounds like it was written by an NSA lawyer.

Define "project", please?

There is a subjunctive there that one can drive a truck though. Or, perhaps, eight digits on the bottom line.

Still a secret but (0)

Anonymous Coward | about 9 months ago | (#45765043)

Some serious insider trading happening via these backdoors

Sure (0)

Anonymous Coward | about 9 months ago | (#45765055)

Sure, that's what they all say.

weasels (1)

Anonymous Coward | about 9 months ago | (#45765063)

RSA:

we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use

You see, they had no idea that EC-DRBG was compromised. They just thought the NSA had everyone's best interests at heart when took $10M to make it the default generator.

captcha: apologia!!!

I can haz trustz now?! (0)

Anonymous Coward | about 9 months ago | (#45765069)

Seriously, a lolcat is more trustworthy.

Non-denial denial (5, Informative)

dido (9125) | about 9 months ago | (#45765075)

As usual with these things, it's a non-denial denial. "RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use." Emphasis added. The first part says that they can't say whether they've taken any money from the NSA, so the story of them receiveing $10 million from the NSA could still be true. The second part leaves a lot of wiggle room. The word "intention" is the weasel. The statement leaves open the possibility that they could have taken the money from the NSA in good faith, in the same way that Mozilla takes Google's money in exchange for making Google the default search engine in Firefox. They didn't know then what the NSA's true intentions were in pushing use of Dual_EC_DRBG (never that mind it's several orders of magnitude slower than any other CPRNG algorithm described in NIST SP 800-90A). They were already using it in BSAFE as early as 2004, and the algorithm became a NIST recommendation in 2006. The possibility of a backdoor in the algorithm was floated publicly in 2007, a few months after it was published. I for one don't buy that they did all this in good faith, but there's no way to prove it unless some cryptographer who was employed by RSA at the times in question blows the whistle and says they had suspicions with the algorithm and the NSA's intentions for it.

The NSA wasn't always thought of as so evil. They modified the DES s-boxes so as to strengthen it against a cryptanalytic technique (differential cryptanalysis) that was known only to them and IBM since at least 1974, and kept classified until it was independently discovered by the academic cryptographic community in the late 1980s, so there may be some reason to give RSA the benefit of the doubt.

Re:Non-denial denial (1)

Kasar (838340) | about 9 months ago | (#45765167)

I've wondered for some time what changed. In 1996, browsers using 128-bit SSL could not be exported or downloaded from outside the US due to munitions laws covering crypto. By 1999, those restrictions were gone but I don't recall Congress removing crypto from export restrictions, though 40-bit encryption had been repeatedly broken.
In recent months I've wondered if it were a case of the intel agencies getting a standard adopted that they could penetrate easily, making the restriction trivial.

Re:Non-denial denial (3, Interesting)

ysth (1368415) | about 9 months ago | (#45765243)

http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#PC_era [wikipedia.org] :
"Legal challenges by Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in President Bill Clinton signing the Executive order 13026[7] transferring the commercial encryption from the Munition List to the Commerce Control List. "

Re:Non-denial denial (1)

Martin Blank (154261) | about 9 months ago | (#45765259)

Congress didn't do it. It was done in 1996 by Executive Order and encryption was largely placed under the Commerce Department. It was done this way because the relevant law (22 USC 2778 [cornell.edu] ) provides for presidential control of the United States Munitions List, so there was no need to go through Congress.

Re:Non-denial denial (1)

Darinbob (1142669) | about 9 months ago | (#45765423)

NSA does not benefit if commercial cryptography is weak. If it is weak then it means that every spy agency on the globe has access to vital US data, because NSA are not the only people who understand this stuff. Now maybe you believe that the NSA is actively working against the interests of the US government but that's a pretty long stretch.

Export restrictions were about restricting foreigners getting access to high level encryption methods, though of course everyone knew beyond a shadow of doubt that everyone had access to it all. It was just a stupid government regulation that served no purpose except to look good on paper and gain votes.

Foreign crypto market should boom? (3, Insightful)

melchoir55 (218842) | about 9 months ago | (#45765087)

Given the state of affairs in the United States, I would think that every country on earth should be reviewing their reliance on American tech (especially in cryptography). Do you really want your parliament having discussions over skype? Or using Microsoft Windows to conduct their Seriously Secret activity? Microsoft is implicated in compromising Skype, so there is every reason to suspect they have also compromised Windows and every other piece of software they make. Google mail? Apple phones? RSA security? The list goes on.

If I were a foreign government I would dump serious subsidies into my domestic software development industry. This extends to our allies as well. After all, if the USA is willing to spend insane resources and flaunt the law/morality by spying upon its own citizenry to a degree hardly less severe than 1984... why wouldn't they be using the very same backdoors on you?

Re:Foreign crypto market should boom? (0)

Anonymous Coward | about 9 months ago | (#45765171)

Microsoft didn't even own or control Skype when these documents were written, how exactly were they implicated in compromising Skype?? did they hack them and secretly plant Trojans in there?

Re:Foreign crypto market should boom? (0)

Pav (4298) | about 9 months ago | (#45765421)

Wasn't this about Microsoft changing Skypes architecture [geek.com] to enable surveilance? Hell, they were even brazen enough to patent [archlinux.org] aspects of it. They've even been scanning [wordpress.com] chats for URLs (which was news to me). Apparently the excuse was they were scanning the URLs for malicious software, which may be true... but most regard anything they say these days with a grain of salt, and rightly so.

Re:Foreign crypto market should boom? (0)

Anonymous Coward | about 9 months ago | (#45765393)

USA is the friend to everyone and protector of all. You have nothing to fear if you have nothing to hide!

Unless you belong to the axis of evil!

LOL (1)

bl968 (190792) | about 9 months ago | (#45765123)

What you thought he said, "We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

What he actually said "We did it for the money"

Ironic distance (white lie) problem (0)

Anonymous Coward | about 9 months ago | (#45765135)

"that we have never ENTERED into any contract or ENGAGED in any project with the intention of weakening RSA's products, or introducing POTENTIAL 'backdoors' into our products for anyone's use." (my emphasis in bold text)

I read this as:
We never enter into or engage at doing anything that was clearly meant to weaken any security that we work on.. ..but when we do, we always provide the excuse that we couldn't possibly have had any intention for doing so.

Some of us (0)

Anonymous Coward | about 9 months ago | (#45765197)

Have known this for a while. There may be more leakers than one might think.

RSA's response is utter bullshit; the right people know this. Ignore these assholes. At every level.

Its still hard to believe... (0)

Anonymous Coward | about 9 months ago | (#45765295)

posting anonymously (iamnotasmurf - check out my not so hilarious pun-filled comment history) cus everytime after I log into my account, it brings me to the screen where I can update my personal information but if I click on another part of the website im no longer logged in? this started happening a few days ago, it wasnt a problem before and ive replicated the problem on another browser (yes im computer retarded, PICNIC error whatever, shock horror, or just too lazy to figure it out, dunno. yesterday my dad had to tell me how to find an option on a drop down menu on a website that sells bus tickets)

ANYWAY...this might be a snowden doc but 10 million? One can understand that people are money hungry (whether they need it or not) but this is either

1) untrue
2) the 10 million is token sum offered to soften the blow of some (INSERT ADJECTIVE) social engineering
3) some other retarded (only 10 million?) reason

Im stuck between 2 and 3, but if i had to choose ill pick 2 cus it sounds sexier, either way its a total fuckin joke

Um duh. (0)

Anonymous Coward | about 9 months ago | (#45765333)

If they really did it, and they admitted it, they'd be utterly fucked in the security world. Nobody would trust them ever again. How much more fucked could they possibly be if they were caught lying about it instead?

Not Snowden (1)

Anonymous Coward | about 9 months ago | (#45765363)

Just to make it clear: This was Reuters and their own sources. NOT Snowden!

of course they will deny it (2)

FudRucker (866063) | about 9 months ago | (#45765365)

they are not going to confess that they betrayed the trust of their customers and the people, eventually the truth will come out and heads will roll

Re:of course they will deny it (0)

Darinbob (1142669) | about 9 months ago | (#45765433)

Of course they could be denying it because it's true. Not all denials are proof of guilt.

They deny they are competent (1)

dyfet (154716) | about 9 months ago | (#45765367)

They have denied, in effect, that they even are competent to evaluate cryptosystems or that they are competent to protect their customers as they claim. This denial I think is actually worse for them than saying they actually knew what they were doing and did so anyway.

RSA official response is limp and evasive (2)

CuteSteveJobs (1343851) | about 9 months ago | (#45765419)

RSA's official response is limp and evasive. It makes no mention of the $10M payment. Even the PR spokesliars couldn't turn this truck load of pig shit into a silk purse https://blogs.rsa.com/news-media-2/rsa-response/ [rsa.com]

> We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

Then why did they have to pay you to use a 'good' algorithm? If all they had to do is convince you it was awesome that would have been enough. How fucking dumb do you think we are?

> This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.

Fuck you, RSA. You made it the default, knowing most people would trust and use it for that reason. You fucking well know if one of the options was starred 'NSA paid us $10M to make this one the default' no one would have touched it. Remember the public suspicion when Microsoft's NSAKEY was discovered. Don't bullshit us that RSA didn't know about that.

> We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.

Then you should have gone back to NSA and said "Hey look, you paid us $10M to use a flawed algorithm. You are supposedly experts in encryption. We aren't stupid. What the fuck are you trying to pull on us and our customers?"

And that's the scenario that assumes they *didn't* know.

> When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.

Fuck you. It was out in the open by then. You could hardly hide it them, and you still didn't warn your customers their data might have been compromised.

> RSA, as a security company, never divulges details of customer engagements,

Like $10M Bribes? Or agreements with one customer to fraudulently sell flawed software to other customers? I bet lawyers everywhere can smell big class actions off this one!

> but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSAâ(TM)s products, or introducing potential âbackdoorsâ(TM) into our products for anyoneâ(TM)s use.

Oh fucking puleaze. "intention" is a bullshit cop out that means you did it but didn't fucking us over wasn't the primary reason. If that $10M was so clean, show us the contract and the minutes of meetings. If you don't, don't expect us to trust you. And if they don't exist even though this is all above board, why?

RSA is either incompetent or malicious. Either way it can't be trusted again. Security companies can't operate unless their customers trust them. RSA is dead.

A Hypothetical Scenario (0)

Anonymous Coward | about 9 months ago | (#45765445)

In most security scenarios people trade resources vs security. Some security algorihms are more cpu intense than others. What if RSA isn't lying per se? Consider the following scenario, a company has a dozen or so algorithms, and lets say the weakest one is default, it is also the easiest one to execute in terms of resources, if it is strong enough to prevent all but the most dedicated and well funded attempts to break it, it might be considered consumer grade but not say military grade. Over time the weaknesses the company learns about in the algorithm are kept internal and used to develop even stronger algorithms. The NSA approaches world renowned cryptography company for expertise in breaking algorithms. Knowing the NSA has more resources to dedicate to the task then almost any other player, and resources mere run of the mill hackers or criminals couldn't come close to, suspose the crypto company then sells expertise around how to break products they've written, while rarely known, and not purposely introduced these errors could be broken by an organization with significant resources and knowledge of the weakness. The company then sells the expertise on how to put gigantic resources to use.

In this scenario, no backdoor was introduced, and the weaker algorithms, were known and disclosed to be weaker but less cpu intensive to operate (and break), and later discovered knowledge of potential avenues of attack leads the company to develop stronger products. In this case, a company could sell expertise on breaking their own products, without either a intenionally weakening them or B creating a backdoor.

Let's see.. who should we trust? (4, Insightful)

XaXXon (202882) | about 9 months ago | (#45765489)

Snowden: 100% accuracy so far.

RSA: For profit company that looks really bad right now and there's no downside to them lying.

I'll go with the 100% guy with nothing to gain.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>