RSA attempts (and fails) to refute claims it helped NSA weaken encryption

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Random numbersSecurity outfit RSA has official responded to reports that appeared at the end of last week.

As this site described over the weekend, a Reuters report had claimed that the NSA had given RSA $10 million, as a part of a deal that resulted in an intentionally flawed random number algorithm (known as Dual_EC_DRBG) being made the default choice in the company’s BSAFE encryption toolkits.

This, in turn, created a backdoor into encryption products.

Security expert Bruce Schneier said he viewed the $10 million payment as evidence that RSA was “bribed” by the NSA.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, it’s always valuable to hear the other side of the argument. So, here is the official statement from RSA:

RSA response

Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.

Key points about our use of Dual EC DRBG in BSAFE are as follows:

* We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

* This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.

* We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.

* When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.

RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.

What’s interesting to me, is that RSA’s statement doesn’t appear to tackle the allegations that the Reuters report actually made.

RSA says it is categorically denying the allegation that the NSA secretly contracted it to “incorporate a known flawed random number generator into its BSAFE encryption libraries”.

But Reuters didn’t make that allegation.

Instead, Reuters alleges that RSA received $10 million from the NSA to make Dual_EC_DRBG the preferred or default random number generator.

Part of Reuters report

It doesn’t appear to me that Reuters is claiming that RSA *knew* that the the random number generator was flawed and would give the NSA a backdoor.

So, RSA, how about answering the allegation that Reuters actually made? Do you deny taking the cash from the NSA?

As far as I can see, nothing in RSA’s statement denies that the NSA paid them to make Dual_EC_DRBG the default.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

One comment on “RSA attempts (and fails) to refute claims it helped NSA weaken encryption”

  1. Nick

    Of course RSA would try to deny all allegations. Any corporation would lie to its consumers, to try to avoid losing most of their customers from broken trust.

    They did deny having any secret contract with the NSA to make that algorithm the default, so it implies that without any contracts made with the NSA, why would the NSA give them free money? Unless the money wasn't tied to a contract, and instead an informal bribe by the NSA.

    Also when they wrote "known" they could have been referring to the moment after Edward Snowden's leaks, rather than explicitly saying that they knew about it from the start.

    But still, I think the RSA is full of shit.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.