RSA denies taking $10m from NSA to default backdoored algorithm

A recent Reuters report claims that the U.S. National Security Agency (NSA) paid US$10 million to vendor RSA in a "secret" deal to incorporate a deliberately flawed encryption algorithm into widely used security software. This has caused controversy about the government's involvement in setting security standards.

In a strongly worded blog post today, RSA denied to have entered into a secret contract with the NSA. The company said it started using Dual EC DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) by default in 2004, sometime before the generator was standardised. By 2007 the algorithm was found to effectively have a backdoor in it that weakened the strength of any encryption that relied on it, making life easier for snoops. In September 2013, RSA told its customers to stop using the algorithm.

"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security," RSA said in a statement.

"We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the RSA said.

Read more -here-
Read the full Reuters story -here-

• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts