[Lamplighter]

So, who do you believe...

Cruxialcio
Antone Gonsalves
December 23, 2013

RSA Denies Hobbling Encryption Software For NSA

Quote:

RSA has strongly denied a report that it was paid to embed in encryption software-
flawed technology that would have enabled the U.S. National Security Agency to break into computer products.
Reuters reported Dec. 20 that the NSA paid the influential security vendor $10 million
to provide its customers with the agency-developed encryption formula
that would create a backdoor in products.

RSA, a unit of EMC, reportedly used the technology in BSAFE,
which is software embedded in commercial applications to secure data.
On Dec. 22, RSA posted a statement that said,
"We categorically deny this allegation."

While acknowledging it worked with the NSA, RSA said it never
kept the relationship secret and often publicized it.
"Our explicit goal has always been to strengthen commercial and government security," RSA said.

RSA said its decision in 2004 to use Dual EC DRBG in BSAFE was in the context of
an industry-wide effort to build stronger methods of encryption into products.
At the time, the NSA had a trusted role in the security industry.

The flawed algorithm was one of multiple choices customers had in BSAFE toolkits, RSA said.
Approval of the standard made it a valuable tool in meeting
government requirements for information technology products.
RSA continued to offer Dual EC DRBG in its product until NIST recommended in September of this year
that the algorithm no longer be used, because it had been compromised.

Quote: