It’s already in Wikipedia (
here), and was reported as an "exclusive" by Reuters on 12/20/13,
but here is a shorter version:
Mother Jones
Kevin Drum
Dec. 21, 2013
NSA Paid Security Company to Adopt Weakened Encryption Standards
Quote:
Undisclosed until now was that RSA received $10 million in a deal that set
the NSA formula as the preferred, or default, method for number generation
in [ RSA Security LLC's ] BSafe software, according to two sources familiar with the contract.
Although that sum might seem paltry, it represented more than a third of the revenue
that the relevant division at RSA had taken in during the entire previous year, securities filings show.
....Most of the dozen current and former RSA employees interviewed said that
the company erred in agreeing to such a contract, and many cited RSA's corporate evolution
away from pure cryptography products as one of the reasons it occurred.
But several said that RSA also was misled by government officials,
who portrayed the formula as a secure technological advance.
"They did not show their true hand," one person briefed on the deal said of the NSA,
asserting that government officials did not let on that they knew how to break the encryption.
|
However, the Wiki version speaks more along the lines that the "random number generator"
that was preferred by NSA was already well known among cryptologists as being one that could be broken
... and so leaves the impression that the RSA cryptologists knew, or should have known,
what was involved for the $10 million contract.
.