RSA's 'Denial' Concerning $10 Million From The NSA To Promote Broken Crypto Not Really A Denial At All

from the between-the-lines... dept

On Friday, a very big story broke on Reuters, saying that the NSA had paid RSA $10 million in order to promote Dual EC DRBG encryption as the default in its BSAFE product. It had been suspected for a few years, and more or less confirmed earlier this year, that the NSA had effectively taken over the standards process for this standard, allowing it to hide a weakness, making it significantly easier for the NSA to crack any encrypted content using it.

As plenty of people noted, the news that RSA took $10 million to promote a compromised crypto standard pretty much destroys RSA's credibility. The company, now owned by EMC, has now put out a statement in response to all of this, which some claim is the RSA denying the story. In fact, RSA itself states: "we categorically deny this allegation." But, as you read the details, that doesn't appear to be the case at all. They more or less say that they don't reveal details of contracts, so won't confirm or deny any particular contract, and that while they did promote Dual EC DRBG, and knew that the NSA was involved, they never knew that it was compromised.

In short: yes, RSA did exactly what the Reuters article claimed, but its best defense is that it didn't know that Dual EC DRBG was compromised, so they didn't take money to weaken crypto... on purpose. Even if that's what happened.
We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
Right, but that raises questions of why RSA trusted NSA to be a good player here, rather than trying to insert compromises or backdoors into key standards.
This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
Yes, but it was the default. And, as everyone knows, a very large percentage of folks just use the default.
We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
Again, this doesn't make RSA look good. As has now become clear, the NSA had basically sneakily taken over the whole standardization process. RSA more or less trusting NIST without looking into the matter themselves raises questions. Especially if there was a $10 million contract that incentivized them not to dig too deeply. RSA promoted this standard as the default in BSAFE. You would hope that a company with the stature in the space like RSA would be more careful than just to rely on someone else's say so that a particular standard is secure.

RSA claiming it didn't know the standard the NSA paid them $10 million to make default was suspect is hardly convincing. Why else would the NSA suddenly pay them $10 million to promote that standard? Furthermore, it appears that news of this $10 million contract was known a bit more widely. Chris Soghoian points to an email from cypherpunk Lucky Green, from back in September, to a cryptography mailing list in which he more or less reveals the same info that Reuters reported on Friday, though without naming the company.
According to published reports that I saw, NSA/DoD pays $250M (per year?) to backdoor cryptographic implementations. I have knowledge of only one such effort. That effort involved DoD/NSA paying $10M to a leading cryptographic library provider to both implement and set as the default the obviously backdoored Dual_EC_DRBG as the default RNG.

This was $10M wasted. While this vendor may have had a dominating position in the market place before certain patents expired, by the time DoD/NSA paid the $10M, few customers used that vendor's cryptographic libraries.
While this describes the right amount, if the NSA is really spending $250 million, it's certainly possible that it has quite a few other $10 million contracts out there to promote or avoid certain other encryption standards depending on what it desires. Hopefully, some reporters are currently reaching out to all the companies on this list to see if they've got any contracts with the NSA concerning Dual EC DRBG.

Companies taking money from NSA, but claiming that they didn't realize the encryption the contract pushed them to promote was compromised, aren't going to find a very sympathetic audience outside of the NSA. The RSA's "categorical denial" here misses the point. It certainly doesn't suggest that the Reuters story was wrong -- just that the RSA was so blinded by a mere $10 million that it didn't bother to make sure the standard wasn't compromised.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, compromised, crypto, nist, nsa, standards, surveillance
Companies: rsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 23 Dec 2013 @ 8:49am

    Google is far more effectively PAID OFF by not being TAXED.

    Google has more than FIFTY BILLION offshore, untaxed -- and won't be nagged for it in current climate with Schmidt a pal of Obama. That's orders of magnitude more than this payoff, so it's a good bet that Google is far more compromised.

    This is interesting reading:

    http://www.reuters.com/article/2011/09/30/us-internet-security-idUSTRE78T2GY20110930

    "The ease and cost of surveillance are at an all-time low, Soghoian said, with Google charging an administrative fee of $25 to hand over data, Yahoo charging $20, and Microsoft and Facebook providing data for free." -- Yup, kids, mega-corps are selling you out for $25 bucks, TOPS.

    Google's tailoring to YOU can selectively substitute, omit, and lie. You can't trust anything on the net, neither what you see nor what you don't see!

    04:49:36[f-402-0]

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 Dec 2013 @ 9:05am

      Re: Google is far more effectively PAID OFF by not being TAXED.

      i don't understand. the companies you listed are NOT the internet. so stop using google. vote with your wallet if you don't like the cost of their free services

      and when was the net ever to have been trusted?

      link to this | view in chronology ]

    • icon
      weneedhelp (profile), 23 Dec 2013 @ 9:25am

      Re: Google is far more effectively PAID OFF by not being TAXED.

      Ha ha ha only you... blue, can take a story about RSA/NSA and insert Google in there... atta boy Blue. Trolls harder.

      link to this | view in chronology ]

    • icon
      Reality Check (profile), 23 Dec 2013 @ 10:28am

      Re: Google is far more effectively PAID OFF by not being TAXED.

      Most of the time your angry incomprehensible mumblings at least have a small connection to the original post. This time, you failed to attempt any connection.

      I'd say this is nothing but gibberated spam.

      Get your own blog, instead of spending all your time spamming others.

      link to this | view in chronology ]

  • icon
    That One Guy (profile), 23 Dec 2013 @ 9:02am

    And this helps them how?

    Maybe I'm missing something, maybe large payoffs to promote a particular piece of software/standard are commonplace for companies like that, but it seems that if you're in the position of deciding what encryption/security to promote, someone coming up and offering you millions to promote a particular one would at least trigger enough warning bells to investigate just why they were so interesting in having that standard/software get adopted.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 9:11am

    NSA has also infiltrated parts of IETF [1] and the Trusted Computing Group [2] (you know, the same "trusted computing" that Microsoft keeps promoting with Windows 8).

    The NSA employees need to be kicked out of these groups unless they want everyone to lose trust in them, and some have already asked them to do so:

    [1] - http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html

    [2] - http://www.securitycurrent.com/en/writers/richard-stiennon/it-is-time-for-the-trusted-computer-group -to-repudiate-the-nsa

    Fortunately, no one trusts NIST anymore, so at least we solved part of them problem. IETF will need to come up with its own security standards, and since Dan Bernstein's algorithms and protocols are rapidly becoming popular (in TLS 1.3, Chrome, OpenBSD, TextSecure, DarkMail, OpenSSH, etc) as alternatives to NIST ones, they should name him a chair at IETF to provide the vision for a secure by default Internet, that's protected with strong encryption.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 9:16am

    Lies, and more lies.

    "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption."

    Trusted by whom? Aren't they in security business and supposed to see everything around as suspicious unless proven safe?

    Suits should follow. For fraud, and retitution of gains. Better, before European courts.

    "This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs."

    For this very lie, shey should go banktupt.

    link to this | view in chronology ]

    • icon
      DannyB (profile), 23 Dec 2013 @ 9:59am

      Re: Lies, and more lies.

      The RSA can say: blame the NSA, they made us do it!
      (Adam said, blame the woman, she made me do it!)

      The NSA can use the OOTB defense.
      (That is, the NSA can say that the NSA is being truthful to the extent that the NSA is capable of telling the truth.)

      link to this | view in chronology ]

  • icon
    Trails (profile), 23 Dec 2013 @ 9:54am

    How to commit company sepuku

    RSA will now die, and should. They only have themselves to blame.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 9:56am

    typical red herring bullshit! they are guilty as sin, they know they are guilty just as they know we know they are guilty! own up instead of trying to pretend you're squeaky clean!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 10:33am

    So apparently no alarm bells ever went off when one of the world's biggest spy organizations -- whose primary function is to intercept and decode private communications -- starts lobbying for a particular encryption method?

    That in itself should have been a dead giveaway to anyone with half a brain.

    link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 23 Dec 2013 @ 10:48am

      Re:

      So apparently no alarm bells ever went off when one of the world's biggest spy organizations -- whose primary function is to intercept and decode private communications -- starts lobbying for a particular encryption method?

      Not just lobbying, but writing checks...

      link to this | view in chronology ]

  • icon
    Justin B (profile), 23 Dec 2013 @ 11:03am

    Our Response

    If it was a foreign entity pushing this weak encryption, we would immediately respond and replace all of it as well as ban that country/company from operating in the US. But we forget that by weakening encryption itself, our businesses/people are just as vulnerable to outside attack as they are to domestic ones from the NSA. Therefore, the damage is equal but our lack of courage to address the issue will keep everyone a vulnerable target, including us.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 1:17pm

    Checking the list

    Almost all of the American-based companies have contracts with the Department of Defense and many other major government agencies.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 2:54pm

    Money talks.

    RSA isn't going broke, out of business etc.

    Most of the readers and commentators here work for businesses who will be writing checks to RSA this year.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2013 @ 3:35pm

    Not Credible

    The idea that everyone at RSA thought that the $10 million was just some kind of charity donation and they never suspected that the NSA might be expecting anything in return is just not credible. That sounds like the kind of defense someone might tell in court just before they go to prison.

    link to this | view in chronology ]

  • icon
    JackOfShadows (profile), 23 Dec 2013 @ 6:37pm

    Which throat?

    Which throat should be choke over this? Are any of those people still around? And if they've moved on, with suitably stuffed pockets, how can we reach out and touch them? While treated as people, sometimes (hell, often!) Corporations have significant bouts with amnesia, especially after a buyout.

    Thankfully never worked at such a place, 'less the US Navy counts.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.