RSA ‘Categorically Denies’ Secret NSA Payout

After Reuters broke a story that the U.S. National Security Agency (NSA) arranged a secret $10 million contract with RSA, the security division of EMC went on the offense -- and fast.

EUDocuments leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a EUback doorEU in encryption products, the New York Times reported in September,EU Reuters said.

EUUndisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

A Strong Denial

RSA isnEUt taking the allegations lying down. EURecent press coverage has asserted that RSA entered into a EUsecret contractEU with the NSA to incorporate a known flawed random number generator into its BSafe encryption libraries,EU RSA said in a statement. EUWe categorically deny this allegation.EU

RSA went on to say that the company has worked with the NSA, both as a vendor and an active member of the security community. The firm emphasized that it has never kept this relationship a secret and in fact has openly publicized it. The EMC subsidiary said its explicit goal has always been to strengthen commercial and government security. Then, the firm offered some key points about its use of Dual EC DRBG in BSafe.

RSA said it made the decision to use Dual EC DRBG as the default in BSafe toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the firm said, the...

Comments are closed.