The security outfit RSA, these days a division of EMC(s emc), has denied deliberately incorporating a known backdoor into some of its popular encryption libraries through a secret contract with the NSA.
A few months ago, Edward Snowden’s leaks showed that the NSA — previously seen as a trusted partner of many in the security industry — had worked to undermine security standards (the analogy I always use here is that it tried to make sure all digital locks were broken, rather than just building a better lockpick). In particular, the agency had promoted the use of a random number generator called Dual_EC_DRBG, which now seems to have secretly contained a backdoor for the NSA, but which got the thumbs-up from the U.S. National Institute of Standards and Technology (NIST).
Few security companies actually went with Dual_EC_DRBG because it was slow, but RSA did in 2004, making it the default…
View original post 354 more words