Security firm denies knowingly including NSA backdoor — but not taking NSA cash


The security outfit RSA, these days a division of EMC(s emc), has denied deliberately incorporating a known backdoor into some of its popular encryption libraries through a secret contract with the NSA.

A few months ago, Edward Snowden’s leaks showed that the NSA — previously seen as a trusted partner of many in the security industry — had worked to undermine security standards (the analogy I always use here is that it tried to make sure all digital locks were broken, rather than just building a better lockpick). In particular, the agency had promoted the use of a random number generator called Dual_EC_DRBG, which now seems to have secretly contained a backdoor for the NSA, but which got the thumbs-up from the U.S. National Institute of Standards and Technology (NIST).

Few security companies actually went with Dual_EC_DRBG because it was slow, but RSA did in 2004, making it the default…

View original post 354 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s