As an important part of the campaign implemented encryption software so you can break into the software products used popularly , the National Security Agency of the United States organized an undisclosed contract of $ 10 million with RSA , which is one of the leading companies in the computer security business , Reuters has learned.
The documents revealed by Edward Snowden , former contractor NSA, described the NSA has developed and then passed a wrong formula for creating random numbers for a "back door" encryption products , which was also reported by the New York Times in September. Reuters later reported that RSA has become the most famous supplier of rolling that formula in any software tool, known as Bsafe , which is mainly used to increase security on personal computers and related devices.
According to two sources who were familiar with the contract, so far, revealed that RSA has received about $ 10 million in a deal that sets the formula for the NSA as the default or preferred method for generating numbers in the Bsafe software . However, this amount may seem like a miserable, but it means much more than a third of the total amount of income that the corresponding RSA award received during the previous year , the securities described files .
The latest revelations of the NSA tangle with RSA had already surprised some people on this planet very attached computer security experts . This organization had a long history of defending the security and privacy as well as the company has played a key role in blocking an effort by the 1990 NSA need a special chip for espionage in different cable ranges of computer and communications products .
RSA , which is now a subsidiary of EMC Corp , the giant computer storage , urged customers to stop using the formula of the NSA after revelations Snowden revealed weakness.
Both EMC and RSA have refused to answer any questions on this subject, but in a statement said that RSA is always working in the best interests of its clients and is not designed or enabled any backdoors into their products. The organization also noted that all discussions about the functionality and features of the RSA products are yours . At the same time , RSA declined to provide any comment .
The RSA agreement describes a way that the NSA did things which documents Snowden described as the key strategy to increase surveillance, methodical erosion of security tools . The NSA documents released in recent months using essential business relationships in order to advance the goal , but it does not mention any security companies as reviewers .
This week, the NSA was attacked with reference to the report released by the White House panel , which was appointed to review the policy of U.S. surveillance . According to the panel of encryption is one of the important bases for trust on the web and it also called for the cessation of the efforts of the NSA in order to oppose it.
Most of the dozen current and former employees RSA RSA interviewed spoke he made a mistake by accepting this type of contract, and a number of employees stated that the institutional assessment of RSA away from clean cryptographic products as any reason , happened.
However, a number of employees , said RSA was also misled by government officials representing the formula as one of the technological advances of security. In addition , a staff member said the NSA concerned that government officials did not show his true side , stressing that government officials did not allow the things that they know the way to break your encryption.
The long story :
Founded in 1970 by MIT professors , and took four years for the former Marine Jim Bidzos , RSA company and the main algorithm of this company were named for the last initials of the three founders of this company, which revolutionized cryptography . Very little known people , the RSA encryption tools have been authorized by most major technology companies. In turn these companies use the tools to protect computers used by millions of people in the U.S. .
In the center of RSA products , it was a technology that was known as public key cryptography . In this technology , there are two keys mathematically linked together , instead of having a single key for encoding and decoding messages. The first key among them is used to encode a message, and the second key to reveal the message .
From the early days of RSA, the creation of the U.S. intelligence concerned that this would not be able to break cryptography well designed public key. A researcher ex - Stanford, Martin Hellman , who led the team that invented this technique first, experts said that the NSA tried to communicate with him and others with the belief that the keys will not be as large as those they planned .
Bets increased , as more and more technology companies approved methods RSA and Internet use also began to rise. Therefore, the Clinton administration has the Clipper Chip, imagined as a mandatory component in computers and telephones for staff to overcome the encryption with a court order .
RSA also led a fierce public movement against the effort , and also distributed posters with sailboat wreck with the words above him " Clipper Sink" .
The main argument against the chip was that foreign buyers of technology products in the United States are avoided if they were already prepared for the purpose of espionage. In addition , some organizations also indicate that was all that took place in the wake of revelations Snowden .
The White House dismissed the Clipper chip and rather than trust the export control in order to avoid the best cryptography crossing U.S. borders . Again, the industry recovered RSA and Australian industry developed a division that could accomplish what I wanted. Bidzos mentioned in the oral history that the company has become the tip of the spear in the fight against government efforts .
RSA evolves
RSA and other companies kept the victory , while the export restrictions were relaxed .
But NSA concluded reading the things I wanted and that search succeeds urgency after the Sept. 11, 2001 .
Meanwhile RSA was changing. Bidzos resigned as CEO in 1999 in order to concentrate on the VeriSign , an organization of security certificate , which had been taken from RSA . In addition , the laboratory elite was founded by Bidzos moved east to Massachusetts from Silicon Valley, and several senior engineers left that organization.
Bsafe tool kit was becoming a smaller part of the company. For 2005 , Bsafe and other tools for developers earned only $ 27,500,000 of total revenues of RSA , unless only 9% of the total $ 310 million.
By the first part of 2006 , RSA was among those technology companies looking at U.S. government as a partner against hackers abroad.
The new RSA CEO Art Coviello and his team still want to be seen as a party of the technological forefront , former employees describe and Coviello described in an interview that the NSA had just the right tone.
An algorithm ie dual elliptical curve was created in that agency, was on track to get approval by the National Institute of Standards and Technology as one of the four acceptable methods for obtaining random numbers. The blessing of NIST is necessary for a number of products sold in government and establishes a broader de facto standard.
According to an official who is familiar with all processes. RSA algorithm adopted this even before it was approved by NIST. Then, the NSA cited the early use of the dual elliptic curve within the government in order to effectively defend NIST approval .
The RSA contract has double elliptic curve the default for creating some random numbers on the RSA toolkit . According to former employees , no alarms that agreement was managed by business leaders instead of pure technologists were raised.
Within a year, he asked the most important questions about Dual elliptic curve . In addition , Bruce Schneier, Cryptography authority wrote that defects in the formula can only be explained as the back door .
After reports of the back door was released in September , RSA encourages customers to stop using the number generator Dual Elliptic Curve .
But as the Clipper Chip fight two decades ago , this time spoke little in public RSA , and also declined to discuss how the shame of the NSA have affected the company 's relations with customers.
ليست هناك تعليقات:
إرسال تعليق