RSA has angrily responded to accusations that it was paid by the National Security Agency U.S. (NSA ) to include encryption products deliberately weakened security provider .
The company warned in September that two of its products had been deliberately weakened by the technology created by the NSA , which effectively created a backdoor that would make it easier to access private communications.
According to a Reuters report on Friday , which did not tell customers was that these weaknesses were put there knowingly in exchange for a payment of $ 10 million as part of a "secret agreement " with the NSA.
Backdoor Encryption thief thief thief NSA Security © Robert Hoetink Shutterstock
Categorical rejection RSA
" We categorically deny this accusation ," said a statement from the RSA . It does do paid work for the NSA security of the government, but said he made his own decision to use the technology.
Back in September , leakage of Edward Snowden said the NSA had deliberately weakened a mathematical tool used to provide random numbers called dual elliptic curve deterministic random bit generation (Dual -CE- DRBG ) , making it possible to predict the numbers produce and therefore weaken any encryption method used .
RSA uses Dual -CE- DRBG default Bsafe box tools for developers, and Reuters says RSA sources told that the NSA paid $ 10 million for the service - a figure that represents about a third of the annual income of that part of RSA .
In his defense, said that RSA algorithm adopted back in 2004 , when everyone still trusted NSA Although the default is inside Bsafe , the product has always included multiple choice and, presumably , only continued using the method , as specified in government contracts under the FIPS specification.
The use of the algorithm is not the issue heated some reports have implied . In fact, in 2007 , it was revealed by researchers Dan Shumow and Niels Ferguson actually had a backdoor that allows the NSA to decode its output (reported in Wired by security expert Bruce Schneier ) . Since then, the security people who remain have used only when required to do so in government contracts .
According to RSA, prompting advice in September was no disclosure by Snowden, but a change in the standard of compliance with U.S. government FIPS "When NIST issued new guidelines recommending any use of this algorithm in September 2013 , joined the orientation, reported that the recommendation to customers change and discussed openly in the media ," says RSA statement .
ليست هناك تعليقات:
إرسال تعليق