Top Leaderboard, Site wide
October 26, 2014
Truthdig: Drilling Beneath the Headlines
Sign up for Truthdig's Email NewsletterLike Truthdig on FacebookFollow Truthdig on TwitterSubscribe to Truthdig's RSS Feed

Get Truthdig's headlines in your inbox!


Universities Trash Football In Waste Reduction League
Europe Faces Crunch Decision on Climate Policy






Truthdig Bazaar
The Virgin of Flames

The Virgin of Flames

By Chris Abani
$11.20

more items

 
Ear to the Ground

NSA Paid Security Firm $10 Million to Distribute Bad Encryption

Email this item Email    Print this item Print    Share this item... Share

Posted on Dec 20, 2013
Shutterstock

A new Reuters report explains how the National Security Agency was able to get its backdoor encryption onto so many machines:

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

As The Verge explains, this answers a key question raised by the Snowden leaks:

When leaked documents claimed to have caught the NSA inserting bad protocols into the national standards board NIST, it raised more questions than answers. Why would the NSA go to the trouble of inserting a inferior standard into NIST’s set of four, when most cryptographers would simply ignore the bad algorithm in favor of the others? Even if foul play had occurred, what was the agency getting out of the deal?

Now, a Reuters exclusive report is showing the other side of the story. The report details a secret deal between the NSA and respected encryption company RSA, in which the agency paid $10 million for RSA to incorporate the weaker algorithm into an encryption product called BSafe. Because of the earlier work, the algorithm had been approved by NIST, so RSA could claim their encryption used only nationally certified protocols. At the same time, BSafe’s encryption was defaulting to a fundamentally flawed encryption algorithm, which the NSA could subvert whenever they needed to.

—Posted by Peter Z. Scheer

More Below the Ad

Advertisement

Square, Site wide

New and Improved Comments

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

 
Right 1, Site wide - BlogAds Premium
 
Right 2, Site wide - Blogads
 
Join the Liberal Blog Advertising Network
 
 
 
Right Skyscraper, Site Wide
 
Join the Liberal Blog Advertising Network
 

A Progressive Journal of News and Opinion   Publisher, Zuade Kaufman   Editor, Robert Scheer
© 2014 Truthdig, LLC. All rights reserved.