Winner 2013 Webby Awards for Best Political Website
Top Banner, Site wide
Apr 16, 2014

 Choose a size
Text Size

Top Leaderboard, Site wide

Jeb Bush’s Optimism School
Climate Costs ‘May Prove Much Higher’




Paul Robeson: A Life


Truthdig Bazaar
Dissent: Voices of Conscience

Dissent: Voices of Conscience

By Colonel (Ret.) Ann Wright and Susan Dixon
$15.00

more items

 
Ear to the Ground

NSA Paid Security Firm $10 Million to Distribute Bad Encryption

Email this item Email    Print this item Print    Share this item... Share

Posted on Dec 20, 2013
Shutterstock

A new Reuters report explains how the National Security Agency was able to get its backdoor encryption onto so many machines:

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

As The Verge explains, this answers a key question raised by the Snowden leaks:

When leaked documents claimed to have caught the NSA inserting bad protocols into the national standards board NIST, it raised more questions than answers. Why would the NSA go to the trouble of inserting a inferior standard into NIST’s set of four, when most cryptographers would simply ignore the bad algorithm in favor of the others? Even if foul play had occurred, what was the agency getting out of the deal?

Now, a Reuters exclusive report is showing the other side of the story. The report details a secret deal between the NSA and respected encryption company RSA, in which the agency paid $10 million for RSA to incorporate the weaker algorithm into an encryption product called BSafe. Because of the earlier work, the algorithm had been approved by NIST, so RSA could claim their encryption used only nationally certified protocols. At the same time, BSafe’s encryption was defaulting to a fundamentally flawed encryption algorithm, which the NSA could subvert whenever they needed to.

—Posted by Peter Z. Scheer

More Below the Ad

Advertisement

Square, Site wide

New and Improved Comments

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

Newsletter

sign up to get updates


 
 
Right 1, Site wide - BlogAds Premium
 
Right 2, Site wide - Blogads
 
Join the Liberal Blog Advertising Network
 
 
 
Right Skyscraper, Site Wide
 
Join the Liberal Blog Advertising Network
 

A Progressive Journal of News and Opinion   Publisher, Zuade Kaufman   Editor, Robert Scheer
© 2014 Truthdig, LLC. All rights reserved.