NSA required web-encryption firm to include backdoors

The US National Security Agency persuaded web-encryption company RSA to develop a more vulnerable random-number generator to make it easier to spy on businesses, Reuters has reported. http://www.bbc.com/news/technology-26834889
The news agency reported research suggesting the software had made reading companies’ encrypted messages about 65,000 times easier.
RSA said it should “have been more sceptical of NSA’s intentions”.
The NSA declined to comment on any collaboration with RSA.
The research followed the description of a project to undermine commercial encryption systems in papers leaked by former NSA systems administrator Edward Snowden, published in late 2013.
Proving unpopular
RSA chief technology officer Sam Curry told Reuters it had trusted the NSA because of the agency’s role in securing communications and critical infrastructure for the US government.
He added the NSA-inspired random-number generator had been removed from its product line after proving unpopular with customers.
In December 2013, Reuters reported the NSA had paid RSA $10m (£6m) to insert a flaw or “backdoor” into another, more widely used, software module that also generated random numbers to help with encryption.
At that time, RSA “categorically denied” that accusation and said it had not signed any secret deal with the NSA.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: