NSA paid $10 million to put its backdoor in RSA encryption, according to Reuters report

71

When leaked documents claimed to have caught the NSA inserting bad protocols into the national standards board NIST, it raised more questions than answers. Why would the NSA go to the trouble of inserting a inferior standard into NIST's set of four, when most cryptographers would simply ignore the bad algorithm in favor of the others? Even if foul play had occurred, what was the agency getting out of the deal?

The NSA could subvert the encryption whenever they needed to

Now, a Reuters exclusive report is showing the other side of the story. The report details a secret deal between the NSA and respected encryption company RSA, in which the agency paid $10 million for RSA to incorporate the weaker algorithm into an encryption product called BSafe. Because of the earlier work, the algorithm had been approved by NIST, so RSA could claim their encryption used only nationally certified protocols. At the same time, BSafe's encryption was defaulting to a fundamentally flawed encryption algorithm, which the NSA could subvert whenever they needed to.

Anyone who knows the right numbers can decipher the resulting cryptotext

The bad program in question is known as DUAL_EC_DRBG, and cryptographers have found it suspicious for years. The program has a random number generator, but there are a number of fixed, constant numbers built into the algorithm that can function as a kind of skeleton key. Anyone who knows the right numbers can decipher the resulting cryptotext — a feature that leaked Snowden documents confirm was installed by the NSA. The algorithm is also more than a hundred times slower than the alternative random number generators, which has led almost all major encryption programs to abandon the program. However, since BSafe is based on closed-source protocols, RSA was able to implement DUAL_EC_DRBG as a default setting effectively in secret.

In a statement to Reuters, RSA denied the allegations it had implemented the backdoor. "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," a spokesman said. "Decisions about the features and functionality of RSA products are our own."

More from The Verge

Back to top ^
X
Log In Sign Up

forgot?
Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5345_tracker