RSA Security received $ 10 million from the NSA for using a pseudo-random number generator

On Habré already wrote how RSA Security announced the presence of the NSA-backdoor in their products, now, there was information that it was Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generation) that caused them to use pseudorandom numbers as a generator of pseudorandom numbers. bribe from the US National Security Agency.

According to Reuters sources, the NSA paid $ 10 million to RSA Security in exchange for guarantees of using the deliberately unreliable algorithm for generating pseudo-random numbers in their cryptographic products. This amount may seem insignificant, but in fact, it accounted for more than a third of the revenues of the relevant division of the company at that time. In 2005, sales of BSAFE libraries brought the company a total of $ 27.5 million out of $ 310 million in revenue for the entire RSA Security. And in 2006, the company was acquired by technology giant EMC for $ 2.1 billion.

Already in 2007, researchers from Microsoft (Dan Shumow and Niels Ferguson) noticed that the generator contains flaws that can be applied as a “perfect back door” in any encryption algorithm using Dual_EC_DRBG.


')
All suspicions remained the lot of a narrow circle of experts on cryptography, until in September 2013 secret documents from Snowden leaked to the press and the manufacturer itself recommended to stop using products that include the Dual_EC_DRBG generator.

For its part, RSA claims that they have never colluded with the NSA to jeopardize the security of their products and if the government knows how to break their encryption, then they have nothing to do with it. “RSA always acts in the interests of its customers and under no circumstances develops or implements backdoors in its products,” the company said.

This case confirms the information from the documents of Edward Snowden, which mentioned this kind of subversive activities of the NSA, aimed at weakening the widely used algorithms and encryption standards.