ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Top security firm RSA sold out for $10 million

$10 million seems a paltry amount for a respected security company to sell out its very reason for existence, but in a secret 2006 deal, this is precisely what happened.

US company RSA is the firm behind the world’s most commonly used encryption toolkit, and its deal with the NSA meant that it not only included the NSA engineered Dual Elliptic Curve algorithm into its products, but also made it the default random number generator, fully incorporating it into the Bsafe software tool which also forms the basis of many other security products widely used to protect sensitive information.

Dual_EC_DRGB was engineered by the NSA, who used RSA’s adoption of it to help gain NIST (National Institutes of Standards and Technology) approval.  Since 2007 the cryptographic community has known that it contains a backdoor (which we discuss in this article), meaning that a number generated with it is not truly random, and can be discovered by the NSA.

RSA staff have defended their actions, saying that they were misled by the NSA who portrayed the formula as secure, and did not tell them that it knew how to crack it; ‘They did not show their true hand.’

It is bad enough that RSA took the money and allowed a secret government contract to influence their designs and dealings with other customers, but the fact that it continued to use and promote an algorithm known to be flawed for six years is an absolute scandal. It was only after Edward Snowden’s revelations brought the backdoor to public attention in September of this year that RSA urged its customers to stop using the Dual Elliptic Curve number generator.

It has to said that the only new information in the Reuters report is that RSA accepted payment from the NSA. For a company that was in the vanguard of resistance to the Clinton regime’s attempt to compromise all encryption with a so-called ‘clipper box’ back in the ‘nineties, this is a sad come-down. This report also comes in the week when a White House panel charged with reviewing NSA surveillance concluded that ‘encryption is an essential basis for trust on the Internet,’ and that the NSA 'should be banned from undermining encryption.’

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service