RSA denies link with US spying agency

RSA security tag RSA has denied reports that it struck a deal with the NSA to weaken some of its products

Related Stories

Security firm RSA has strongly denied reports it signed a "secret contract" with the NSA spying agency.

On December 21, a Reuters report said the NSA paid RSA to use a random number generator now known to be flawed.

In a blogpost RSA "categorically" denied the allegation that this opened a backdoor into any product in which it was used.

In September 2013, RSA told users to avoid using the code when its flaws were confirmed.

Bad numbers

The Reuters report said the NSA paid RSA $10m (£6.1m) to use a random number generator that has since been discovered to open a backdoor into any software in which it was used.

Documents released by whistleblower Edward Snowden have confirmed the existence of backdoors in some technologies RSA, and other firms, used in their products.

The random number generator, known as the "Dual Elliptic Curve Deterministic Random Bit Generator" (Dual EC DRBG), became a standard part of some RSA products in 2004.

In 2007 academic research revealed that the number generator had serious weaknesses that, if exploited, could let eavesdroppers get at data it was supposed to help protect. In its blogpost, RSA explained that it continued to rely on the system in 2007 following advice from the US standards body that oversaw development of such systems.

It also followed the advice of this body when it told users to stop using the module earlier this year.

In addition, RSA added, the Dual EC DRBG was one of several different random number generators available and customers were "free to choose whichever one best suited their needs".

It concluded: "We also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

In response, Reuters reporter Joseph Menn who broke the story said in a tweet: "We stand by our RSA story."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

How to trick terrible travellers

And other ideas for happier commutes Read more...

Programmes

  • A person taking a photo of fireworks on a smartphoneClick Watch

    A look at the latest gadgets which could make it easier to take the perfect night-time picture

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.