How Much Does an Encryption Backdoor Cost?
National Security Agency created intentional flaws in RSA’ encryption tokens and that was discovered in September, with a help of Edward Snowden. Now it was revealed that NSA paid $10 million to RSA to implement those backdoors in their encryption, according to Reuters new report.
Two people which were familiar with RSA’s BSafe soft told Reuters the RSA had received money in exchange for making the agency’s cryptographic formula the default encryption key in BSafe.
Security expert Bruce Schneier has his point of view for this: “Now when we know RSA was bribed, I sure as hell would not trust them. And they always stated they put customer security first.”
RSA is now owned by EMC Corp, the computer storage firm, which has a long history with the government. The company was contributory in stopping a government plan to place chips in computer that would have allowed the government to track and spy on people.
The new announcement is important, because it confirms suspected tactics that NSA employs, said Scheier. “You think they bribed only RSA in the history of their operations? We don’t know who’s also involved.”
Symantec, Microsoft and McAfee also have built their widely used encryption tools. “Nobody knows have they been bribed or not, so you don’t know who you are able to trust,” he said.
RSA “categorically” denied recent reports in a statement issued on Sunday.
“We have been working with the NSA, both as active member of the internet security community and a vendor. We have openly publicized this relationship and never kept it as a secret. Our goal has always been to consolidate government and commercial security.”
This statement denies a lot of claims, including that the RSA knowingly introduced a faulty number generator to its encryption libraries.
This leads to one of the conclusions – try to avoid the RSA encryption for a VPN connection.