Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reuters: RSA Weakened Encryption For $10M From NSA

Posted by timothy on from the 30-pieces-of-silver-seemed-too-derivative dept.

Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"

5 of 464 comments (clear)

  1. SSL Security by Vellmont · · Score: 5, Informative

    "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
    No. SSL doesn't specify the method to produce random numbers. Why would it? The NIST method is very very slow, so I'd be surprised if any browsers or servers used it as the random number source.

    --
    AccountKiller
  2. TYPO: you mean RSA sold out its customers by Anonymous Coward · · Score: 5, Informative

    TYPO: you mean RSA sold out its customers

  3. It's not the crypto, it's the RNG by kriston · · Score: 5, Informative

    Having worked with pre-2000 versions of RSA BSAFE, the thing that the NSA paid RSA to do was to change the default selection of the random number generator with a weaker one. Nobody had to use the default version--it was just picked if you didn't specify one (or a callback to your own RNG). We had our own multi-threaded rendezvous noise generator thing since this was back before hardware entropy engines.

    Oh, and before that, the NSA had unsuccessfully tried to get RSA to tell people that 512-bit keys were safe enough. It wasn't successful mostly because the old guard was still running the company then.

    --

    Kriston

  4. The end of personal privacy and of private life by matbury · · Score: 5, Informative

    Christopher Hitchens, in his inimitable style, tried to get across what makes states like North Korea, Iran, and Iraq (under the Ba'ath party) so... well... indescribably unpleasant to live in. One of the cornerstones of such states is that they eradicate privacy and private life (a core theme of Orwell's 1984). Here's Hitch's attempt to describe it on Fora.tv: https://www.youtube.com/watch?v=Z-rTT8TPcck (Running time 1:00:52). The USA is assembling the infrastructure for the mother of all totalitarian states. They can do it better than anyone else in history, ...ever.

  5. Re:Voting systems too. by cryptizard · · Score: 5, Informative

    That is how academia works. You can never be 100% sure that something is secure without extensive evaluation and peer review. Ron Rivest has published hundreds of papers, it's guaranteed that some of them contain mistakes. Insinuating that he did it because the NSA told him too is patently ridiculous.