Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA Flatly Denies That It Weakened Crypto For NSA Money

Posted by timothy on from the problem-with-denials dept.

The Register reports that RSA isn't taking quietly the accusation reported by Reuters, based on documents released by Edward Snowden, that the company intentionally used weaker crypto at the request of the NSA, and accepted $10 million in exchange for doing so. RSA's defends the use of the Dual Elliptic Curve Deterministic Random Bit Generator, stating categorically "that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

25 of 291 comments (clear)

  1. Yeah, right by Anonymous Coward · · Score: 5, Funny

    Tell it to 60 Minutes.

    1. Re:Yeah, right by game+kid · · Score: 5, Funny

      I can imagine Samuel L. Jackson popping out of nowhere to tell RSA, "Yes you did! YES YOU DID." Actually I kinda wish that happened.

      --
      You can hold down the "B" button for continuous firing.
  2. Trust none of them by CuteSteveJobs · · Score: 5, Insightful

    RSA denying it? "Well, he would, wouldn't he?" - Mandy Rice-Davies

    If this story turns out to be true, then RSA's name is mud. Only a complete and utter moron would buy from them after this.

    Same goes for the other companies who have been selling us out. Even Google and Microsoft who are now leaking stories about them boldly protecting their backbones from the NSA have been handing over our data, and in the case of Microsoft took cold hard cash to add backdoors to Skype and God knows what else. If you trust *any* of these companies you are a complete and utter moron.

    1. Re:Trust none of them by khasim · · Score: 5, Interesting

      An even easier test of trust:

      The post, carefully worded to avoid discussing whether or not the company took $10m from the NSA, concluded with the following statement:

      Did RSA take $10 million from the NSA and if so for what service?

      So far it looks like they aren't arguing that they did NOT take the money.

    2. Re:Trust none of them by VortexCortex · · Score: 5, Interesting

      Only a complete and utter moron would buy from them after this.

      Remember how the RSA SecureID authentication system was hacked?

      Now, the way you do these tokens is to have a counter or timer inside them that's synchronized with an external system. You simply encrypt the counter and that's your verifiable ID code. The server can authenticate a couple counts in the past or present to give a wider window, and updates if drift is detected to stay in sych.

      There's a concept in security called "single point of failure" that all competent security researchers are aware of and attempt to avoid, but RSA didn't. They didn't let you seed your own SecureIDs. Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim. Additionally, RSA can grant access to other people, say the NSA, by seeding a SecureID with a duplicate of yours. Furthermore, if RSA is compromised then everyone who uses SecureID is at risk, they've made themselves a single point of failure.

      A better approach is to allow businesses to seed your security cards yourself, and run your own servers. This way there's no single point of failure for the entire card system -- Compromise one business doesn't leak to others. You don't have to rely on external servers for validation so even if all external lines are cut, your intranet can still validate cards. And you don't have to worry about the NSA compromising the folks you bought the cards from after you purchased them -- Only your systems know the authentication codes -- The crackers have to crack your database.

      It wasn't surprising to me that RSA would get compromised because they were the single point of failure, it was only a matter of time (if not pre-compromised from inception). It wasn't surprising at all when defense related companies like Lockheed Martin and L-3 Communications were compromised thanks to RSA's SecureID breech.

      Now, given the ineptitude you'd have to have as a team of premier security researchers to screw the pooch this badly in the design of your security product, and given how asinine it would be to select the absolute worst and slowest random number generator as the default for your BSafe security product, knowing you have many embedded platform use-cases, and given that it was known well in advance that trusting the PRNG was ill advised... Then considering Snowden leaks info explaining that the NSA was paying RSA to botch and weaken their security systems. Yeah, that makes perfect sense.

      Given a gag order I'd understand RSA keeping quiet on this. If they cared about security of their customers then at that point we'd see RSA engineering a completely new line of security products with a goal to put our minds at ease, and inexplicably discontinue their past offerings. However, since they opened their fool mouths and claimed not to be screwing up everything on purpose... At least if they were forced to mess things up this bad I could understand, and once the spying apparatus has been dismantled I'd consider RSA still viable. However, if the NSA wasn't paying RSA to botch their security systems, then they can never be trusted again.

      I use YubiKey instead. I can run my own server, install my own codes in the tokens, or let yubico do it if the application doesn't require such security. The protocol and server source code is open. I hear Google's partnering with them too.

      Sad, really. Now anything RSA has touched I'm distancing myself from.

    3. Re:Trust none of them by Jah-Wren+Ryel · · Score: 5, Informative

      Instead, they seeded them. In this way you had to rely on RSA to authenticate the tokens for you, instead of let you run your own server. So, this immediately raises several red flags for a security aware person: Denial of Service == All your cards stop authenticating at RSA's whim.

      I have personal experience implementing a SecureID based system and I can say that is not true.

      Yes, RSA seeds the tokens. No there is no external reliance on RSA to validate them in the field. You do have to run their authentication server, but it does not phone home at all. RSA is not an active participant in each authentication, they can't stop valid tokens from continuing to work. I can say this categorically because I worked with a SecureID system on an air-gapped network. It was physically impossible to phone home to RSA.

      --
      When information is power, privacy is freedom.
  3. Not that strongly worded by Etherwalk · · Score: 5, Insightful

    The problem is that the NSA has been lying to everyone with doublespeak--asking permission for X warrants when the warrants really covered umpteen billion warrants, things like that. So while this press release categorically denies "that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries[,]" it could still be truthful even if any ONE of the facts in that list is false.

    For example, "known" flawed random number generator--suppose the NSA knew it was flawed and RSA didn't. This denial does not contradict that.

    In the context of a topic where companies and government agencies are lying regularly by using careful diction, even a "strong" "categorical" denial has to eliminate the possibility of loopholes in order for it to be believable.

    1. Re:Not that strongly worded by Trepidity · · Score: 5, Insightful

      That was my read of the statement as well. Essentially all they're denying is that they openly sold the rights to backdoor their software. It could still be the case that they wink-wink sold those rights. Or it could be the case that they were just dupes rather than in cahoots with the NSA; it's not entirely implausible that they thought they were helping out the NSA by making the change for a reason unrelated to backdooring the software.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  4. They're not denying the article really by Error27 · · Score: 5, Interesting

    They're just claiming again that they assumed the NSA were good people.

    This all happened in 2006. RSA adopted DUAL_EC. RSA was sold to EMC. NIST released the standard. Microsoft researchers showed the flaws in DUAL_EC. The flaws in DUAL_EC have been known since 2006, the only thing we didn't know was that they were deliberate.

    Also it's interesting to note that an anonymous organization paid for the same DUAL_EC algorithm to be added to Open SSL. With Open SSL at least they didn't make it the default but it's not far off from what RSA did.
    http://arstechnica.com/security/2013/12/nsas-broken-dual_ec-random-number-generator-has-a-fatal-bug-in-openssl/

  5. RSA's name is now mud by CuteSteveJobs · · Score: 5, Interesting

    The Guardian ran the story. If it wasn't true RSA could sue their arses off in court for the value of their now worthless business. Guardian wouldn't dare run it unless they could prove it is true. http://www.theguardian.com/world/2013/dec/20/nsa-internet-security-rsa-secret-10m-encryption

    1. Re:RSA's name is now mud by CuteSteveJobs · · Score: 5, Insightful

      What you are saying is incorrect. In the UK if I tell you a lie about someone, and you repeat it publicly, you can be sued for libel. The fault is yours for not verifying the damaging information before you published it. Merely printing a retraction isn't enough, because once the accusation is made it sticks in the public mind. Otherwise I can call you a pedo, and retract it later. It doesn't work that way. Sometimes a retraction might satisfy the defamed party, but if the damage is significant they can decide to sue you anyway. In this case no one would ever trust RSA again, so the damage is severe. If the story was fake, RSA could sue the Guardians arse off.

      As for your theory that competitors leaked this to damage RSA, you have not offered a shred of evidence, and your premise that the Guardian can print untrue stories without being sued for libel is false.

  6. Re:Come On by Anonymous Coward · · Score: 5, Interesting

    Just to play devil's advocate, here's a plausible scenario which makes RSA look stupid but not evil:

    NSA approaches RSA with their fancy new NIST/FIPS standard and says that it prefers that government agencies and contractors use Dual_EC_DRBG as soon as possible. Maybe they have super secret intel that China broke SHA-1. Who knows. All the RSA knows is that the NSA mission statement includes counter-intelligence--i.e. protecting the government.

    Because so many agencies and contractors use products based on BSafe, the NSA wants to fast track an upgrade. The NSA says that it would pay RSA for the trouble of integrating Dual_EC_DRBG into BSafe as the default FIPS-compliant mode, and for the trouble of getting it tested and certified by NIST. It offers $10 million, which is a reasonable sum for that not inconsiderable effort on the part of RSA.

    I still wouldn't trust RSA as far as I could throw them, but in this scenario everybody is being sincere and earnest. But for a company like RSA, suspicion should have been the order of the day. But as others have mentioned before, RSA is more managerial driven these days. While their researchers may have raised an eye brow, at this point they don't have the clout to veto an executive decision, because all the famous guys (the ones with a spine and a reputation to burnish) have left.

  7. Non-denial denial by dido · · Score: 5, Informative

    As usual with these things, it's a non-denial denial. "RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use." Emphasis added. The first part says that they can't say whether they've taken any money from the NSA, so the story of them receiveing $10 million from the NSA could still be true. The second part leaves a lot of wiggle room. The word "intention" is the weasel. The statement leaves open the possibility that they could have taken the money from the NSA in good faith, in the same way that Mozilla takes Google's money in exchange for making Google the default search engine in Firefox. They didn't know then what the NSA's true intentions were in pushing use of Dual_EC_DRBG (never that mind it's several orders of magnitude slower than any other CPRNG algorithm described in NIST SP 800-90A). They were already using it in BSAFE as early as 2004, and the algorithm became a NIST recommendation in 2006. The possibility of a backdoor in the algorithm was floated publicly in 2007, a few months after it was published. I for one don't buy that they did all this in good faith, but there's no way to prove it unless some cryptographer who was employed by RSA at the times in question blows the whistle and says they had suspicions with the algorithm and the NSA's intentions for it.

    The NSA wasn't always thought of as so evil. They modified the DES s-boxes so as to strengthen it against a cryptanalytic technique (differential cryptanalysis) that was known only to them and IBM since at least 1974, and kept classified until it was independently discovered by the academic cryptographic community in the late 1980s, so there may be some reason to give RSA the benefit of the doubt.

    --
    Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  8. It's a very sad day by Taco+Cowboy · · Score: 5, Insightful

    It's a very sad day when we have media which prostituting themselves to the BIG BROTHER and companies betraying the trust of their customers for some breadcrumbs.

    If all that happened in a banana republic we may say "Oh, but they are banana republics".

    But no. All these are happening in the United States in America !

    What hath my beloved country turned into ?

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:It's a very sad day by makomk · · Score: 5, Informative

      Except they didn't notify their customers when the potential backdoor became public knowledge and most crypto library developers cautioned against it. That happened a year or two after it was introduced back in 2006 or 2007, yet they didn't notify their customers or change it from being the default until 2013, leaving those customers using crypto that RSA basically knew was backdoored for years. (It should've been even more obvious to RSA that there was a backdoor than it was to the rest of the crypto community, since the people with the ability to backdoor it had bribed them to use it as the default in their crypto product.)

    2. Re:It's a very sad day by FlyHelicopters · · Score: 5, Insightful

      2. How much can you trust Snowden Up to this point he was just making claims against an agency that largely cannot (or will not) comment about their practices. Now he is making claims against a public company that could pursue him civilly for libel

      Eh? Really? Repeat that back to yourself and see if it makes any more sense the second time around...

      Snowden is wanted for serious crimes against the government of the United States of America, the penalties for which involve spending the rest of his life in a 8x10 foot concrete cell by himself.

      I think he is way, way past civil liabilities against a company or any suing it might do against him in a court of law.

  9. Actually ... by Taco+Cowboy · · Score: 5, Interesting

    the lady doth protest too much

    Actually, I think that lady is trying very hard to circumvent the truth.

    Witness:

    ... that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use

    What the Snowden paper has revealed was not about "any contract" nor "any project", rather, it's about a one-time payment of $10 million (under table or not, unfortunately the Snowden's paper didn't state clearly) - and the result is a crippled RSA product for the rest of us.

    If the $10 million payment was an under table transaction, then there would be *NO* contract signed nor any *official project".

    What it entailed would be a change of a couple of lines of code, that is all to it.

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Actually ... by sjames · · Score: 5, Insightful

      And, of course, the weasel words. Their intention was not to weaken the crypto, that was a side effect. The intention was to pocket $10mil and perhaps a favor to be named later.

  10. Re:Links by Taco+Cowboy · · Score: 5, Interesting

    Microsoft handed the NSA access to encrypted messages à Secret files show scale of Silicon Valley co-operation on Prism ...

    I won't be able to represent anybody but myself but my companies, at least the time I was running them, never get involved with NSA / CIA / FBI or any of those alphabet agencies.

    Yes, from time to time they did flag us (and even contacted some of my co-workers). What we did in return was to move part of our operations out of USA in order to not getting involved.

    --
    Muchas Gracias, Señor Edward Snowden !
  11. I don't trust anyone by Taco+Cowboy · · Score: 5, Insightful

    I do not trust Snowden just because he is Snowden. I do not know that guy in person. I only heard of his name after what he has disclosed what NSA had done - PRISM / GCHQ / tapping on foreign leaders, and so on.

    Every single "story" about a leak that has been linked to Snowden file is just that, a "story".

    After reading them, I re-traced the link back to the matter itself. If there are articles related to the matter, I give them a good read up.

    The case regarding RSA for example - there have been case studies since 2006 (and earlier) that can be used as reference to what has just been reported.

    That is why I say it is a very sad day when my country has turned into something worse than a banana republic.

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:I don't trust anyone by PopeRatzo · · Score: 5, Funny

      "Never attribute to malice that which can adequately be explained by incompetence".

      In this case, I think it's more adequately explained by $10million.

      --
      You are welcome on my lawn.
    2. Re:I don't trust anyone by fuzzyfuzzyfungus · · Score: 5, Insightful

      It's always an, um, excellent, sign when the company's own spokesweasels are asking you to accept the 'we were incompetent, really!' excuse.

      "we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."

      Their 'categorical denial' of the story is not a denial that they did enter a contract or engage in a project that did weaken RSA's product and introduce a backdoor into their products for somebody's use; but merely the assertion that they never did so intentionally. Slightly different things there...

    3. Re:I don't trust anyone by Anubis+IV · · Score: 5, Insightful

      If they didn't do it for the NSA

      I know you're stating that rhetorically, but I'd like to answer it anyway. Read their relevant parts of their "denial" again:

      Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

      we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use.

      They never denied entering a contract with the NSA. All they denied was that they entered a contract with the intention of undermining their own products, which is not something that they were being accused of by most reasonable people. As you said, it's far easier to attribute this to incompetence than malice, and most of us aren't accusing them of intentionally sabotaging their own products; we're accusing them of being negligent in their duties by not being careful enough in accepting gifts from players in the game who have competing interests. Moreover, as a publicly traded company, they've already had to disclose the budget of the division that received the funds, so we know that the funds were received and that a contract does exist.

      TL;DR: It's a standard non-denial denial. They denied the worst possible stuff that the sensationalists were accusing them of, while using strong words like "categorical" to give the impression they were denying everything, when really, they were merely denying a set of claims taken in whole, leaving wide open the accusations of the very realistic misdeeds they stood accused of.

  12. Yes, and US companies are losing billions by deanklear · · Score: 5, Insightful

    U.S. cloud providers have already lost business over the NSA leaks, but now the Information Technology and Innovation Foundation (ITIF) has a report putting a dollar amount on the short-term costs: $21.5 to $35 billion over the next three years.

    ITIF based these estimates in part on the Cloud Security Alliance survey showing that 10 percent of officials at non-U.S. companies cancelled contracts with U.S. providers and 56 percent of non-U.S. respondents are hesitant to work with U.S. cloud based operators after the leaks.

    And before you have pity on US firms losing this cash, remember that they have been knowingly aiding the NSA and the CIA and any other government entity that came knocking for years, and they would still be handing over our data (and they probably still are) without any concerns had Snowden not exposed the extent of the NSA's illegal, immoral, unconstitutional, and and brazenly stupid surveillance program.

    When Angela Merkel is comparing the NSA to the Stasi, we've got problems. When Chinese tech firms become more trusted than American tech firms, we've got problems. When a schmuck wearing a military costume -- which is a disgrace to people who served their country instead of their government -- lies to congress about spying on Americans and gets away with it, we've got problems. "General" Keith B. Alexander was head of Army Intelligence and missed the piles of evidence pointing towards 9/11, and even after he helped the state security apparatus morph into the world's largest and most expensive spying effort, the organization under his control has still failed to stop a single terrorist attack.

    The NSA, the CIA, and Mr. Alexander are a disgrace to our country, but they are unfortunately typical of American government, and the corporations that have been colluding with them for years. They're more interested in their own careers and dollar signs than they are about upholding the Constitution, but when they are caught, they hide behind their military titles and bullshit legalese because they have no redeeming qualities as individuals or as organizations.

    If it seems personal, its because it is personal. It may just be a coincidence that I am flagged constantly when I cross the border for "random" searches, but I live in a country where I can't even find out why I seem to be a magnet for the attention of the security state. For my own protection, I am not allowed to know what my government is doing. And now that the NDAA has passed, an American agent could pick me up and detain me indefinitely without a trial.

    Thanks for protecting American ideals from those totalitarian invaders, Mr. Alexander. You're doing a heckuva job.

  13. Re:Here's a better one. by spacepimp · · Score: 5, Insightful

    The test is simple. If Snowden lied, then the NSA and the President have nothing to charge him with. It is simple. They tried claling him a liar and a traitor guilty of treason in the same paragraph. When it was pointed out he couldn't be both they quickly stopped pretending he was lying.