mailing list archives
Re: Exclusive: Secret contract tied NSA and security industry pioneer
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 20 Dec 2013 18:27:46 -0500
I wonder what the NSA got in return for the $25 million deal with Certicom.
On Fri, Dec 20, 2013 at 5:35 PM, Paul Ferguson <fergdawgster () mykolab com> wrote:
"As a key part of a campaign to embed encryption software that it could
crack into widely used computer products, the U.S. National Security
Agency arranged a secret $10 million contract with RSA, one of the most
influential firms in the computer security industry, Reuters has learned.
"Documents leaked by former NSA contractor Edward Snowden show that the
NSA created and promulgated a flawed formula for generating random
numbers to create a "back door" in encryption products, the New York
Times reported in September. Reuters later reported that RSA became the
most important distributor of that formula by rolling it into a software
tool called Bsafe that is used to enhance security in personal computers
and many other products.
"Undisclosed until now was that RSA received $10 million in a deal that
set the NSA formula as the preferred, or default, method for number
generation in the BSafe software, according to two sources familiar with
the contract. Although that sum might seem paltry, it represented more
than a third of the revenue that the relevant division at RSA had taken
in during the entire previous year, securities filings show."
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.