[Cryptography] What do we know? (Was 'We cannot trust' ...)

[Jerry Leichter]

On Dec 21, 2013, at 5:21 PM, andrew cooke wrote:
>> The deal was reported at the time, I heard it as 'NSA pays RSA $10 million
>> to make ECC available in BSafe'. Which was not at all surprising given that
>> we know RSA2048 (maybe RSA4096) is the end of the line for practical RSA.
> 
> do you have any reference for that?  i am trying to find support using
> google's search with date constraints, but am not finding anything.
Nothing I've seen so far describes what the $10M actually paid for.  So nothing is inconsistent with the possibility that what RSA saw was a $10M contract to provide BSAFE to some government agency - probably *not* NSA - that happened to include the requirement for including the Dual Elliptic Curve RNG and making it the default.  These kinds of things are par for the course in government contracts, and would have raised no questions at the business level - or likely even among the technical people.  After all, ECC was the hot new thing, and this RNG *was* in the NIST standard (or would be shortly).

Of course, it's also possible that RSA knew quite a bit about what NSA was up to.  I think that's highly unlikely just on general principles - why would NSA tell them, and failing that, how would RSA come to find out?  Still, RSA is going to have a hell of a time repairing their reputation.  NSA's actions of the last couple of decades are starting to cause all kinds of collateral damage.
                                                        -- Jerry