<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
From Dave Farber's IP list. Stunning. Just stunning.<br>
<br>
-kb<br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>[IP] RSA Response to Media Claims Regarding NSA
Relationship</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Sun, 22 Dec 2013 20:18:28 -0500</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Dave Farber <a class="moz-txt-link-rfc2396E" href="mailto:dave@farber.net"><dave@farber.net></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Reply-To:
</th>
<td><a class="moz-txt-link-abbreviated" href="mailto:dave@farber.net">dave@farber.net</a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>ip <a class="moz-txt-link-rfc2396E" href="mailto:ip@listbox.com"><ip@listbox.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<br>
<br>
---------- Forwarded message ----------<br>
From: <b>Richard Forno</b> <br>
Date: Sunday, December 22, 2013<br>
Subject: RSA Response to Media Claims Regarding NSA Relationship<br>
To: Infowarrior List <<a moz-do-not-send="true"
href="mailto:infowarrior@attrition.org">infowarrior@attrition.org</a>><br>
Cc: Dave Farber <<a moz-do-not-send="true"
href="mailto:dave@farber.net">dave@farber.net</a>><br>
<br>
<br>
(c/o Jericho)<br>
<br>
RSA Response to Media Claims Regarding NSA Relationship<br>
<a moz-do-not-send="true"
href="https://blogs.rsa.com/news-media-2/rsa-response/"
target="_blank">https://blogs.rsa.com/news-media-2/rsa-response/</a><br>
<br>
December 22, 2013<br>
<br>
Recent press coverage has asserted that RSA entered into a “secret
contract” with the NSA to incorporate a known flawed random number
generator into its BSAFE encryption libraries. We categorically
deny this allegation.<br>
<br>
We have worked with the NSA, both as a vendor and an active member
of the security community. We have never kept this relationship a
secret and in fact have openly publicized it. Our explicit goal
has always been to strengthen commercial and government security.<br>
<br>
Key points about our use of Dual EC DRBG in BSAFE are as follows:<br>
<br>
• We made the decision to use Dual EC DRBG as the default
in BSAFE toolkits in 2004, in the context of an industry-wide
effort to develop newer, stronger methods of encryption. At that
time, the NSA had a trusted role in the community-wide effort to
strengthen, not weaken, encryption.<br>
<br>
• This algorithm is only one of multiple choices available
within BSAFE toolkits, and users have always been free to choose
whichever one best suits their needs.<br>
<br>
• We continued using the algorithm as an option within
BSAFE toolkits as it gained acceptance as a NIST standard and
because of its value in FIPS compliance. When concern surfaced
around the algorithm in 2007, we continued to rely upon NIST as
the arbiter of that discussion.<br>
<br>
• When NIST issued new guidance recommending no further
use of this algorithm in September 2013, we adhered to that
guidance, communicated that recommendation to customers and
discussed the change openly in the media.<br>
<br>
RSA, as a security company, never divulges details of customer
engagements, but we also categorically state that we have never
entered into any contract or engaged in any project with the
intention of weakening RSA’s products, or introducing potential
‘backdoors’ into our products for anyone’s use.<br>
<br>
<br>
---<br>
Just because i'm near the punchbowl doesn't mean I'm also drinking
from it.<br>
<br>
<br>
<div
style="width:auto;margin:0;padding:5px;background-color:#fff;clear:both;border-top:
1px solid #ccc;" bgcolor="#ffffff">
<table style="background-color:#fff" bgcolor="#ffffff"
border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td padding="4px"> <font style="font-family:helvetica,
sans-serif;" color="#333333" size="1"> <a
moz-do-not-send="true"
style="text-decoration:none;color:#669933;border-bottom:
1px solid #444444"
href="https://www.listbox.com/member/archive/247/=now"
title="Go to archives for ip">Archives</a>
<a moz-do-not-send="true" border="0"
style="text-decoration:none;color:#669933"
href="https://www.listbox.com/member/archive/rss/247/125678-f3167250"
title="RSS feed for ip"><img moz-do-not-send="true"
src="https://www.listbox.com/images/feed-icon-10x10.jpg" border="0"></a>
| <a moz-do-not-send="true"
style="text-decoration:none;color:#669933;border-bottom:
1px solid #444444"
href="https://www.listbox.com/member/?member_id=125678&id_secret=125678-586023a8"
title="">Modify</a> Your Subscription | <a
moz-do-not-send="true"
style="text-decoration:none;color:#669933;border-bottom:
1px solid #444444"
href="https://www.listbox.com/unsubscribe/?member_id=125678&id_secret=125678-9f2875ca&post_id=20131222201900:324A04FA-6B70-11E3-BE49-F5515A2DC128"
title="">Unsubscribe Now</a>
</font></td>
<td align="right" valign="top"><a moz-do-not-send="true"
style="border-bottom:none;"
href="http://www.listbox.com">
<img moz-do-not-send="true"
src="https://www.listbox.com/images/listbox-logo-small.png"
title="Powered by Listbox" border="0"></a></td>
</tr>
</tbody>
</table>
</div>
<br>
</div>
<br>
</body>
</html>