<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/23/2013 12:08 AM, Bill Cox wrote:<br>
</div>
<blockquote
cite="mid:CAOLP8p5F0cxLtbymp83MmwJwatVaDyMhWeFTP1UF2RSffZXAKw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><span
style="font-family:arial,sans-serif;font-size:19.200000762939453px">Does
this mean RSA denies accepting $10M for making the NSA RNG
the default in BSAFE? You did not say so in your post. So
now RSA "</span><span
style="font-family:arial,sans-serif;font-size:19.200000762939453px">categorically
denies" entering into a secret contract with the NSA. </span></div>
</div>
</blockquote>
<br>
No, they didn't say that. They said didn't "incorporate a known
flawed random number generator", they also said that they don't
reveal their contract details.<br>
<br>
My translation of their statement:<br>
<br>
- We are outraged our name has been smeared.<br>
- We were following a trend, back when we assumed the NSA worked
for security.<br>
- We only changed the default, trouble-makers looking to get fired
could still use a different RNG.<br>
- It was the FIPS standard, so even when folks pointed out its
flaws, we hid behind NIST guidence.<br>
- When NIST change their tune we told customers to go figure out
how change the default in their deployed Bsafe fobs and we started
working on this carefully worded press release.<br>
- We won't comment on the $10 million.<br>
- We were too stupid to have an opinion about Dual EC DRBG, we
didn't know it had any problems. Just because we have legendary
initials as our name doesn't change that we are just ignorant
businessmen, honest, we don't know any better.<br>
<br>
Breathtaking.<br>
<br>
-kb, the Kent who hopes he wasn't too brutal in his translation.<br>
</body>
</html>