[Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding NSA Relationship
Kent Borg
kentborg at borg.org
Sun Dec 22 21:55:51 EST 2013
From Dave Farber's IP list. Stunning. Just stunning.
-kb
-------- Original Message --------
Subject: [IP] RSA Response to Media Claims Regarding NSA Relationship
Date: Sun, 22 Dec 2013 20:18:28 -0500
From: Dave Farber <dave at farber.net>
Reply-To: dave at farber.net
To: ip <ip at listbox.com>
---------- Forwarded message ----------
From: *Richard Forno*
Date: Sunday, December 22, 2013
Subject: RSA Response to Media Claims Regarding NSA Relationship
To: Infowarrior List <infowarrior at attrition.org
<mailto:infowarrior at attrition.org>>
Cc: Dave Farber <dave at farber.net <mailto:dave at farber.net>>
(c/o Jericho)
RSA Response to Media Claims Regarding NSA Relationship
https://blogs.rsa.com/news-media-2/rsa-response/
December 22, 2013
Recent press coverage has asserted that RSA entered into a “secret
contract” with the NSA to incorporate a known flawed random number
generator into its BSAFE encryption libraries. We categorically deny
this allegation.
We have worked with the NSA, both as a vendor and an active member of
the security community. We have never kept this relationship a secret
and in fact have openly publicized it. Our explicit goal has always been
to strengthen commercial and government security.
Key points about our use of Dual EC DRBG in BSAFE are as follows:
• We made the decision to use Dual EC DRBG as the default in
BSAFE toolkits in 2004, in the context of an industry-wide effort to
develop newer, stronger methods of encryption. At that time, the NSA had
a trusted role in the community-wide effort to strengthen, not weaken,
encryption.
• This algorithm is only one of multiple choices available
within BSAFE toolkits, and users have always been free to choose
whichever one best suits their needs.
• We continued using the algorithm as an option within BSAFE
toolkits as it gained acceptance as a NIST standard and because of its
value in FIPS compliance. When concern surfaced around the algorithm in
2007, we continued to rely upon NIST as the arbiter of that discussion.
• When NIST issued new guidance recommending no further use of
this algorithm in September 2013, we adhered to that guidance,
communicated that recommendation to customers and discussed the change
openly in the media.
RSA, as a security company, never divulges details of customer
engagements, but we also categorically state that we have never entered
into any contract or engaged in any project with the intention of
weakening RSA’s products, or introducing potential ‘backdoors’ into our
products for anyone’s use.
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
Archives <https://www.listbox.com/member/archive/247/=now>
<https://www.listbox.com/member/archive/rss/247/125678-f3167250> |
Modify
<https://www.listbox.com/member/?member_id=125678&id_secret=125678-586023a8>
Your Subscription | Unsubscribe Now
<https://www.listbox.com/unsubscribe/?member_id=125678&id_secret=125678-9f2875ca&post_id=20131222201900:324A04FA-6B70-11E3-BE49-F5515A2DC128>
[Powered by Listbox] <http://www.listbox.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131222/5eebf9ca/attachment-0001.html>
More information about the cryptography
mailing list