[Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding NSA Relationship
Kent Borg
kentborg at borg.org
Mon Dec 23 08:40:12 EST 2013
On 12/23/2013 12:08 AM, Bill Cox wrote:
> Does this mean RSA denies accepting $10M for making the NSA RNG the
> default in BSAFE? You did not say so in your post. So now RSA
> "categorically denies" entering into a secret contract with the NSA.
No, they didn't say that. They said didn't "incorporate a known flawed
random number generator", they also said that they don't reveal their
contract details.
My translation of their statement:
- We are outraged our name has been smeared.
- We were following a trend, back when we assumed the NSA worked for
security.
- We only changed the default, trouble-makers looking to get fired
could still use a different RNG.
- It was the FIPS standard, so even when folks pointed out its flaws,
we hid behind NIST guidence.
- When NIST change their tune we told customers to go figure out how
change the default in their deployed Bsafe fobs and we started working
on this carefully worded press release.
- We won't comment on the $10 million.
- We were too stupid to have an opinion about Dual EC DRBG, we didn't
know it had any problems. Just because we have legendary initials as
our name doesn't change that we are just ignorant businessmen, honest,
we don't know any better.
Breathtaking.
-kb, the Kent who hopes he wasn't too brutal in his translation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131223/193e8dab/attachment.html>
More information about the cryptography
mailing list