[Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding NSA Relationship

Max Kington mkington at webhanger.com
Mon Dec 23 04:09:59 EST 2013


On 23 Dec 2013 05:54, "Bill Cox" <waywardgeek at gmail.com> wrote:
>
> Does this mean RSA denies accepting $10M for making the NSA RNG the
default in BSAFE?  You did not say so in your post.  So now RSA
"categorically denies" entering into a secret contract with the NSA.  If it
wasn't secret, why didn't I hear about it?  I'm pretty sure it would have
made the geek news, and I may not be a crypto expert, but I follow geek
news (slashdot would have burned RSA alive).

Unless I've missed it, what was the $10 million for?

Secret or not I can't see in that statement why they got it in the first
place. Is the implied suggestion really just to encourage RSA to be early
adopters of the EC based RNG? If so why? And why so much money. If it was
purely technically better surely that case could be demonstrably made to
RSA (look it's better) and in due course NIST?

It does kind of lead to the obvious reason being that that case couldn't be
made and so as to pre-seed the market place before it going to NIST.

The legitimate business purpose I can guess was to pay rsa to spent the
time and money reviewing it and NSA wanted people to be more secure. Still,
ten million is a lot of money.

I'm surprised that question wasn't asked at RSA at the time. Perhaps it
was. We're questions like the following asked?

1) Are we being duped?
2) If so how?
3) Why?

Maybe they went in having reviewed it and couldn't see what was wrong.
After all even nearly ten years later people still can't put their finger
on exactly what it is the advantage for the NSA.

I can imagine a world where RSA were suspicious but not being behind the
door concluded no foul play (they're not thick) or at the very least we're
extremely hesitant to decline ten million dollars without providing the NSA
with a plausible and convincing reason.

'sorry, we don't want your money because we think you're upto something,
our best and brightest can't work out what but we're unhappy enough to turn
down your money. Also please don't hold that against us when it comes to
all the other business we do'

As you say they might have been duped or they might have known or an
absolute myriad of circumstances in between.

M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131223/7fcc6e19/attachment.html>


More information about the cryptography mailing list