[Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding NSA Relationship

[Bill Cox]

It's good news that there was a press release about the $10M.  So, RSA had
no secret contract.  However, here's a morning headline that bothers me:

http://www.zdnet.com/rsa-denies-taking-10m-from-nsa-to-default-backdoored-algorithm-7000024591/

So now this press release is being morphed by some press as a denial that
the $10M deal ever happened.  ZDNet is not exactly a no-name news source
for techies.  It kills me how badly even tech savvy news sources butcher
the details.  You get a nice clean story like what we can infer from the
above statements: RSA did take $10M, they did put flawed RNG into BSAFE,
but there was no secrecy or intent to back-door anything.  Instead of
running that, we're hearing conflicting headlines of conspiracy and denial.

Surely this will damage RSA, and perhaps RSA does not deserve it, though I
think taking $10M to include code promoted by the NSA was somewhere between
risky and stupid.  However, like most of the other Snowden revelations,
this will cause consumers to be more informed, and security companies like
RSA will have to do an even better job proving their trustworthiness.  In
the end, I think this is good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131223/0523d608/attachment.html>