[Cryptography] RSA is dead.

[Peter Trei]

I have to say that the latest news makes me both heartbroken and angry.

I worked at RSA for 10 years, starting at Security Dynamics in 1997, when
RSA Data Security Inc. was a recent acquisition. I was hired largely
through the work I'd done in creating the Symmetric Key Cryptography
contests.

Let's not forget that RSA, for many years, strove to bring strong
cryptography to the world (modulo requiring licensing of the algorithm).
RSA opened an office in Australia so that independently developed crypto
could be sold without export restrictions, and the symmetric key contests
contributed to the relaxation of crypto export laws. For a very long time,
the relationship between RSA and Federal agencies was far from cozy.

While I was there, I saw RSA Labs (which RSA DSI became) get moved from
Silicon Valley to Bedford, MA, and gradually shrink in size and lose
independence. When I left in early 2008, it was a not-very-long row of
offices on one floor. The company culture changed greatly over time, first
when Coviello took over from Bidzos, and then with the purchase by EMC.

The BSAFE library was at one point one of the most widely distributed
pieces of software in the world, present in every copy of Windows, as well
as most browsers. This is the library in which the compromised PRNG was
made default (a process in which I had no part whatsoever; I'm not
qualified in that area).

Despite the brave words of marketing, after the RSA patent expired in 2000,
BSAFE sales plummeted. I just checked, and it looks like my current Windows
system no longer has a copy.

I'm heartbroken, because I was proud to have worked there, and now I find
that they sold their birthright for a mess of pottage.

I'm angry, because the next time I interview for a position, this is going
to come up.

Peter Trei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131224/def0e352/attachment.html>