RSA Security (part of EMC) was one of America’s most respected security companies. Thanks to Edward Snowden, we now know the price of their reputation: $10 million. For that tiny sum RSA sold out their customers, deliberately installing a compromised random number generator in their core security library BSafe at NSA’s request. For $10M, a company’s reputation destroyed.
The nature of NSA’s sabotage is worth looking at in detail. We knew back in 2006 that Dual_EC_DRBG, a NIST standard crypto random number generator, was fishy. That algorithm has baked into it an arbitrary constant; two Microsoft researchers figured out that if an adversary had chosen that constant, then the numbers were predictable and any system built on it was insecure. Snowden’s leaks confirmed in Sep 2013 that this backdoor had been placed. And now in Dec 2013 we know the price: $10M. (Interestingly, one old-school cypherpunk knew the price back in September).
It’s worth noting that RSA’s complicity with NSA is not their only enormous security black eye. Back in 2010 their flagship SecurID two factor login system was also widely compromised, it’s assumed by the Chinese government trying to get military and commercial access to US and European interests.
Open source ends up looking good in all this mess. NSA has probably attacked other random number implementations. There was a weird push from Intel to get Linux to completely trust their undocumented hardware generator, something resisted by the Linux team (thankfully). And OpenSSL, the open alternative to RSA’s library, doesn’t use the compromised algorithm (although their code has had its problems).
I remain indignant that NSA is willfully going around deliberately sabotaging the security of core Internet components. Even if you believe it’s good for NSA themselves to be able to break all encryption, it is so dangerous to have back doors like this hiding in systems. NSA is actively undermining everyone’s security.