Security researchers have known for months that the NSA had compromised the Bsafe pseudo-random number generator created by RSA Security. But a new leak from Edward Snowden of pilfered NSA documents claims that the NSA actually paid RSA to make the compromised security protocol the default for its products.
RSA now owned by EMC Corp., has declined to comment, except to say to Reuters that “RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own.”
Nonetheless, the disclosures add fuel to arguments made by a presidential panel convened to look at the practices of the NSA that America’s electronic spy masters are unacceptably eroding encryption in the private market and undermining trust in the Internet.
One panelist came away from their investigation astonished to find that the pervasive surveillance of phone communications could not be linked to the prevention of a single terrorist attack in the United States.