General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsBREAKING: NSA paid US-company RSA to bug encryption software
The broader implication is that this more or less proves that the ECRNG certified by NIST was, in fact, tampered with by the NSA. It's been long suspected that this was the case, but there was never a smoking gun. This pretty much seals it.
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
This is UNREAL... Every revelation that leaks out just boggles my mind! This is the same RSA that fought Clipper in the 90s. And now they are COMPLICIT!
Unreal... just unreal...
RC
(25,592 posts)If not, maybe we need to release a few of the more peaceful pot smokers to make room.
After they court martialing the General, strip him of his rank and set him up in a room with a sliding iron bar door on one end. Then they need to go after Clapper for lying to Congress and then work their way down through the chain of command.
Ed Suspicious
(8,879 posts)rhett o rick
(55,981 posts)www.democraticunderground.com/126917
Blue_Tires
(55,445 posts)FarCenter
(19,429 posts)The resultant RSA Security was acquired by EMC in 2006.
By 1993 and the Clipper chip affair, RSA was run by Jim Bidzos, and I don't believe that Rivest, Shamir, or Adelman had much, if any, control of the company. RSA was only one of many research organizations that objected to Clipper.
I'm unclear of the roll of RSA and Bidzos in the application of cryptography. On the one hand, RSA did make available development kits and tools. On the other hand, the licensing restrictions and their locking up the IP in patents delayed the widespread application of the technology. I've always wondered whether RSA was not a mechanism for delaying widespread crypto, and was sponsored to that end by the US government.
Cryptographer Adi Shamir Prevented from Attending NSA History Conference
http://blogs.fas.org/secrecy/2013/10/shamir/
WillyT
(72,631 posts)grasswire
(50,130 posts)Sweep it all up.
It's looking like a game of Jenga
blkmusclmachine
(16,149 posts)Poll_Blind
(23,864 posts)From this page. From Web Design News.
pb
quadrature
(2,049 posts)everybody suspected there was a payoff
2banon
(7,321 posts)frylock
(34,825 posts)cantbeserious
(13,039 posts)eom
marmar
(77,084 posts)Coyotl
(15,262 posts)johnnyreb
(915 posts)Wilms
(26,795 posts)progressoid
(49,992 posts)And if you haven't done anything wrong, you have nothing to worry about.
randome
(34,845 posts)They are, I believe, currently working with Microsoft for much the same thing. http://www.wired.com/threatlevel/2008/04/microsoft-gives/
You cannot have 100% secure communications because that opens the door very widely for criminal organizations -including pornographers, human trafficking operations, and, yes, terrorists- to operate with absolutely no fear of detection.
Law enforcement has always worked toward this. Even back in the 90s. http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
And for anyone who thinks we should have 100% secure communications, be so kind as to tell us how you would stop the organizations I listed above.
[hr][font color="blue"][center]You should never stop having childhood dreams.[/center][/font][hr]
ReverendDeuce
(1,643 posts)If you want to amend the Constitution to support this sort of thing, advocate for the surveillance state in the public forum, run for office, and get it passed.