Report: NSA paid RSA $10m to use Dual EC DRBG as preferred random number generator


Newly released documents by whistleblower Edward Snowden A new report reveals that National Security Agency (NSA) allegedly paid $10 million to RSA back in 2006 to get the cryptography pioneer use Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) as its preferred random number algorithm in several of its encryption products.

The amount isn’t that huge for getting a company to use a backdoored algorithm, but as Reuters points out, the division looking after the development of BSafe libraries wasn’t doing great and only accounted for 8.9 percent of the total revenue of RSA. The $10m deal allowed the division to raise its bottom line significantly – as much as 30 percent.

Further the algorithm was already on NIST’s review plate for approval as one of the four acceptable methods of generating random numbers. NIST’s approval is required for all those products that are sold to the US government. Further, having a NIST approval means that the algorithm may be chosen as a de facto standard and others may also start using it.

RSA soon adopted the algorithm after its NSA deal and before NIST’s approval. NSA played the early adoption card to argue that NIST should approve the algorithm as well.

However, within a year of being made the default random number generator security experts started voicing their concerns against the Dual EC DRBG. There were those who claimed that the code was flawed and that it could open a backdoor into any encryption algorithm that used the random number generator. [Refer: On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng by Microsoft researchers Dan Shumow, Niels Ferguson]

The argument went on for over 4 years, but it was limited to technologists and security experts who understood the nitty-gritty of the encryption and random number generation world.

Earlier in September this year, RSA itself warned its customers that it was reviewing possible vulnerabilities in Dual EC DRBG and that they should refrain from using the random number generator and instead use some other algorithm.

RSA has maintained its stand of not colluding with NSA to compromise the security of its products. The company revealed that it “always acts in the best interest of its customers” and has never designed or enabled back doors in its products.

  • cnd

    This story seriously under-states the enormity of the problem.

    You cannot easily “refrain” from using it – it will have been used sometime in the past to generate keys. You’d have to revoke all your keys and re-issue new ones, recall all your signed products, re-sign them, and re-issue/re-install/etc.