Security firm RSA denies accusations that it entered into a secret contract with the National Security Agency to promote the use of weak security algorithms. The denial comes after a media report detailed information of the alleged hush-hush deal.
Last week, Reuters reported that RSA accepted $10 million from the National Security Agency in exchange for making a specific algorithm – Dual EC DRGB – the default option in its BSAFE security toolkit, which is used to enhance security in many computer products.
The deal was allegedly part of the NSA’s attempts to embed weak encryption software – also created by the agency – in security systems so that it could easily gain access to them later.
In a press release issued on Sunday, RSA denied allegations that it was hiding its involvement with the NSA.
“Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries,” the statement read. “We categorically deny this allegation.”
“We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security,” the statement continued.
“RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use,” the firm stated.