RSA firmly denied allegations of a $10 million contract they had with the U.S National Security Agency (NSA). The said contract was to let the federal agency access its Bsafe software.
On Friday, Reuters reported that that RSA has arranged a $10 million-secret contract with NSA which lets the latter access its Bsafe software as part of its controversial surveillance programs.
According to the report RSA formulated and distributed faulty formulas though software, called Bsafe, which is primarily used to improve security in computers, but, it was discovered that the software also performs a different activity, which is collecting important personal information from users all over the world.
The RSA admitted in the company’s blog post that it has “with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”
However, RSA firmly refutes accusations it made a “secret contract” with the federal agency to include a known faulty random number generator in its Bsafe encryption libraries.
RSA itemized key points about its use of Dual EC DRBG in its software.
Dual EC DRBG is used as the default in Bsafe toolkits since 2004 and during that time, NSA fulfills a favorable role in keeping encryption strong.
The company also stated that there are numerous algorithms in the software’s toolkit, in which users are free to choose which one best fits their needs.
“When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media,” said in the blog post.
RSA didn’t reveal particulars of customer engagements, but clarified that they will not engage into a deal that would ruin the company’s reputation.