IT security firm RSA was forced to deny reports that it was secretly paid $10 million by the US National Security Agency (NSA) to allow a backdoor in its encryption software.
Accord to reports by Reuters, the company took payment from the NSA to use a flawed random number generator in its products, known as the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRGB). The technology has been part of some RSA products since 2004.
The Reuters' report alleged that the deal was part of a greater effort by the NSA to enhance surveillance by systematically eroding the effectiveness of security tools.
The sum of money represented around a third of its revenue for that year, according to the report. EMC acquired RSA in 2006 for $2.1 billion.
In a blogpost. RSA "categorically" denied all allegations. The firm said that is has "never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential backdoors' into our products for anyone's use."
The vendor said that it included Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption," the firm stated.
RSA added that the algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been "free to choose whichever one best suits their needs."
It said it only when the US National Institute of Standards and Technology (NIST) recommended no further use of this algorithm in September 2013, did it tell customers to stop using the encryption technology.
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicised it. Our explicit goal has always been to strengthen commercial and government security," the company added.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systemsNews Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research headThere's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on new hacking tacticsFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for SecurityNews Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
