RSA has issued a statement denying allegations made in Friday’s bombshell report that the encryption software provider received $10 million from the National Security Agency (NSA) in exchange for making a weak algorithm the preferred one in its BSAFE toolkit.
The press release hit the wire on Sunday, two days after Reuters said the secret contract was part of an NSA campaign to embed encryption software that the agency could break into widely used computer products. RSA’s statement was worded in a way that didn’t clearly contradict many of the article’s most damaging accusations. For instance:
Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.
We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.
Later in the release, RSA officials state: “RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.”