

RSA denies link with US spying agency - ambuj
http://www.bbc.co.uk/news/technology-25492461

======
ig1
It's basically a non-denial, they don't deny that they took money in exchange
for using the backdoored algorithm.

If they took the money and didn't know the algo was backdoored both the
original allegation and denial could be factually correct.

~~~
codeflo
I have admire the careful wording: "We also categorically state that we have
never entered into any contract or engaged in any project with the intention
of weakening RSA's products, or introducing potential 'backdoors' into our
products for anyone's use."

This leaves the door open for a lot of things, including them having weakened
their products and added backdoors. They just deny having entered a contract
_with the intention_ of doing so.

Though one has to wonder how exactly that deal went down. You wouldn't have to
pay RSA anything to implement a _good_ crypto algorithm because they'd do that
out of pure business interest. Did the NSA call and ask "Here's a new RNG
algorithm, it's slower than others and mathematically dubious. Would you
implement it for $10 million?"

~~~
snom380
Most probably they said something like "many of your government agency
customers would be very happy if / will require that you implemented this
PRNG".

------
furyg3
I don't really understand why any organization which has even a remote
possibility of a conflict of interest would accept money from a spy
organization.

~~~
pessimizer
There were 10 million reasons. If you don't have any moral qualms, it was
clearly a good business decision. People kept jobs, got raises, got bonuses,
and it took one of the most important leaks in US (and world) history to cause
the arrangement to be disclosed.

Now, after all of the individuals at the company claim to have had no
knowledge or it, or to be against it after the fact, they will go on to new
well-paying jobs.

This is why.

------
w_t_payne
EMC owns RSA -- Can we trust EMC?

~~~
lwhalen
lol, absolutely not. I worked there for a year, and I still have a lot of
friends who work there. EMC is absolutely not to be trusted - who do you think
is supplying the storage for the NSA datacenters, specifically their 'big boy'
out in Utah?

~~~
ilamont
Photos of the Utah data center, located 25 miles from Salt Lake City:

[http://www.hangthebankers.com/pictures-of-the-
new-2-billion-...](http://www.hangthebankers.com/pictures-of-the-
new-2-billion-nsa-spy-center-in-utah/)

~~~
a3n
Rest assured, regardless which if any NSA reforms are enacted, they will never
stop collecting the quantity of data needed to justify that data center. If
mass collection is retained, but imperceptibly reformed by having the carriers
collect and "store" the data, then the Utah center will be made available as a
"public service" to implement the physical storage.

