
RSA warns developers not to use RSA products - pedro84
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
======
lawnchair_larry
Hasn't tptacek posted "nothing to see here" regarding this issue on HN a half
dozen times because "nobody uses it"? :)

~~~
jgon
This was actually going to be the first thing I posted when I read this link.

tptacek repeatedly assured everyone that this was absolutely not a big deal
and meant nothing because nobody in their right mind uses the standard.

Except whoops, one of, if not the, largest players in the field. I'm sure
he'll have a bunch of really great replies that manage to simultaneously say
why this still isn't a big deal and passive-aggresively insult our knowledge
of the situation. I look forward to reading what he has to say.

~~~
MisterWebz
He's been trying to downplay the importance of the leaks since it first
started, so what did you expect.

------
ChrisAntaki
>> So why would RSA pick Dual_EC as the default? You got me. Not only is
Dual_EC hilariously slow

Because the NSA didn't just backdoor the Dual_EC standard. It backdoored the
technology industry, as well as the rule of law.

------
devx
The RSA CTO's answers are hilarious. He can't really be that clueless as the
CTO of a security firm, can he?

That would be incredibly embarrassing in itself (which it already is), but the
alternative is even worse (choosing the one with the backdoor on purpose).

~~~
derefr
His answers are post-hoc justifications. The real reason they picked it was
because they wanted to make money on sweet, sweet government contracts, and
the easiest way to do that is to just do everything NIST says to the letter.

~~~
yuhong
[http://lists.randombit.net/pipermail/cryptography/2013-Septe...](http://lists.randombit.net/pipermail/cryptography/2013-September/005341.html)

------
SimHacker
Would you trust a computer security company who didn't hash the passwords of
their users on their web site, and instead stored the plain text passwords
encrypted in their database, with the keys to decrypt them on their server,
because they claim that "Your data are encrypted on our server, if you request
the password to be sent to you by email the system knows how to decrypt the
information and it will send you the Email. This is for customer convenience
as many customer do not wish their password to be reset each time they have a
problem."

Would you trust a computer security company that when you reset your password
on their web site, sent you a new password that was literally the same as your
email address that you signed in with?

If this company sold closed source encryption software, would you trust that
the software was competently written and did not have back doors, if the
president of the company defended their actions of not hashing passwords, and
of resetting passwords to their user's email addresses?

What if the president of that company had been prosecuted for computer crimes
in the past, and had spend time in jail for it, because after he was first
caught, he went right back to phone freaking again and got caught again?

Would you trust the president of the company, who is a convicted felon, who
fraudulently made a lot of money by computer crime and got caught, but had
most of the charges dropped and his sentence reduced, not to have made a deal
with the government and promise to return their favor of giving him a more
lenient sentence in exchange for certain favors in the future?

Can anyone guess who I'm referring to?

~~~
SimHacker
I'll give you some more hints:

His company came out with a "secure" voice encryption product, and then a
previously unknown anonymous hacker reviewed the product and its competitors,
and wrote a suspiciously positive review of it, claiming it was the only one
he couldn't break. His company then published a press release trumpeting the
favorable review, right before a big mobile security conference.

A suspicious security researcher baited the anonymous hacker to post on his
blog, and it turned out he was using an ip addressed registered to the
security company whose product he'd written a favorable review about.

When confronted with proof, the founder of the security company denied
astroturfing, denied knowing the hacker, and implausibly claimed the anonymous
hacker must have been using his company's anonymous browsing service.

The same security company founder who spent three years in jail for phone
phreaking, because he was convicting of hacking and defrauding profit. The
same security company who stores their user's passwords in unhashed unsalted
plain text encrypted with a key on their server. The same security company who
resets their user's passwords with their email address. The same security
company whose founder claims that "many customer do not wish their password to
be reset each time they have a problem" justifies not hashing passwords, and
resetting passwords to "convenient" email addresses. The same security company
whose founder refuses to change his "unconventional" security policies after
being confronted with these facts, and instead makes ridiculous excuses for
his incompetence, and continues to betray the trust of his customers even
after he's been confronted with it.

Can you figure out who it is now?

------
pepve
It irks me that many people are calling this a backdoor. It's not. It's a
vulnerability. You have to exploit it to get in.

~~~
meowface
An intentionally introduced vulnerability can be considered a backdoor, even
if it's not a matter of saying "open sesame" to open the so-called backdoor.

~~~
ballard
Yes. The magic, poorly-documented constants are the "public key" while the
"private key" is known only to the construction's author.

------
intelliot
reminds me of the State Science Institute

