NSA paid $10 million to put its backdoor in RSA encryption, according to Reuters report

hack code

When leaked documents claimed to have caught the NSA inserting bad protocols into the national standards board NIST, it raised more questions than answers. Why would the NSA go to the trouble of inserting a inferior standard into NIST's set of four, when most cryptographers would simply ignore the bad algorithm in favor of the others? Even if foul play had occurred, what was the agency getting out of the deal?

The NSA could subvert the encryption whenever they needed to

Now, a Reuters exclusive report is showing the other side of the story. The report details a secret deal between the NSA and respected encryption company RSA, in which the agency paid $10 million for RSA to incorporate the weaker algorithm into an encryption product called BSafe. Because of the earlier work, the algorithm had been approved by NIST, so RSA could claim their encryption used only nationally certified protocols. At the same time, BSafe's encryption was defaulting to a fundamentally flawed encryption algorithm, which the NSA could subvert whenever they needed to.

Anyone who knows the right numbers can decipher the resulting cryptotext

The bad program in question is known as DUAL_EC_DRBG, and cryptographers have found it suspicious for years. The program has a random number generator, but there are a number of fixed, constant numbers built into the algorithm that can function as a kind of skeleton key. Anyone who knows the right numbers can decipher the resulting cryptotext — a feature that leaked Snowden documents confirm was installed by the NSA. The algorithm is also more than a hundred times slower than the alternative random number generators, which has led almost all major encryption programs to abandon the program. However, since BSafe is based on closed-source protocols, RSA was able to implement DUAL_EC_DRBG as a default setting effectively in secret.

In a statement to Reuters, RSA denied the allegations it had implemented the backdoor. "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," a spokesman said. "Decisions about the features and functionality of RSA products are our own."

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,




Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.