The NSA paid $10 million to the security firm RSA to install a cryptographic backdoor.


 
Thread Tools Search this Thread
The Lounge What is on Your Mind? The NSA paid $10 million to the security firm RSA to install a cryptographic backdoor.
# 1  
Old 12-22-2013
The NSA paid $10 million to the security firm RSA to install a cryptographic backdoor.

# 2  
Old 12-22-2013
More stories here:


RSA Warns Customers Off Suspected NSA-Tainted Crypto Tools

Products and companies who have had their Dual EC DRBG algorithm validated by NIST.

Dual_EC_DRBG - Wikipedia, the free encyclopedia

Quote:
On September 10, 2013, The New York Times wrote that "internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a backdoor for the NSA. On September 10, 2013, The NIST Public Affairs Office director released a statement, saying that "NIST would not deliberately weaken a cryptographic standard.
See also:

RSA warns customers over NSA-compromised products

Quote:
RSA Security isn’t the only company using the compromised NIST standard. According to a list published by the standards organisation, McAfee, Symantec, Juniper Networks and BlackBerry are among others currently using Dual_EC_DRBG as specified under SP 800-90A.
This User Gave Thanks to Neo For This Post:
# 3  
Old 12-22-2013
Hi Neo...

We deal with this Corporation in a big way and this came to my attention some years ago:-

http://www.ossir.org/windows/support...rice_Skype.pdf

IIRC the video thread metioned Skype in post 2...
# 4  
Old 12-22-2013
Quote:
Originally Posted by wisecracker
Hi Neo...

We deal with this Corporation in a big way and this came to my attention some years ago:-

http://www.ossir.org/windows/support...rice_Skype.pdf

IIRC the video thread metioned Skype in post 2...
Excellent presentation.

Upon reading it, the security issues raised in that presentation are seemingly quite different than the Dual_EC_DRBG backdoor which NSA paid RSA $10M to make their backdoor crypto the default for RSA toolkit.

I went though the presentation PDF and did not see any reference to Dual_EC_DRBG or any discussion of Dual_EC_DRBG, which is the gist of the NSA/RSA issue.
# 5  
Old 12-22-2013
Also, if we search the NIST document (list of approved products and vendor which are validated to use Dual_EC_DRBG), Skype is not listed as a company or product validated to use the Dual_EC_DRBG crypto.
# 6  
Old 12-22-2013
Wow... if you look at RSA (NIST List), their BSafe suite and the NSA backdoor Dual_EC_DRBG was in a lot of products!

Quote:
Intel Celeron w/ Microsoft Windows XP SP3 - x86 (32-bit); AMD Athlon XP1800+ w/ Microsoft Windows XP SP3 - x86 (64-bit); AMD Athlon 64 X2 w/ Microsoft Windows Server 2003 - x86 (32-bit); AMD Athlon 64 X2 4000+ w/ Microsoft Windows Server 2003 - x86(64-bit); Intel Itanium 2 w/ Microsoft Windows Server 2003 - Itanium 64-bit (Visual Studio 2005 SP1); Intel Itanium 2 w/ Microsoft Windows Server 2003 - Itanium 64-bit (Visual Studio 2010); AMD Athlon 64 X2 w/ Red Hat Enterprise Server 5.5 - x86 (32-bit); AMD Athlon 64 X2 w/ Red Hat Enterprise Server 5.5 - x86 (64-bit); Intel Itanium II w/ Red Hat Enterprise Server 5.5 - Itanium 64-bit; AMD Athlon 64 X2 w/ Red Hat Enterprise Linux 6.0 - x86 (32-bit); AMD Athlon 64 X2 w/ Red Hat Enterprise Linux 6.0 - x86(64-bit); PowerPC POWER3-II w/ Red Hat Enterprise Linux 5.0 - PPC 32-bit; PowerPC POWER3-II w/ Red Hat Enterprise Linux 5.0 - PPC 64-bit; Intel Core 2 Duo w/ Apple Mac OS X 10.6 Snow Leopard - x86 (32-bit); Intel Core 2 Duo w/ Apple Mac OS X 10.6 Snow Leopard - x86 (64-bit); Sun UltraSparc Iie w/ Solaris 10 - SPARC v8; Sun UltraSparc IIe w/ Solaris 10 - SPARC v8+; Sun UltraSparc IIIi w/ Solaris 10 - SPARC v9; Intel Celeron w/ Solaris 10 - x86 (32-bit); AMD Athlon 64 X2 w/ Solaris 10 - x86 (64-bit); HP PA-8600 w/ HP-UX 11.23 - PA RISC 2.0; HP PA-8600 w/ HP-UX 11.23 - PA-RISC 2.0W; Intel Itanium 2 w/ HP-UX 11.31 - Itanium 32-bit; Intel Itanium 2 w/ HP-UX 11.31 - Itanium 64-bit; PowerPC POWER5 w/ IBM AIX 5.3 - PPC 32-bit; PowerPC POWER5 w/ IBM AIX 5.3 - PPC 64-bit; PowerPC POWER5 w/ IBM AIX 6.1 - PPC 32-bit; PowerPC POWER5 w/ IBM AIX 6.1 - PPC 64-bit; PowerPC POWER7 w/ IBM AIX 7.1 - PPC 32-bit; PowerPC POWER7 w/ IBM AIX 7.1 - PPC 64-bit; Intel Core i7 M620 w/ Microsoft Windows 7 - x86 (64-bit) w/ AES-NI; Intel Core i7 M620 w/ Microsoft Window XP - x86 (32-bit) w/ AES-NI; Intel Core i5 2500 w/ Solaris 10 - x86 (64-bit) w/ AES-NI; Intel Core i5 2500 w/ Solaris 10 - x86 (32-bit)w/ AES-NI; Intel Core i7 w/ Red Hat Enterprise Linux v5.5 - x86 (32-bit)w/ AES-NI; Intel Core i7 w/ Red Hat Enterprise Linux v6.0 - x86 (64-bit) w/ AES-NI; Sun Sparc T4 w/ Solaris 10 - SPARC T4
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. What is on Your Mind?

Be aware. Coreboot and the NSA.

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative (0 Replies)
Discussion started by: wisecracker
0 Replies

2. AIX

Best practices for sugroups for root ? backdoor user access ?

greetings, just ran across a fun situation we had overlooked. We have a backdoor user, no special privileges, which we put on every server so that anyone in the shop can get in (passwd in vault) if they need to, even if they don't have a local account on that server. The point of course is to... (3 Replies)
Discussion started by: maraixadm
3 Replies

3. OS X (Apple)

I have a backdoor in my OS X? This is what I found in my bash history

That's what appears at the beginning of my bash history (when you type "open .bash_history" in terminal) sudo -k export PS1="";sudo echo AUTHENTICATED;echo RETRY exit export PS1="" sudo echo AUTHENTICATED ; sudo -k ; echo AUTHENTIKILL ; echo PROCESSEDAUTHENTICATION sudo ls;sudo -k;exit;echo... (1 Reply)
Discussion started by: jonathansmith
1 Replies

4. What is on Your Mind?

Increased paranoia of communication companies post NSA revelations

Hi all, I work in the communications field and often have to carry out data gathering/analysis on customer's platforms for issue diagnosis. In the last 2 months I have noticed a huge increase in distrust from African, Middle Eastern and Asian communication system operators of any data... (0 Replies)
Discussion started by: Skrynesaver
0 Replies

5. Red Hat

How do I install security patches with no internet access?

Hi, I'm pretty new to Linux and I want to download security patches and install them on RHEL 5.4. I've searched the red hat web site but cant seem to find where the download link is. (5 Replies)
Discussion started by: Jardoo
5 Replies

6. Shell Programming and Scripting

Matching 10 Million file records with 10 Million in other file

Dear All, I have two files both containing 10 Million records each separated by comma(csv fmt). One file is input.txt other is status.txt. Input.txt-> contains fields with one unique id field (primary key we can say) Status.txt -> contains two fields only:1. unique id and 2. status ... (8 Replies)
Discussion started by: vguleria
8 Replies

7. AIX

Seeking Paid AIX Support ? anyone know where ?

Hello, I was wondering if anyone knows about getting support for AIX ; This forum is a great place but if it has a section for $$$ AIX support where the experts can analyze and answer the questions/queries of the posters ? Is it possible to get any paid support on this forum ? (8 Replies)
Discussion started by: filosophizer
8 Replies

8. Shell Programming and Scripting

Urgent Help...Pseudo-Device provides a Backdoor Entry to root.

Can Anybody help to create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel. Modules are object binaries that can be dynamically loaded into the kernel. ... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies
Login or Register to Ask a Question