Hmm. Hold up. So if we go by this Wikipedia entry..
“Founded as an independent company in 1982, RSA Security, Inc. was acquired by EMC Corporation in 2006 for US$ 2.1 billion and operates as a division within EMC.[5]”
People need to understand, this means RSA took around 2% of what they’d make in one year. FOR A BACK-DOOR OMG. Does this not sound more like a tax, than a payment (never mind a bribe!)? How much would you care about an extra 2% per year? Exactly. Thats all I got. Someone else needs to close that gap. -Max
What’s an encryption backdoor cost? When you’re the NSA, apparently the fee is $10 million.
Intentional flaws created by the National Security Agency in RSA’s encryption tokens werediscovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.
Two people familiar with RSA’s BSafe software told Reuters that the company had received the money in exchange for making the NSA’s cryptographic formula as the default for encrypted key generation in BSafe.
“Now we know that RSA was bribed,” said security expert Bruce Schneier, who has been involved in the Snowden document analysis. “I sure as hell wouldn’t trust them. And then they made the statement that they put customer security first,” he said.
RSA, now owned by computer storage firm EMC Corp, has a long history of entanglement with the government. In the 1990s, the company was instrumental in stopping a government plan to include a chip in computers that would’ve allowed the government to spy on people.
It has also had its algorithms hacked before, as has RSA-connected VeriSign.
The new revelation is important, Schneier said, because it confirms more suspected tactics that the NSA employs.
“You think they only bribed one company in the history of their operations? What’s at play here is that we don’t know who’s involved,” he said.
Other companies that build widely-used encryption apparatus include Symantec, McAfee, and Microsoft. “You have no idea who else was bribed, so you don’t know who else you can trust,” Schneier said.
RSA did not return a request for comment, and did not comment for the Reuters story.