Reuters: RSA Security Took $10M From NSA to Push Weaker Encryption

Joseph Menn, reporting for Reuters:

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned. […]

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

If this is true, RSA might as well just shut their doors and turn out the lights, because no one will ever trust them again.

Friday, 20 December 2013