News broke on Friday that security company RSA Security LLC was reportedly paid $10,000,000 in a deal with the National Security Administration to use a compromised algorithm as the default for generating random numbers in some of its software.
The algorithm, known as”Dual Elliptic Curve Deterministic Random Bit Generator” or “Dual_EC_DRBG”, has been championed by the NSA since its release. But security experts have been suspicious about Dual_EC_DRBG since at least 2006 when it was found that the random numbers produced by Dual_EC_DRBG had a slight non-random bias. In 2007 two cryptographers demonstrated that due to the unique characteristics of Dual_EC_DRBG the algorithm contained a weakness “that could only be described as a backdoor” according to cryptographer Bruce Schneier.
All of this might be somehow excusable if there were a plausible reason for RSA to use Dual_EC_DRBG as its primary random number generator. For example, if there was a significant performance gain from the use of the algorithm, it may be possible to use it in low-powered and embedded systems where other random number generators would be otherwise unusable. But that’s not the case. In fact, Dual_EC_DRBG is three orders of magnitude slower than other comparable random number generation algorithms. There are no discernible technical advantages to using it whatsoever.
RSA released an official response to the media on Sunday, December 22, but it did little to explain or justify it’s actions in light of the allegations being made. The main point to be taken from their response is that RSA “never entered into any contract or engaged in any project with the intention of weakening RSA’s products”. “Intention” seems to be the key word in that sentence.
The question this raises is why would RSA, a highly respected security company, risk so severely damaging their reputation in an industry built almost entirely on reputation? $10 million sounds like a lot of money, but considering RSA was purchased by parent company EMC Corporation for $2.1 billion in 2006, the money alone couldn’t be the only reason they would risk their future in the security industry, could it? The answer to that question is something we may never know.