What's an encryption backdoor cost? When you're the NSA, apparently the fee is $10 million.
Intentional flaws created by the National Security Agency in RSA's encryption tokens were discovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.
Two people familiar with RSA's BSafe software told Reuters that the company had received the money in exchange for making the NSA's cryptographic formula as the default for encrypted key generation in BSafe.
"Now we know that RSA was bribed," said security expert Bruce Schneier, who has been involved in the Snowden document analysis. "I sure as hell wouldn't trust them. And then they made the statement that they put customer security first," he said.
RSA, now owned by computer storage firm EMC Corp, has a long history of entanglement with the government. In the 1990s, the company was instrumental in stopping a government plan to include a chip in computers that would've allowed the government to spy on people.
It has also had itsbefore, as has .
The new revelation is important, Schneier said, because it confirms more suspected tactics that the NSA employs.
"You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said.
Other companies that build widely-used encryption apparatus include Symantec, McAfee, and Microsoft. "You have no idea who else was bribed, so you don't know who else you can trust," Schneier said.
In a statement issued Sunday, RSA said it "categorically" denied recent reports.
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it," the company said in a statement. "Our explicit goal has always been to strengthen commercial and government security."
The statement goes on to rebut a number of claims, including that the company knowingly introduced a flawed numbers generator into its encryption libraries.
Updated 12/22 at 6:50 p.m.with RSA comment.