About Me

My photo
This site is the inspiration of a former reporter/photographer for one of New England's largest daily newspapers and for various magazines. The intent is to direct readers to interesting political articles, and we urge you to visit the source sites. Any comments may be noted on site or directed to KarisChaf at gmail.

Wednesday, February 26, 2014

Split the NSA in Two, Says Security Firm Embroiled in NSA Scandal -- By Kim Zetter, Wired, Threat Level

Art Coviello during the 2010 RSA keynote speech. Image>: bocek.kevin/FlickrSAN FRANCISCO – In an atmosphere of distrust and anger, the CEO of security giant RSA took the stage ... to address recent controversies around his company’s work with the NSA, and its years-long support of an algorithm suspected of containing an NSA backdoor.

But RSA Security CEO Art Coviello, speaking at the RSA Security Conference here, addressed the controversy only obliquely.

It isn’t disputed that RSA made the controversial Dual_EC_DRBG algorithm the default random number generator in a toolkit used by developers. But a recent Reuters story reported that RSA’s motives for that decision were tainted. The report suggested that RSA signed a $10 million contract with the NSA that provided, among other things, for RSA to make the weak algorithm the default random number generator in one of its BSafe toolkit.

Coviello didn’t discuss the $10 million contract directly or the issue of the backdoor, instead offering an innocent explanation for why RSA chose the algorithm for its default, reiterating comments the company’s chief technology officer told WIRED last year that elliptic curve algorithms like the Dual_EC_DRBG algorithm were all the rage at the time, and RSA chose it as the default because it provided certain advantages over hash-based random number generators, including better security.

Coviello also said that his company made the algorithm its default at the time because the federal government was its primary encryption customer, and the customer wanted it.

“Given that RSA’s market for encryption tools was increasingly limited to the U.S. Federal government and organizations selling applications to the federal government, use of this algorithm as a default in many of our toolkits allowed us to meet government certification requirements,” Coviello said.

Coviello then switched the focus of his talk to address the trust issues that have arisen in the wake of recent revelations disclosed in documents released by Edward Snowden, such as assertions that the NSA has been engaged in a years-long program to undermine cryptographic systems.

Coviello said the NSA’s dual activities — securing systems and breaking them — has undermined trust and made it difficult for companies to know, when working with the spy agency, which side and which agenda may take precedence.

He therefore called on the U.S. government to split the NSA into two organizations — one for intelligence collection and the other for developing defense mechanisms to secure data.

 (Click link below to read more)
READ MORE Sphere: Related Content

No comments:

Post a Comment