NSA Paid a Huge Security Firm $10 Million to Keep Encryption Weak

Gizmodo ^ | 20 dec 2013 | Gizmodo

[jpsb]

FYI, that this means is that the NSA has every password you have ever used on-line. Https or secure http uses RSA algorithms. I would advise changing on-line passwords once https dumps RSA.

The above assume this story is not BS, I am hoping the story is BS.

[jpsb]

If this story is true then all hell is going to break out. One result will be the death of our American computer hardware/software industry. Who in their right mind would ever buy American again? And let not forget all the "Smart" devises now being produced. I expect sales of American products to drop sharply IF THIS IS TRUE. We all better hope to hell this story is not true.

Up till now the NSA leaks have been embarrassing, this is down right destructive to our economy and security. RSA is used on EVERYTHING.

[Nifster]

and the hits just keep on rolling

[James C. Bennett]

Many companies I consult for use them, and their key fob devices.

They’re big.

[dennisw]

What’s disgusting is that everyone believes that NSA is the only Agency low enough to do such a thing. I’ll bet my life that England, China, Russia and Germany Intels were all doing the same tricks.

I wouldn't be too sure about that. They don't have the billions to blow on this bullshyte and may not have enough capable people. They might do NSA type stuff on a modest scale

[HollyB]

Perhaps it is time to do some more reading on the ‘writs of assistance’ and the 4th amendment. The broad and illegal search was this sort of illegal behavior that sparked the Revolutionary war.

[Grampa Dave]

[MeshugeMikey]

I wish I could get some high resolution video of that kenyan punk to play around with.....

[VerySadAmerican]

If a “loser”, as described by the NSA, like Snowden can get this much information, the agency must be staffed with a bunch of bumbling idiots. I doubt that’s the case. I’m beginning to believe my wife’s theory. Snowde was put out there to warn us just how much power they have over us.

[Campion]

Https or secure http uses RSA algorithms.

The RSA public-key encryption algorithm and the RSA company aren't the same thing, and nobody's alleging that the RSA PK algorithms are compromised.

This story concerns a specific product (BSAFE, a suite of cryptography libraries) sold by a specific company (RSA, a division of EMC). There are many open-source and other implementations of the RSA public-key encryption algorithm that contain no RSA (the company) code at all.

(Considering what RSA charges for BSAFE -- I've priced it before -- I'm surprised anyone uses it for anything.)

[kiryandil]

NSA Stole Money From Taxpayers To Pay Paid a Huge Security Firm $10 Million to Keep Encryption Weak

[EEGator]

You didn’t like Road House or Red Dawn?!?

[cherokee1]

Don’t let your sense of Patriotism color your good sense. The folks at NSA know, or should know, that a corrupted system is no good to anybody. If I were up to no good or even doing things that required absolutely reliable comm. I would run at least a double system-—one that was full of plausible but eroneous krap and one other completely independent one for the real stuff. Going back as far as WW II our military radio guys learned to keep up a continuous volume of meaningless gibberish so that traffic for real events wouldn’t be noticed in the volume. If you only send out a message when you have something important to say then it is much easier for a “listener” to analyze it. If you paid a lot of money for SOMEBODY ELSES encription system you probably got took.

I always thot RSA was a scam, looks like I was right, and I hope they get their hip pockets sued off and go to that big flush toilet in the sky.

[EEGator]

Sam Elliot disapproves... I'm sure the lady doesn't even think about seeing the flick anymore.

[catnipman]

Seems like RSA would be subject to enough successful lawsuits to be driven into bankruptcy.

[GeronL]

Just the loss of business could do that

[familyop]

"Nixon was an amateur compared to Obama"

True. Some folks behind Nixon may have started some of the activity that led to the NSA of today. They also started the effort to give China most favored nation trade status. But then the Clintons did the most to accelerate both of those efforts.

[Myrddin]

My recent cybersecurity refresher training was pimping encryption and claiming only company issued PKI was acceptable. I smell a back door in that policy. If it’s sensitive enough to need encryption, you’ll have to get the key and the algorithm from me. No corporate back door.