On Friday, Reuters alleged that RSA, one of the world's best known security brands, took $10 million from the NSA in the early 2000's, as part of a secret deal designed to help promote Dual EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) - a pseudo random number generator (PRNG), used during the creation of cryptographic keys.
Dual EC_DRBG was the default PRNG option when it came to generating cryptographic keys in RSA's BSAFE toolkit and Data Protection Manager. It remained the default until September 2013, when RSA encouraged customers to stop using it. RSA's warnings were issued after documents leaked by former NSA contractor Edward Snowden suggested that Dual EC_DRBG contained deliberate flaws that were likely placed there by the NSA. In the years prior, Dual EC_DRBG earned the scorn of critics who called it a poor choice as a PRNG option, and researchers who warned that it could be an NSA backdoor.
According to Reuters, the $10 million deal helped get Dual EC_DRBG approved by the NIST, and provided a sizable boost to the RSA's bottom line.
"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show."
However, in a statement issued on Sunday, RSA flat out denies the claims made by Reuters. But their statement actually sidesteps the issues raised.
"...We categorically deny this allegation... RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use."
The statement points out that RSA's relationship with the NSA, both as a vendor and active member of the security community, is public record. When concerns were raised about Dual EC-DRBG in 2007, the statement says that RSA relied "upon NIST as the arbiter of that discussion" at the time, and that they followed NIST's recommendations years later when it came to discouraging the algorithm's usage.
However, if one were to read the statement again, you'd focus on the line where RSA says that they have "...never entered into any contract or engaged in any project with the intention of weakening RSA’s products..."
This statement doesn't deny that RSA's products were weakened by the use of Dual EC_DRBG, just that there was no intention to do so. In fact, the statement says that RSA trusted the NSA at their word:
"...At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption..."
So here, it seems as if RSA confirms they were paid to use Dual EC_DRBG, but they didn't know it was broken, because they trusted the NSA. This also jives with what insiders familiar with the deal told Reuters, as they claimed that the NSA misrepresented themselves. In fact, based on the statement's wording, the only thing denied is the notion that the agreement with the NSA was a secret.
All things considered, it could be said that RSA didn't intentionally use a broken algorithm in their products. They used it without understanding it fully, for what seems to be a $10 million boost to the bottom line. Otherwise, their blind trust in the NSA has come back to haunt them years later, when it's revealed that they were betrayed by a trusted source and customer.