Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(PCWorld)   NSA may have inserted a crap algorhithm into RSA's into its software for a payment of *raises pinky* $10 million   (pcworld.com) divider line 33
    More: Scary  
•       •       •

3606 clicks; posted to Geek » on 27 Dec 2013 at 10:32 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



33 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-12-27 10:01:40 AM  
Took a couple of days for the admins to green a link

This is over a week old news
 
2013-12-27 10:36:01 AM  

cman: Took a couple of days for the admins to green a link

This is over a week old news


In fairness, tt took me several days to figure out the syntax of subby's headline.
 
2013-12-27 10:42:27 AM  
Al Gore Hit Him?
 
2013-12-27 10:48:21 AM  
Yeah, I'd heard hearsay of things like this happening back in the early 80s. The ex-bf of a woman I dated back then - he was one of *those* Schaflys, incidentally, Phyllis somehow spawned a mathematical genius -  had been working on one of the first software implementations of the RSA encryption algorithm, and the NSA told them to put in a back door. They didn't want anything unbreakable on the market.

Can't remember if they ever marketed anything. It's been decades since I heard the story.
 
2013-12-27 10:48:59 AM  

Byno: cman: Took a couple of days for the admins to green a link

This is over a week old news

In fairness, tt took me several days to figure out the syntax of subby's headline.


That is because the crap algorithm for grammar was paid for by the NSAs.
 
2013-12-27 11:04:40 AM  

Mytch: Byno: cman: Took a couple of days for the admins to green a link

This is over a week old news

In fairness, tt took me several days to figure out the syntax of subby's headline.

That is because the crap algorithm for grammar was paid for by the NSAs American tax payers.


FIXED
 
2013-12-27 11:08:45 AM  

cman: Took a couple of days for the admins to green a link

This is over a week old news


Its pretty clear the NSA wrote Drew a check to delay this article being greenlit.

/which is just as likely as NSA writing RSA a check when RSA is perfectly capability of fark'n up its software well on its own
 
2013-12-27 11:10:41 AM  
So let me get this straight: they don't deny they entered into a contract, tthey don't deny they did introduce a backdoor, they deny only that they entered into a contract with the intent to introduce a backdoor or otherwise weaken the security of their own products.

If they'd already implemented Dual_EC_DRBG because it was part of the four available RNG algorithms (the other three are still believed to be secure), changing the default could have taken little more effort than a one-line fix. Why would NSA offer $10M to make it the default random number generator in BSafe? Perhaps RSA thought NSA was offering $10M out of the goodness of their hearts? There's so much BS in RSA's non-denial-denial that it's almost like the proverbial bull has the runs.
 
2013-12-27 11:13:59 AM  
"Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin."

--John von Neumann
 
2013-12-27 11:31:01 AM  
None of the work I did with my RSA tokens in the past several years was anything the NSA would be interested in, but they can have fun reading through my test reports and bug reports.
Some of the stuff I work with is so boring and at the same time complicated that if they had the brains to figure out what I am doing they should come work for our team and help me finish all my active projects.
 
2013-12-27 11:42:03 AM  
Crap headline algorithm detected:  "algorhithm," "into RSA's into its software"  Really, subby?

How about: "NSA may have inserted a crap algorithm into RSA's software..." yadda yadda?
 
2013-12-27 11:45:09 AM  
Oblig

static.giantbomb.com
 
2013-12-27 12:07:56 PM  
Am I the only thinking: DuhWhat Intel organization wouldn't try this? Does the fact that it is an American Intel organization somehow exempt it from falling into temptation?
 
2013-12-27 12:12:45 PM  

cman: Took a couple of days for the admins to green a link

This is over a week old news


It's almost like there was a major holiday recently where lots of people take time off to visit families. I think it is called. The Week Where No One Does Any Work Because Jesus and Santa and Food and Beer.
 
2013-12-27 12:16:26 PM  

MBA Whore: Am I the only thinking: DuhWhat Intel organization wouldn't try this? Does the fact that it is an American Intel organization somehow exempt it from falling into temptation?


The NSA has more than one mandate. They are supposed to spy on foreign countries, but they are also supposed to ensure that the telecommunication systems of the US is secure.
 
2013-12-27 12:26:29 PM  

rev. dave: None of the work I did with my RSA tokens in the past several years was anything the NSA would be interested in, but they can have fun reading through my test reports and bug reports.


RSA makes other things besides two-factor auth systems.
 
2013-12-27 02:02:25 PM  

ActionJoe: cman: Took a couple of days for the admins to green a link

This is over a week old news

It's almost like there was a major holiday recently where lots of people take time off to visit families. I think it is called. The Week Where No One Does Any Work Because Jesus and Santa and Food and Beer.


I call that every week.
 
2013-12-27 03:41:40 PM  

dsmith42: MBA Whore: Am I the only thinking: DuhWhat Intel organization wouldn't try this? Does the fact that it is an American Intel organization somehow exempt it from falling into temptation?

The NSA has more than one mandate. They are supposed to spy on foreign countries, but they are also supposed to ensure that the telecommunication systems of the US is secure.


Yep, and this could be a national security catastrophe if the wrong person figured out how to exploit the "back door" the NSA required built in.  In today's world it would be a matter of "when" and not "if".
 
2013-12-27 03:45:26 PM  

heavymetal: dsmith42: MBA Whore: Am I the only thinking: DuhWhat Intel organization wouldn't try this? Does the fact that it is an American Intel organization somehow exempt it from falling into temptation?

The NSA has more than one mandate. They are supposed to spy on foreign countries, but they are also supposed to ensure that the telecommunication systems of the US is secure.

Yep, and this could be a national security catastrophe if the wrong person figured out how to exploit the "back door" the NSA required built in.  In today's world it would be a matter of "when" and not "if".


uh sure, all back doors are usually exploited before it goes public that there's a back door...
 
2013-12-27 04:01:56 PM  
Subby got paid $10 million to insert extraneous letters and prepositions into this headline.
 
2013-12-27 05:03:36 PM  

gingerjet: rev. dave: None of the work I did with my RSA tokens in the past several years was anything the NSA would be interested in, but they can have fun reading through my test reports and bug reports.

RSA makes other things besides two-factor auth systems.


Right, and the other part is trust.  Here we have a known incident of a US security agency planning a back door into a product that supposedly will keep your data secure.  I'm sure that will sit well with companies, particularly foreign companies, are evaluating security products to keep their data safe.  RSA threw away a large part of their credibility with this, along with a large part of the US tech industry as well.

Good job NSA!  Keeping America safe from foreign terrorists investment.
 
2013-12-27 06:25:35 PM  

Vlad_the_Inaner: "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin."

--John von Neumann


That's why I use a handful of ten-sided dice to generate random numbers.
 
2013-12-27 07:15:11 PM  

dittybopper: That's why I use a handful of weighted ten-sided dice to generate random numbers.


FTFY.
 
2013-12-27 07:59:47 PM  
Mr. Potato-subby, backdoors are not a secret!
 
2013-12-27 08:48:03 PM  

AdamK: uh sure, all back doors are usually exploited before it goes public that there's a back door...


That's what SHE said!
 
2013-12-27 09:26:24 PM  
Wasn't there some article about video cards being used in military PCs that had spyware/bugware/backdoor stuff inserted by the "Made in China" outfits?
 
2013-12-27 10:00:35 PM  
FTA: "The NSA declined immediate comment."

Maybe they'll have something to say as they're smoking their last cigarette, just before we put the blindfold on them.
 
2013-12-27 10:05:53 PM  

dittybopper: Vlad_the_Inaner: "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin."

--John von Neumann

That's why I use a handful of ten-sided dice to generate random numbers.


A handful is probably less secure than throwing a single die for each digit.  Your subconscious might read the mess-o-dice in an order that looks best to it, and that might not be as random as it might be
 
2013-12-27 11:07:27 PM  

Vlad_the_Inaner: "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin."

--John von Neumann


Quantum vacuum fluctuations are the way to go.
 
2013-12-27 11:39:04 PM  
So, now (or a week or so ago, as it were) would be a good time to sell any RSA stock you have in your portfolio, I take it?
 
2013-12-28 12:07:35 AM  

Jay CiR: So, now (or a week or so ago, as it were) would be a good time to sell any RSA stock you have in your portfolio, I take it?


No point. RSA was bought out be EMC, and RSA's revenue is a drop in EMC's bucket. The longer-term play will involve a move away from US-based information services providers. If you want something tradable, take a look at Cisco's drop in overseas sales, and last quarter's earnings miss. Global enterprises are beginning to treat all US-sourced hardware and software platforms as compromised, and are voting with their dollars. I can't say I blame them, really.
 
2013-12-28 04:48:11 AM  
Every Duck Dynasty thread gets a zillion comments

Reality TV: important

Everything else: yawn
 
2013-12-28 10:22:22 AM  

Kibbler: Every Duck Dynasty thread gets a zillion comments

Reality TV: important

Everything else: yawn


I thought the same thing reading this thread. I have no idea how this isn't a bigger story, especially with the implications for the financial sector and the RSA technology they are currently using.

Having worked at a bank before, I am even MORE scared for the safety of my money than before. I can only imagine someone crafting an exploit against this weakness...
 
Displayed 33 of 33 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report