The National Security Agency paid $10 million to the security firm RSA to implement intentionally flawed encryption, according to a new report.
December 20, 2013 5:03 PM PST

An RSA SecurID key fob.
(Credit: Via Wikimedia Commons)
What's an encryption backdoor cost? When you're the NSA, apparently the fee is $10 million.
Intentional flaws created by the National Security Agency in RSA's encryption tokens were discovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.
Related stories:



Two people familiar with RSA's BSafe software told Reuters that the company had received the money in exchange for making the NSA's cryptographic formula as the default for encrypted key generation in BSafe.
"Now we know that RSA was bribed," said security expert Bruce Schneier, who has been involved in the Snowden document analysis. "I sure as hell wouldn't trust them. And then they made the statement that they put customer security first," he said.
RSA, now owned by computer storage firm EMC Corp, has a long history of entanglement with the government. In the 1990s, the company was instrumental in stopping a government plan to include a chip in computers that would've allowed the government to spy on people.
It has also had its algorithms hacked before, as has RSA-connected VeriSign.
The new revelation is important, Schneier said, because it confirms more suspected tactics that the NSA employs.
"You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said.
Other companies that build widely-used encryption apparatus include Symantec, McAfee, and Microsoft. "You have no idea who else was bribed, so you don't know who else you can trust," Schneier said.
RSA did not return a request for comment, and did not comment for the Reuters story.