We don’t enable backdoors in our crypto products, RSA tells customers

RSA, the security firm that confirmed two of its products by default use a crucial cryptography component reportedly weakened by the National Security Agency, said such design choices are made independently.

"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any backdoors in our products," the security division of EMC said in a brief statement published Friday. "Decisions about the features and functionality of RSA products are our own."

The post came a day after RSA advised customers of the BSAFE toolkit and the Data Protection Manager to stop using something called Dual_EC_DRBG, which is the default random number generator (RNG) for creating cryptographic keys for both applications. The New York Times recently reported that the technology contained backdoor weaknesses inserted by the NSA before the National Institute of Standards and Technology formally adopted it as a standard in 2006.

Read 8 remaining paragraphs | Comments