I think its just a matter of time till RSA is dropped like a hot brick after this revelation
http://www.techdirt.com/articles/20131220/14143625655/nsa-gave-rsa-10-million-to-promote-crypto-it-had-purposely-weakened.shtmlEarlier this year, the Snowden leaks revealed how the NSA was effectively infiltrating crypto standards efforts to take control of them and make sure that backdoors or other weaknesses were installed. Many in the crypto community reacted angrily to this, and began to rethink how they interact with the feds. However, Reuters has just dropped a bombshell into all of this, as it has revealed that not only did the NSA purposefully weaken crypto, it then paid famed crypto provider RSA $10 million to push the weakened crypto, making it a de facto standard.
If this is true, it represents a serious attack on RSA's credibility. While RSA, now owned by EMC, put out a statement saying that "under no circumstances does RSA design or enable any back doors in our products" Reuters sources seem to suggest something quite different. While it might not be seen as "designing or enabling" back doors, that is the effective result of this.
Reuters spoke to a number of former RSA employees, many of whom said it was a huge mistake for RSA to make this deal, showing how the company had strayed far away from its initial mission. Others suggest that the NSA basically duped the RSA on this, such that RSA agreed to the deal, without realizing they were promoting a compromised standard. That's not a totally crazy assertion, but it's not particular comforting either way.
We all know how the NSA operates so we cant blame them for trying this on but we can blame RSA if comes to light that they where aware of this, even if its proved to be unfounded the claims have been made and by a reputable news organisation and thus many wont be able to justify waiting for any outcome but will need to switch encryption suppliers rapidly to be able to comply with legal regulations for data protection.
This is shameful if true.
