Though concerns about the NSA installing a backdoor in the random number generator used by encryption companies like RSA have been around for many, many years now, Edward Snowden’s leaks have revealed more details on the matter, and we didn’t know the half of it.
Not only did the NSA create and push a faulty random number generator as a way to create a de facto backdoor into encryption schemes using it, they even paid RSA $10 million to make the NSA formula the “default” in their products.
The random number generator created by the NSA was the official “government standard” and were widely adopted in no small part because RSA, one of the market leaders in encryption products at the time, were pushing it so hard.
RSA has since been bought out by EMC, and upon today’s revelation announced that it is advising its customers not to use the default NSA formula for generation anymore, now that it is public knowledge that it is faulty.
At the same time, the company defended shipping the known faulty program for many years, insisting that it was “in the best interest of its customers” and that the decisions on what “features” to include in their programs are no one else’s business.