Yesterday, David Benjamin posted a pretty esoteric note on the IETF’s TLS mailing list. At a superficial level, the post describes some seizure-inducingly boring flaws in older Canon printers. To most people that was a complete snooze. To me and some of my colleagues, however, it was like that scene in X-Files where Mulder and Scully finally learn that aliens are real.
Those fossilized printers confirmed a theory we’d developed in 2014, but had been unable to prove: namely, the existence of a specific feature in RSA’s BSAFE TLS library called “Extended Random” — one that we believe to be evidence of a concerted effort by the NSA to backdoor U.S. cryptographic technology.I wrote about the back story on RSA four years ago. Re-reading that post, I think that I let RSA off the hook too easily - there is credible reason to think that RSA did take $10M from NSA to weaken their widely used crypto library. The blog post above goes into why they think they have evidence of this, in software in the wild.
But the overall feeling of betrayal in my post is still fresh. And reading between the lines in the the linked post above, it seems that I'm by no means the only one. Security professionals don't talk about "hackers" - that's for the press. Pros refer to the "adversary". I suspect that a lot of the technical gurus on the IETF (the Internet standards committee) consider the NSA to be the adversary now. Quite frankly, NSA earned ever bit of that.
Hat tip: Bruce Schneier.