RSA denies NSA collusion over backdoor code access

Security firm


has categorically denied colluding with the US National Security Agency (NSA) after allegations that the company accepted $10m of government cash in order to make compromised code its default. Reports late last week

suggested RSA had been paid by the NSA

to adopt a random number generator that the agency had purposefully left backdoor access to, something the company strenuously denies.

Chatter of a "secret contract" is patently false,

RSA says

, pointing out that any collaboration between it and the agency has ben openly publicized.

In fact, RSA reminds, back when the contentious code – known as Dual EC DRBG – was first implemented as the default in its BSAFE toolkit, in 2004, the NSA's role in the security sector was seen very differently. Then, the company says, the NSA was considered trustworthy and as aiming to "strengthen, not weaken, encryption" by security firms.

Contrary to some claims, RSA insists that it has never knowingly worked to introduce backdoor access into any of its products.

It's unclear whether the denials will satisfy those now doubtful of RSA's security credibility. Some sources last week claimed that the NSA had not been upfront about its intentions with – and the flawed nature of – Dual EC DRBG, arguing at the time that it was a legitimate tool rather than a compromised one.

RSA says it relied on the National Institutes of Standards and Technology (NIST) for guidance as to whether to continue to use the code, with

the decision to drop it

coming in September this year on the Institute's advice despite concerns initially arising back in 2007.

However, sources last week claimed that the NSA had used RSA's early adoption of Dual EC DRBG as a prime argument for accelerating NIST approval in the first place.