The RSA has denied a claim that it took $10 million from the National Security Agency to use the buggered up Dual Elliptic Curve Deterministic Random Bit Generator in its encryption products. RSA, owned by EMC, started using Dual EC DRBG by default 9 years ago, before the generator was standardized.

Back in 2007, a backdoor in the algorithm weakened the strength of any encryption which relied on it. Only this past September RSA told its clients to stop using the algorithm. The National Security Agency was accused of weakening the random number generator, but the RSA categorically denied the allegation that it knew about the flaw. It said that it could make sense to use the random number generator in an industry-wide effort to develop innovative methods of encryption. At that time, the Agency had a trusted role in strengthening (not weakening) encryption.

The RSA used the algorithm in question as an option within BSAFE toolkits when it gained acceptance as a NIST standard and thanks to its value in FIPS compliance. The RSA admitted that when concern had surfaced around the algorithm 6 years ago, they continued to rely upon NIST as the arbiter of that discussion.

However, the RSA provided no comment about the $10 million figure which appeared in a Snowden leak. It just said that it hadn’t entered into any contract or engaged in any project which could weaken its own products.