I have admire the careful wording: "We also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."
This leaves the door open for a lot of things, including them having weakened their products and added backdoors. They just deny having entered a contract with the intention of doing so.
Though one has to wonder how exactly that deal went down. You wouldn't have to pay RSA anything to implement a good crypto algorithm because they'd do that out of pure business interest. Did the NSA call and ask "Here's a new RNG algorithm, it's slower than others and mathematically dubious. Would you implement it for $10 million?"
Most probably they said something like "many of your government agency customers would be very happy if / will require that you implemented this PRNG".
My guess would be the RSA wanted more government contracts and the NSA said they would have to implement the government preferred algo as the default. The NSA will also pay you for these efforts. RSA would see that is win-win. They are getting paid to implement the gov standard AND it will help them win contracts in the future. Only a fool would say no to that.
Even if they "didn't know", it's still commercial fraud. Had it been known that the NSA paid them for their choice of algorithm, there is no way a sane IT purchaser would have bought their solution, whether or not there was explicit knowledge of a backdoor.
I don't really understand why any organization which has even a remote possibility of a conflict of interest would accept money from a spy organization.
There were 10 million reasons. If you don't have any moral qualms, it was clearly a good business decision. People kept jobs, got raises, got bonuses, and it took one of the most important leaks in US (and world) history to cause the arrangement to be disclosed.
Now, after all of the individuals at the company claim to have had no knowledge or it, or to be against it after the fact, they will go on to new well-paying jobs.
lol, absolutely not. I worked there for a year, and I still have a lot of friends who work there. EMC is absolutely not to be trusted - who do you think is supplying the storage for the NSA datacenters, specifically their 'big boy' out in Utah?
Rest assured, regardless which if any NSA reforms are enacted, they will never stop collecting the quantity of data needed to justify that data center. If mass collection is retained, but imperceptibly reformed by having the carriers collect and "store" the data, then the Utah center will be made available as a "public service" to implement the physical storage.
If they took the money and didn't know the algo was backdoored both the original allegation and denial could be factually correct.