Forgot your password?
typodupeerror
Communications Encryption Privacy Linux

John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC 362

Posted by timothy
from the many-fingers-many-pots dept.
New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
This discussion has been archived. No new comments can be posted.

John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC

Comments Filter:
  • Given the recent hoo-ha with the NSA listening in, and then also admitting that (along with GCHQ) they have "broken" most commonly used encryption, it looks as though the "don't use anything that we can't either backdoor or crack" is, if not NSA itself, certainly from one of their supporters.

    • by Anonymous Coward on Saturday September 07, 2013 @03:34PM (#44785089)

      "one kernel developer"

      Names please? And was it really only one - or one do the actual blocking and the rest kept silent as they were instructed? Seriously we need more whistlblowers, it is an urgent social obligation at this point. People stepping forward with this kind of analysis and stories - have *you* been pressured or blocked when trying to imrpove security? Otherwise how are we the engineers ever "going to take back" the Internet?

      • I assume this guy is trying to toe the line between free speech and being branded a traitor and jailed for the rest of his life. If I were in his shoes, I do not think I would want to out an undercover NSA operative.

        • by MrDoh! (71235) on Sunday September 08, 2013 @12:57AM (#44787819) Homepage Journal

          . If I were in his shoes, I do not think I would want to out an undercover NSA operative.

          Get the pitchforks! Let the rampant speculation begin!

          I think it's Stallman, no way could he be real. He's obviously a agent provocateur plant set out to gather info on anyone who'd actually listen to his ramblings. Rather cunning too, it's always the last you'd expect.

    • by icebike (68054) on Saturday September 07, 2013 @03:43PM (#44785139)

      Well with this guy all but naming nanes, perhaps it's time to name names.

      There was a call recently for those who put back doors in critical code, to come forward and speak up.
      While some may put themselves at seriously legal risk for doing so you wouldn't expect to see such risk in open source projects.

      We could then review their work very carefully.

      Should we look more closely at SELinux? Are we prepared to find which of our heros have been in the NSA's pocket?

    • by Jeremiah Cornelius (137) on Saturday September 07, 2013 @04:26PM (#44785367) Homepage Journal

      WE can cause them to completely fail. How? Make this like SETI, or the RC4 competition, in reverse!

      They find needles in haystacks. Our job is MORE, BIGGER HAYSTACKS!

      Create more crypto-garbage for them to sift. Expensive to crack and useless, when decrypted. Start by upgrading to Tor 2.4, and running a non-exit-node relay.

      Add your own ideas. We can chaff the net with more problems than they can manage, even with their stadiums full of Xeons!

      • by Ziest (143204)

        Correct. Making bigger haystacks, poisoning the well is the key to, if not bring down the NSA, but at least bog them down. If what we have read is correct, that the NSA retains everyting that is encrypted, encrypt everything and generate tons of garbage email that is encrypted, If many set their mail servers to have a catchall address which silently gets tossed into the bit bucket. The idea here is that what ever is the cost to decrypt a message it is not zero.

        The other point is that stuffing their database

      • by Burz (138833)

        Tor is good for web pages and little else. I2P is designed to handle everything from P2P filesharing to voice to email; IOW, its a secure+anonymous (really pseudonymous) layer for IP. If people want to conduct their personal lives and business without the online spying, they need to start articulating what tools are necessary to continue communications. I believe I2P is just such a tool (indeed, the one that the other privacy enhancing tools are based). Tell people you know to contact you through your I2P a

        • We don't just want to conduct ourselves privately.

          We want to actively disrupt the engine of oppression, by jamming a spanner in the works. Every "little man", with a private act of ambiguous disobedience is a small victory, which will ruin the plans of the arrogant and unprincipled "authority".

          Don't just use Tor and I2P for meaningful data transfer. Send blocks of useless, misleading crap - that are expensive to examine. Frequently.

          Name them things like "SCADA" and "VulnAssess". ;-)

          Then? Include the tex

          • Re: (Score:3, Insightful)

            by BitZtream (692029)

            Instead of disrupting shit, why don't we just fix it?

            If people ACTUALLY cared, and I don't just mean you and I, 'the people' of this country ... if they actually cared, fixing this problem is literally only 4 years away, and you can do a MASSIVE amount of change in only 2 years.

            First off, stop voting for the president. He is REALLY NOT IMPORTANT. He isn't. The American ignorance of how our government works and too much red vs blue and only listening to campaign speeches and what the 'liberals' or 'conser

    • Classic military blunder.
      In all this discussion I have yet to see the real problem addressed. Like so many military adventures in the past, the people who create and operate the process assume that there are unlimited funds to operate and that somebody else is handling the finance of the process to make it profitable for the state. There are not unlimited funds to purchase and maintain computers and in fact they have already gone trillions of dollars in debt because somebody failed to do their job and say
  • by EnergyScholar (801915) on Saturday September 07, 2013 @03:39PM (#44785115)

    It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.

    Of the multiple examples John calls out, the most poignant is probably the needlessly complicated IPSEC standards. Overly complicated standards lead to bugs and flaws. He and Bruce Schneier describe a process that certainly sounds like NSA sabotage of security standards.

    What should be the upshot of this? Perhaps people involved in security research should recognize that [b]anyone affiliated with NSA is a likely saboteur[/b]? Is such sabotage, which deliberately cripples the security of USA electronic infrastructure, a form of treason? Since this sort of deliberate sabotage of technology is the sort of thing terrorists might do, perhaps the NSA, and every person associated with that organization, should be placed on a Terrorist Watch List?

    In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?

    • by bmo (77928) on Saturday September 07, 2013 @03:47PM (#44785157)

      "In all seriousness, how should the technical and geek community deal with this sort of sabotage?"

      Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.

      --
      BMO

    • by MRe_nl (306212) on Saturday September 07, 2013 @03:49PM (#44785167)

      Read all (4 pages) of chapter 13 basically, but in this case perhaps specifically;

      "Spies cannot be usefully employed without a certain intuitive sagacity. Before using spies we must assure ourselves as to their integrity of character and the extent of their experience and skill."

      "Without subtle ingenuity of mind, one cannot make certain of the truth of their reports."

      • by girlintraining (1395911) on Saturday September 07, 2013 @05:48PM (#44785907)

        As long as we're talking about Sun Tzu... the rule I find most relevant is Again, if the campaign is protracted, the resources of the State will not be equal to the strain. In other words, war better start fast and end fast, or it'll cost too damn much. The United States is constantly at war. We can't go more than a few months without CNN running another story: "US Thinking About Bombing Again, Film At 11" ... and that's ignoring all of our wars on intangible things like terrorism, drugs, poverty... and the growing notion that the government has declared war on itself as well... the zeal for attacking these intangible things has led to us eating away at ourselves like our law enforcement and judicial branches are having some kind of allergic reaction and bloating up all over the place like they've been stung by bees... attacking itself due to the allergic reaction.

        • by MRe_nl (306212)

          "Now, when your weapons are dulled, your ardor damped, your strength exhausted and your treasure spent, other chieftains will spring up to take advantage of your extremity. Then no man, however wise, will be able to avert the consequences that must ensue".

          Machiavelli's "Discourses on the Ten Books of Titus Livy" has some nice current relevancy as well.

          Wait, what, there's a "War on Poverty"? I missed that one apparently.

    • I do not know how we the geek community should respond, but NSA is defiantly is using the following Sun Tzu tactic to destroy any coherent and effective security standard - worldwide (which is the amazing part - how do all the non US security professionals and their respective countries sign themselves up to a NSA destroyed security standard?):

      "Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent's fate."

      Sun Tzu

    • by gweihir (88907) on Saturday September 07, 2013 @04:28PM (#44785385)

      Indeed. IPsec is a terrible, terrible mess. I always wondered how the IETF could mess up so badly when doing reasonable work otherwise. Now I know, intentional sabotage of critical infrastructure by the NSA is to blame.

    • by Shavano (2541114)
      I think most useful to the public would be a list of what security standards and methods are presently believed to be most secure and those known to be insecure and/or backdoored.
    • Probably with the abolition of committees. One genius can come up with a spec and even make a program that uses it all by themselves, they do not need committees that invite NSA operatives and corporate representatives in. One person, can come up with the best way to do something, and then just do it. Creating software is not that hard.

    • by 1s44c (552956)

      In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?

      Replace IPsec with an open and non-pathological standard.

      I'm sure you have used OpenSSH and/or OpenVPN, they are simple, elegant, cross platform, and come with mountains of features. IPsec is a confused nightmare in comparison.

  • From Yesterday. (Score:5, Insightful)

    by bmo (77928) on Saturday September 07, 2013 @03:44PM (#44785143)

    This post needs repeating.

    +=+begin paste+=+

    The destruction of trust (Score:5, Insightful)
    by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)

    The worst part of the damage done by this isn't technical. It's human.

    The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.

    I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?

    Will anyone be asking themselves the same questions about me? (They probably should.)

    The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

    +=+end paste+=+

    --
    BMO

    • by theNAM666 (179776)

      Mod parent up. Please link to original if possible. Thanks.

    • Re:From Yesterday. (Score:5, Insightful)

      by Anonymous Coward on Saturday September 07, 2013 @04:11PM (#44785291)

      The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

      Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust. The NSA is only responsible for "enormous arrogance". There were a large number of hands involved over decades.

      It's a bloody shame that it took so long for even a single person to leak what was cooking here for so long. SS and Gestapo could not rely on a remotely comparable quota of people willing to drive the constitution into the ground.

      That gives a rather bland perspective for the hope to curb the Fourth Reich by democratic means and put a stop to the stellar rise of U.S. fascism. Neither congress nor president seem to have what it takes to bring the CIA, FBI and NSA back under democratic control.

      After Edgar Hoover established the FBI as the ultimate power of the U.S.A. by collecting files on everybody who could possibly endanger its autocratic rule over the U.S.A., congress decided that no FBI director might reign for longer than 10 years in future to avoid amassing that amount of power again.

      Incumbent Robert Mueller is Führer of the FBI for 12 years already. Looks like everybody was so infatuated with his efficiency that nobody wanted to be the one to tell him his terms were over and bear his disappointment.

      And nobody will want to tell the NSA that their funding will be restricted to constitutional activities and bear their disappointment.

      • Re:From Yesterday. (Score:5, Insightful)

        by 93 Escort Wagon (326346) on Saturday September 07, 2013 @04:50PM (#44785561)

        Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust.

        In the same sense that a person who gives evidence to a woman that her husband is a philandering axe murderer has destroyed that woman's trust in her husband.

        Snowden merely provided thorough documentation that the trust was erroneously given - the other party was completely untrustworthy.

    • Re:From Yesterday. (Score:5, Interesting)

      by Tom (822) on Saturday September 07, 2013 @04:15PM (#44785313) Homepage Journal

      The Internet was built on, and runs on, trust.

      And that's a fundamental flaw and a stupid mistake, as we learn again and again and again. Whether it's spam, the dominance and abuse of certain large players, the commercial takeover, or now the surveilance state.

      Never built a relationship with parties you don't know personally on trust.

      Never.

      Ever.

      Humans are inherently cooperative with peers, and competitive with everyone else. Your trust will be abused.

      Bruce is right, but he misses the scope of the problem. If we want to take back the Internet, not just from the NSA, but also from Google, Facebook, the spammers, the scammers, the media industry and the corporate interest, we need to completely re-engineer it on a different fundamental concept.

      One of self-interest.
      One based on the assumption that the other side to a data exchange is hostile.
      One assuming that intermediates can not be trusted.

      90% of this Internets problems would be wiped out if we were to re-design it with an assumption of hostility.

      That's hard to swallow for us geeks. Most of us have grown up in a hostile world we barely understand. With people bullying you at school, then exploiting you in the workplace, meanwhile egomanic idiots who are good at fooling people and nothing else take all the credit. So we have a deep desire for a more friendly world. Building that ourselves was a dream. It was incredibly cool while it lasted. Now it's time to wake up.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        90% of this Internets problems would be wiped out if we were to re-design it with an assumption of hostility.

        To do that we would need to use a Nash style "fuck you buddy" game theory. And to tell you the truth i dont think anything would actually get built if we did it that way. We would just end up with a lot of cellular walled gardens. That is not really an internet, in fact i believe they want us to wall ourselves up. Much easier to be controlled by the state. We really want it to be as open and trusting and chaotic as possible. Despite the risks of opening yourself to abuse, it can always be corrected, when ab

        • by Tom (822)

          That is not really an internet,

          In fact, that precisely is an Internet - a network of networks. All the Internet was meant to be is a connection between networks.

          in fact i believe they want us to wall ourselves up. Much easier to be controlled by the state.

          Never subscribe to a stupid, idiotic, brain-dead conspiracy theory when all you need is basic human psychology.

          Frankly, the government is the very last people I would consider competent to run a conspiracy. They're the most incompetent, corrupt, stupid lot I've ever seen.

          We really want it to be as open and trusting and chaotic as possible.

          Not trusting. Chaotic and trusting don't mix. All it takes to spoil everything is one asshole who abuses you.

          • by gottabeme (590848)

            Never subscribe to a stupid, idiotic, brain-dead conspiracy theory when all you need is basic human psychology.

            Frankly, the government is the very last people I would consider competent to run a conspiracy. They're the most incompetent, corrupt, stupid lot I've ever seen.

            Appeal to ridicule and generalization. The government is like a network of networks; some subnets are wholly incompetent and/or corrupt; others are highly trained and able to accomplish much, whether for good or evil.

    • Re:From Yesterday. (Score:5, Insightful)

      by geogob (569250) on Saturday September 07, 2013 @04:32PM (#44785415)

      Its worse than worse.... The NSA was, from what I understand, widely active in the crypto and data security scene. They have their hand on every committee. Their research in every development.

      Up to now, I, and probably most of us, assumed good faith. That they were actively playing their role to reinforce security in data protocols an communications with critical application in mind (banking, national security, medical equipment, utilities, etc). Why else play such an active and visible role?

      Now it seems there was an ugly monster hidden under this veil. That they used this assumed role to incorporate weaknesses and back doors at every imaginable level of data security. Not only is it an impressive breach of thrust, it is also in increadibly dangerous behaviour. They are basically giving their enemies the perfect tools to infiltrate the systems and protocols every one thought they were protecting.

      If you ask me who's the traitor, Snowden is not the first that comes in mind...

      • Re:From Yesterday. (Score:5, Interesting)

        by cpghost (719344) on Saturday September 07, 2013 @04:47PM (#44785539) Homepage

        Now it seems there was an ugly monster hidden under this veil.

        I'd rather say that the NSA is Dr. Jekyll and Mr. Hyde. They need strong codes for crucial US companies (and government agencies) to be widely adopted... and that's their good role. But they need to tap into the codes of the adversary, and that's their bad role. Due to the dual nature of their mission (to protect own codes, to crack foreign codes), and due to the fact that we've become a global village using the same codes, the NSA has developed some kind of dual-personality disorder, where it fights itself.

        • Re:From Yesterday. (Score:5, Insightful)

          by santosh.k83 (2442182) on Saturday September 07, 2013 @06:43PM (#44786223)

          Why should you give yourself a need to tap into the codes of others when militarily you are and economically you were, untouchable? Why not simply devote yourselves to building your country to greater and greater heights while acting only in defense against any aggressors (which you'd have had precious little off if you hadn't started so many wars in the first place)? The end of the Cold War and collapse of USSR could really have been used by the US to advance leaps and bounds in terms of science, tech and human standards, but instead, year after year it's shoving itself onto every piece of hell on earth, getting caught up in costly and messy quagmires, embarrassing itself...

          The NSA could have acted far more ethically had the policy of the USA been one of just defense when needed, but no, the policy happens to be one of offense at every turn, preemptive offense in fact, and hence the necessity to turn yourself slowly into one big military camp

        • Re:From Yesterday. (Score:4, Interesting)

          by currently_awake (1248758) on Saturday September 07, 2013 @07:42PM (#44786585)
          Then the NSA should be split into Offensive and Defensive, with separate chain of command.
    • It's time that security standards are developed outside of the USA, without any US involvement.
  • by X.25 (255792) on Saturday September 07, 2013 @03:48PM (#44785163)

    For many years, I just felt that something was wrong, and would do "silly things" (I was an admin, whoops) like setup VPN tunnel, then require everyone to use SSL and client certs to access a service. So people would laugh at usage of VPN + SSL (and then certs on top of it) and ridicule it.

    Spent more than a decade trying to explain to *technical* people why self-signed certs are much more secure than 'commercial' certs, and I could never understand why people couldn't understand what I am saying. Well now I know, they simply couldn't beleive any government would do things we're seeing done.

    Been laughed at quite few times, but I can tell you that noone is laughing right now.

    And now I finally know that I am not a fucking lunatic.

    Thank you Edward Snowden.

    • by jeti (105266)

      Just that they're out to get you doesn't mean your not paranoid.

    • by ledow (319597) on Saturday September 07, 2013 @05:21PM (#44785749) Homepage

      I always just assumed such things were good sense.

      For years people fretted over WEP and then WPA being cracked. At no time was I affected. Sure, I bumped up my wireless to use the new systems, but all the time I was using OpenVPN and other software over the link anyway.

      That thing broadcasts through the air - no way I'm trusting a single protocol, and once WEP was dead (and so badly), I certainly never trusted WPA that much either. When that was weakened, WPA2 looked shaky too. But I always had a second layer, and my usage of systems was never affected - there is basically zero overhead on a modern machine of having something like OpenVPN connect automatically over your wireless, even for gaming.

      My servers run SSH2, sure, but the same again. I don't expose the ports and only certain things get access anyway. When you can get to an SSH port, you're looking at key-based authentication with passphrases (not made on the target machine). Bam, saved myself from a ton of port spam, plus all the Debian weak-key shite, plus the problem of my remote server being compromised someone and compromising keys that were generated on it.

      It's a little paranoid, I have to admit, but when that slight paranoia - borne mainly of a desire to understand how these things work and then, when you have a working system, carrying it on throughout your use of that system - was justified, it becomes a reinforced habit.

      And when you have things like VPN daemons running at lower privilege and the only escalation to root being through SSH2 keys over that VPN (and not any other way), then you have a double-protection against things.

      Compromise of any one only gets you so far - a limited user account which can only SSH which a key you don't have, or authentication access to something which you can't VPN to anyway. It's not invincibility, but I assumed most of the Slashdot crowd would be doing similar things, just out of the same basic principle - experimentation, self-teaching, applying the same principles that we should to our work, and distrust (not of people like the NSA, but just that a protocol would eventually have a flaw discovered in it, and getting yourself twice the lifetime out of such systems).

      It's also the reason I've never touched PPTP or IPSEC. Nothing to do with the NSA or GCHQ. I just never trusted their messes as one is now completely compromised and the other was always balancing on a knife-edge anyway.

      Do people honestly NOT have this sort of double-layer protection? I mean, it won't stop GCHQ taking an interest in me, or asking my server host to butt in, but it stops things like simple compromises from ANY source walking straight into systems that they detect are running vulnerable software.

      • by bmo (77928)

        >Bam, saved myself from a ton of port spam,

        Another simple way to keep ssh out of the bots is if you don't need to, just don't use port 22. If they have to scan the entire machine to find the ssh port, they're not gonna do it. Too slow. This won't deter the determined cracker at all, but it helps.

        >key auth ssh

        Not only is this more secure, but it's easier once it's set up.

        > It's not invincibility,

        Anyone with any real common sense with regards to this knows it. The problem with common sense is tha

      • by whoever57 (658626)

        It's also the reason I've never touched PPTP or IPSEC. Nothing to do with the NSA or GCHQ.

        Microsoft's MS-CHAP (used with PPTP) has known vulnerabilities. Which of the following is true:
        Microsoft is incompetent at secure software or:
        Microsoft deliberately included vulnerabilities to make things easier for the NSA?

  • by X.25 (255792) on Saturday September 07, 2013 @03:52PM (#44785189)

    ..."backdoor":

    bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack

    Many people laughed at this at the time.

    Guess they're not laughing now.

  • History of DES (Score:2, Interesting)

    by Anonymous Coward

    https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html

    When IBM submitted DES as a standard, no one outside the National Security Agency had any expertise to analyze it. The NSA made two changes to DES: It tweaked the algorithm, and it cut the key size by more than half.

    The NSA's changes caused outcry among the few who paid attention, both regarding the "invisible hand" of the NSA--the tweaks were not made public, and no rationale was given for the final design--and the short key length.

    It took

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

      From whose point of view?

    • Re:History of DES (Score:4, Informative)

      by CRCulver (715279) <crculver@christopherculver.com> on Saturday September 07, 2013 @04:21PM (#44785335) Homepage
      Just because the NSA toughened some standards in the 1970s doesn't mean they are good guys now. After all, many familiar with the inner workings of the agency have said that the mood there changed greatly after 9/11 to "privacy be damned", and the Snowden documents leaked the other day admit right now that the NSA has inserted backdoors into cryptosystems used by the general public.
      • by X.25 (255792)

        Just because the NSA toughened some standards in the 1970s doesn't mean they are good guys now. After all, many familiar with the inner workings of the agency have said that the mood there changed greatly after 9/11 to "privacy be damned", and the Snowden documents leaked the other day admit right now that the NSA has inserted backdoors into cryptosystems used by the general public.

        They were "good guys"? People have short memories. NSA have been involved in this type of shit for a long time (in physical world).

        http://cryptome.org/jya/nsa-sun.htm [cryptome.org]

    • Re:History of DES (Score:5, Informative)

      by amorsen (7485) <benny+slashdot@amorsen.dk> on Saturday September 07, 2013 @05:37PM (#44785841)

      It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

      The S-box tweak made DES resistant (well, more resistant) to differential attacks. The shortened key length did not improve security, it reduced security.

  • by Anonymous Coward on Saturday September 07, 2013 @03:53PM (#44785199)

    We live in an Open Source world now. So why don't the cryptographers who said IPSEC was too complicated not draft a simpler protocol that can be scrutinised by their peers? It won't matter if corporations don't rally round it, if you can get support from the open source community to implement it in things like the Linux kernel it will be adopted in preference to IPSEC anyway. Corporate users who have concerns about IPSEC might prefer it too.

    After all, PGP didn't need a standards body behind it. The Blowfish encryption algorithm (developed by Bruce Schneier) is still more trusted than most variants of AES.

  • by apcullen (2504324) on Saturday September 07, 2013 @04:06PM (#44785257)
    PGP comes to mind. Cant an application developer just create a 1024-bit public key encrypted chat program?
  • by SerenelyHotPest (2970223) on Saturday September 07, 2013 @04:21PM (#44785337)

    Until recently, the public hasn't cared about cryptography's political/privacy ramifications, let alone about crypto itself. As a technical person, I concede that the learning curve is steep; to even make basic judgements on the safety of others' cryptosystems like, "well, does it use AES?" typically takes several months of training that don't always sink in. One of the better jinns to emerge from the NSA Spying Pandora's Box has been increased public interest in crypto/general information security. In my present personal opinion, a better project for the EFF et al. to engage in rather than continue to prop up the fairly vulnerable and incriminating Tor system (given the people intent on breaking it) is launch a policy to educate laymen on principles of encryption use (things like what a public-private cryptosystem is, what a digital signature is, general advice on what to use and what not to use--that sort of stuff).

    Email was created around a time when it was used by a few thousand academicians and not expected to carry messages between business partners, political activists, and loved ones. Its lack of inherent security has driven the layering of security ameliorations on top of the basic protocol, most of which don't work terribly well (PGP [wikipedia.org] is fractured, hard to use, doesn't support rich email, and is generally hard to use, for example). The same goes for HTTP. I agree that it's probably time for a new spec, but I don't know where or how to begin the creation of one, let alone how to get the public on board to transition, though again, the spying fiasco may generate the the impetus needed.

    It's still interesting to me that mail, which I'd generally consider far less inherently secure than secured electronic communications and as having a far lower "reasonable expectation of privacy," receives all kinds of legal protections that, say, even email exchanged purely through Gmail (which has all kinds of security precautions like DMARC [wikipedia.org], SSL/TLS [wikipedia.org], and STARTTLS [wikipedia.org]) doesn't. I think this reflects a long-term interest in western policy-making to incrementally convert "free societies" into police states, as others have observed. It looks like the governments of the US, UK and collaborators are simply waiting for mail to become completely obsolete so all communications are fair game for eavesdropping. It brings to mind what Ray Bradbury said in Farenheit 451: the government didn't have to outlaw books until most people were so fed up with them that no one noticed when the crackdown began.

  • by epine (68316) on Saturday September 07, 2013 @04:32PM (#44785419)

    The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.

                — George Bernard Shaw, Man and Superman (1903)

    What would the NSA do confronted with an individual so high-minded and abrasive as to be relatively immune to the bullying tactics of the second-largest bullhead in the room? They would plant and nurture the meme that Theo sucks as a human being and that one's choice of OS and security software deployed rests on social morality rather than logic.

    Who's looking like the reasonable man in the room now?

    It's almost tautological than anyone abrasive enough to successfully push back against covert and well-funded NSA assholerly is not going to be a poster child for harmonious cooperation.

    I've followed this little soap opera avidly (but with a relatively small corner of my mind) since Bamford's Puzzle Palace in 1982. I was then enrolled in an undergraduate mathematics program at a university famous for its cryptographers and I heard a few stories directly. I suspect I've read twenty books on the origins of these agencies before, during, and after WWII, ranging from espionage to black budgets to the ITAR fiasco.

    I'm surprised by exactly none of this. I just didn't know the specifics of how it was done. The peculiar part was that the NSA seemed to have a very low appetite for taking this fight to the courts in the Clipper chip era. Now we know that they had a giant Plan B, much more to their taste than entering into a public process where things get written down.

  • How to crack RSA (Score:5, Interesting)

    by Okian Warrior (537106) on Saturday September 07, 2013 @05:04PM (#44785653) Homepage Journal

    In response to the current situation, I've been researching random number generators - especially the builtin one in Intel processors.

    It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.

    If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice [factorable.net]! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.

    With a very large number of keys, you don't need to try N*(N-1) pairs of keys: partition the keys into two sets, multiply all the keys in the first set together, multiply all the keys in the second set together, then calculate GCD(Set1,Set2). In one calculation, you've determined whether any single key in the first set has factors in common with the any key from the second set.

    Bruce Schneier believes that the algorithms are robust, and that the NSA is using other methods to break the encryption. Here's one likely way that they are doing it - they weaken the random number generator on a class of devices, harvest all the encryption keys they can find, then look for common factors.

    From this article [idquantique.com] talking about the study: "[Researchers from the linked paper found] “vulnerable devices from 27 manufacturers. These include enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; VPN devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products [1]."

    The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.

    • Re:How to crack RSA (Score:4, Interesting)

      by Dan East (318230) on Saturday September 07, 2013 @06:28PM (#44786119) Homepage Journal

      The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.

      Then don't use the hardware random number generator. Do it all in software.

    • It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.

      Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are. Also, few intel processors have built-in RNGs, at least not ones the Linux kernel can use. Non

    • by swillden (191260)

      If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice [factorable.net]! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.

      That would be a very compelling argument, except that nearly all of the keys with common factors were from embedded devices, and the root cause was that they didn't have a hardware RNG or any other good entropy source.

      It would be interesting to see the common factor percentage with embedded devices excluded.

  • becomes more relevant with every passing day.
  • by giorgist (1208992) on Saturday September 07, 2013 @08:24PM (#44786807)
    If NSA has a backdoor to anything, it simply allows for a backdoor to everybody. It is not like the backdoor would be wired to an NSA IP address. Ultimately it creates a disservice for the country.

Never trust a computer you can't repair yourself.

Working...