Domain: 0xbadc0de.be
Stories and comments across the archive that link to 0xbadc0de.be.
Comments · 7
-
Re:Happy to let someone else test it
Most of FIPS is a certification process oriented on testing. However, there is a checklist of things you need to support, and one of them used to be the easy to backdoor Dual_EC_DRBG.
Now that the requirement for Dual_EC_DRBG has been dropped from NIST's checklist, it would be possible to have LibreSSL meet FIPS requirements without having the troublesome component. Most of FIPS certification is about throwing money at testing vendors, as described by OpenSSL themselves. Doing that would really be incompatible with the crusade LibreSSL is on though, because the result is believed by some to be less secure than using a library that isn't bound to the FIPS process. I don't see those developers ever accepting a process that prioritizes code stability over security.
-
Re:Whatever you may think ...
From the proof-of-concept page I mentioned above.Conclusion
It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed.Here is the Github repo for the PoC code.
This PRNG is not the NSA making a crypto system stronger ala DES, it's a backdoor. -
Re:Whatever you may think ...
[sorry, link screwed up in my reply, should have checked more closely.]
There is also a nice proof-of-concept backdoor with a link to the github repo. -
Re:No shit?
In fact, they are making other nations, groups of people and individuals easier to listen US citizens and companies communications. By weakening the Dual_EC_DRBG pseudo random number generator they made it interceptable not just by them, and here is a proof of concept. The most objective thing is controlling US population, the other nations are less prioritary.
-
Traitors, the lot of them
I found the shill! You're also a jackboot licking, spineless, and wretched excuse for a human being.
You didn't read TFA or TFS or even The Fucking Headline. How is a publicly posted (on Github) proof-of-concept with accompanying explanation in detail (in TFA) "in the hands of the NSA only"? If you're actually concerned about foreign governments or terrorists, this sort of behavior is the most egregious possible: it makes ALL of us less safe. You think that China doesn't have cryptographers at least as good as this guy I've never heard of before? That which is in the power of one fool to do is also in the power of another. The bottom line is that those supposed to protect us shirked their duty. They are traitors. By paying money to promote an algorithm with a known backdoor as secure, for the use of the very citizens they protect, they actively aided the enemy. Hang them all.
aris@kalix86:~/dualec$
./dual_ec_drbg_poc
s at start of generate:
E9B8FBCFCDC7BCB091D14A41A95AD68966AC18879ECC27519403B34231916485
[omitted: many output from openssl]
y coordinate at end of mul:
0663BC78276A258D2F422BE407F881AA51B8D2D82ECE31481DB69DFBC6C4D010
r in generate is:
96E8EBC0D507C39F3B5ED8C96E789CC3E6861E1DDFB9D4170D3D5FF68E242437
Random bits written:
000000000000000000000000000000000000000000000000000000000000
y coordinate at end of mul:
5F49D75753F59EA996774DD75E17D730051F93F6C4EB65951DED75A8FCD5D429
s in generate:
C64EAF10729061418EB280CCB288AD9D14707E005655FDD2277FC76EC173125E
[omitted: many output from openssl]
PRNG output: ebc0d507c39f3b5ed8c96e789cc3e6861e1ddfb9d4170d3d5ff68e242437449e
Found a match !
A_x: 96e8ebc0d507c39f3b5ed8c96e789cc3e6861e1ddfb9d4170d3d5ff68e242437
A_y: 0663bc78276a258d2f422be407f881aa51b8d2d82ece31481db69dfbc6c4d010
prediction: a3cbc223507c197ec2598e6cff61cab0d75f89a68ccffcb7097c09d3
Reviewed 65502 valid points (candidates for A)
PRNG output: a3cbc223507c197ec2598e6cff61cab0d75f89a68ccffcb7097c09d3 -
Good article
The link above is a very good introductory article on EC cryptography. If you know a little math but have no background in elliptic curves, this is a good introduction. Well worth reading.
Clearly explained at an introductory level, with Wikipedia links for the assumed terms.
Topical, singular (ie - it's the first one currently, a news "scoop" if you like), technical, and important.
Lots to like here - Slashdot needs more articles like this.
-
Re:Why you shouldn't use OpenSSH
Here. Notice I'm not the parent poster and I don't really care about De Raadt's attitude (and I use OpenSSH and OpenBSD daily and I have never tried libssh, I just know it exists).