Slashdot Mirror

RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens on mobile devicesâ"smartphones, tablets, and PCsâ" and transform them into intelligent security tokens.

Not that new.
Its been around since 2009 at least. The term is best explained by the above article.

However the RSA has started slinging this name about in 2012.

The hallmark is simply planting your malware where your targets often go.

I was also skeptical when I first saw the news articles (like this one) that said that RSA had published a statement where they supposedly refuted the existence of that NSA deal. The existence of the deal was originally broken by Reuters in this article, where they cite "two sources familiar with the contract" as their sources. But then, after more in-depth analysis of the RSA blog post where they supposedly "denied" the existence of the deal, it was revealed that actually RSA neither denied nor acknowledged that such deal existed in their statement. They are just using general wording to give an impression, that they would certainly never do such thing. But they are not directly denying the existence of the deal.

Now, thinking logically, it's pretty damn clear that they would have denied that such a deal was ever made, if they were in the position of making such a claim. But given they don't directly deny the claims presented by Reuters, it would seem a much more logical explanation that the deal indeed was made, and RSA just went into damage control mode after the publication of the Reuters article. Lying to the public would have meant more damage if Reuters would have later been able to present the actual paper of the deal, so I suppose we can take their lack of directly denying this deal's existence as an admission of sorts. This is also the reason why speakers are canceling their appearance in the conference ("Your company has issued a statement on the topic, but you have not denied this particular claim.")

So, I think we have grounds to believe that there is actually quite much truth to the original story by Reuters. As they say, the deal was "handled by business leaders rather than pure technologists". I am pretty sure that this is a yet-another example of a major manager-level f*ck up. Tech companies very often have all the expertise on the technical personnel level, while managers are a "necessary evil" who often have much fewer insight into the technical field where the company actually operates. Of course, anyone with even the slightest idea of how the IT security field functions, would never ever endanger their company's credibility (at least for such little reward as $10 million), because deals like this tend resurface in the public sphere sooner or later. All we can assume that someone in the management made a very major f*ck-up and made this secret deal with NSA without much consulting from the technical folks. But I am pretty sure that now that this deal has surfaced in the public sphere, it will end up costing RSA a great deal more in lost sales than what the "business leaders" anticipated they could gain in short term from making the deal with NSA.

The question isn't whether they had a contract, but what the contract did. Did they conspire to introduce weaknesses into their product? They deny that. Claiming that if they don't deny there was a contract makes them "guilty" is playing games.

RSA Response to Media Claims Regarding NSA Relationship

Doesn't really look like a "qasi-denial."

RSA Response to Media Claims Regarding NSA Relationship

Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security. .....

RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.

Secondly, RSA didn't categorically deny anything. Go parse their statement carefully. They've denied a specific scenario with several criteria, that's it.

The quote is right there on the RSA's site..
and the first sentence says:

Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

They rattle on about with a bunch of marginally relevant stuff, then follow up with:

RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.

Two "categoricallys" within the half a page of text, and you missed both of them.
So right away, you are wrong. Clearly you didn't bother to read their statement at all.

The word categorically can never apply to a specific scenario.

Can they be innocent in all this. Its not inconceivable, they could have been duped by the NSA. But in that case they are incompetent, so the stigma still attaches.

Please read the complete RSA press release and parse it carefully: https://blogs.rsa.com/news-media-2/rsa-response/

They don't deny that they entered into a deal. They deny that they entered into a deal "with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products". In other words, there was a deal, but they are insisting that they didn't realize at the time that the algorithm had a backdoor.

If there was no deal at all, they wouldn't have felt a need to qualify the denial with the above quoted text.

Look how the BBC fucked up the reporting of this: http://www.bbc.co.uk/news/technology-25492461 https://blogs.rsa.com/news-media-2/rsa-response/

RSA's official response is limp and evasive. It makes no mention of the $10M payment. Even the PR spokesliars couldn't turn this truck load of pig shit into a silk purse https://blogs.rsa.com/news-media-2/rsa-response/

> We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

Then why did they have to pay you to use a 'good' algorithm? If all they had to do is convince you it was awesome that would have been enough. How fucking dumb do you think we are?

> This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.

Fuck you, RSA. You made it the default, knowing most people would trust and use it for that reason. You fucking well know if one of the options was starred 'NSA paid us $10M to make this one the default' no one would have touched it. Remember the public suspicion when Microsoft's NSAKEY was discovered. Don't bullshit us that RSA didn't know about that.

> We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.

Then you should have gone back to NSA and said "Hey look, you paid us $10M to use a flawed algorithm. You are supposedly experts in encryption. We aren't stupid. What the fuck are you trying to pull on us and our customers?"

And that's the scenario that assumes they *didn't* know.

> When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.

Fuck you. It was out in the open by then. You could hardly hide it them, and you still didn't warn your customers their data might have been compromised.

> RSA, as a security company, never divulges details of customer engagements,

Like $10M Bribes? Or agreements with one customer to fraudulently sell flawed software to other customers? I bet lawyers everywhere can smell big class actions off this one!

> but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSAâ(TM)s products, or introducing potential âbackdoorsâ(TM) into our products for anyoneâ(TM)s use.

Oh fucking puleaze. "intention" is a bullshit cop out that means you did it but didn't fucking us over wasn't the primary reason. If that $10M was so clean, show us the contract and the minutes of meetings. If you don't, don't expect us to trust you. And if they don't exist even though this is all above board, why?

RSA is either incompetent or malicious. Either way it can't be trusted again. Security companies can't operate unless their customers trust them. RSA is dead.

Well, we could pick at their wording, but assuming we take their use of the word "categorically" to mean what the word means, it's rather hard to suggest that they intended to say anything other than what their statement says on the surface: it didn't happen.

Obviously they could be lying, but so could Reuters, or maybe Snowden forged the documents, or maybe Reuters simply misunderstood them, or maybe it's just some sort of bullshit NSA internal documentation intended to mislead any spies who happen to steal the information. (...and it did get stolen, which almost seems to kick that last idea into the realm of possibility.)

Hell, now that I think about it, that might also explain Google et. al.'s denial of their involvement with the NSA as well. I mean, if you can't actually spy on everything your enemies do on the internet, you might just settle for convincing them that you can, so that they're afraid to use the internet and are therefore at a disadvantage by not utilizing a valuable tool. It might also cause them to choose methods of communication that you can easily monitor.

Maybe Edward Snowden stole a honeypot. Wouldn't that just be hilarious? Has he revealed anything that's independently verifiable?

Time to turn your geek card in and take some remedial classes in public key cryptography 101. Reading up on it will take only a couple minutes more than it did to type out your terribly misinformed and horribly wrong post. Try http://www.rsa.com/rsalabs/node.asp?id=2165

It's called a bread pudding protocol.

If they actually cared about providing security to their customers instead of covering their own asses they'd have kept their customers fully informed, but they didn't.

Have you read their statement? They *still haven't* kept us informed. All they've said is that they'll replace the tokens, and that "the information taken from RSA in March has been used as an element of an attempted broader attack on Lockheed Martin".

Nowhere have they said that the seeds are compromised, nowhere have they told us exactly what information was leaked, only that the leaked information played a role in the LM attack.

The mind boggles.

Here is a link to RSA's official statement made yesterday. They are offering to replace tokens for "customers with concentrated user bases typically focused on protecting intellectual property and corporate networks".

That is corporate VPN, not the people who use tokens issued to get to websites, such as banking info.

It is easy to thwart this attack, require a password in addition to a one time use RSA SecurID. eBay, PayPal, WoW and several banks already use this method of authentication.

http://www.rsa.com/node.aspx?id=1156

What the heck would your "preferred" system look like?

Like this.

Phones are out because I'm not really related to any specific phone. I may have my cell phone with me, or I may be at home, or I may be at the office, etc. And as I mentioned elsewhere, I don't trust Google with the price on last year's snow, let alone my phone number. I don't use SMS at all and it is disabled on my phone.

Authentication software on smartphones is also out because I don't have a smartphone and have no desire to ever get one. They are too bulky for my taste, and the mandatory (on AT&T) data plan adds nothing to my life - I'm near computers all the time already (except when I'm driving, and then I don't need a computer anyway.)

The Yubikey is a good idea, but it suffers from the need to have a USB port. On the other hand it does the input for you. Still I'd put a classical RSA token above Yubikey because it is a self-contained device that requires no hardware access to operate. This may be important if you are at a kiosk or at an Internet cafe where USB ports are disabled or inaccessible. If Gmail starts supporting RSA tokens then I will gladly buy one myself. If they support a mix of tokens then I'd be happy with Yubikey at home and an RSA token in my pocket.

The printed sheet of numbers is a hassle to carry, but in a pinch it will do.

That's only about equivalent to an 80-bit symmetric key. Back in 2003, RSA itself predicted that RSA1024 would only hold until approximately 2006 - 2010, though we're a bit behind that as the largest key thus factored (by civilians) is RSA768.

There are also other attacks, such as exploiting the probabilistic primality tests used in key generation, and hash collisions with the MD5 or SHA1 hashes used for key signing on OMAP hardware.

You are right, here's RSA themselves on the subject:
http://www.rsa.com/rsalabs/node.asp?id=2187

Personally I’m all for a one time password key token type device. You have a little key fob dealie generating numbers via a stream cipher at an interval (and with a key) synced with your bank.

You mean something like this???

Between my wife and I, we have about a half dozen of them to be able to get into client VPNs. They work like a charm.

Of course, if someone steals it from you and knows your obvious password which you had written down, they don't stop a damned thing.

I've always thought the SecurID system was interesting. If you're not familiar with it (and are too lazy to click the link or google it), it involves a little keyfob receiver that displays the current numeric password. The numeric password changes every 60 seconds (which might be configurable at the transmitting end), and is meant to augment your existing credentials.

For example, there may come a day when airport security could demand you disclose your passwords when they find you are carrying storage with encrypted content ...

    There's an easy, and preferred solution to that. Don't carry your data with you. Use an encrypted channel, and send the data up to your secure points. Explained simpler, use a VPN to work on your VPN accessible server. All your laptop is at this point, is a dumb terminal.

    Besides the OS, the only data that has been on my laptop are maybe photos taken during the trip. If they ever decided to scrutinize my data, they may find tourist snapshots. Obviously, they'd see the VPN connection software, but you're under no obligation to provide the credentials. Having a plan in place that simply states if someone should be held against their will by the government, their credentials should be considered compromised and must be changed immediately. At the outside, that could mean handling an interrogation (refusing to say anything) until the keys would have been changed. It would be simple enough to provide wrong credentials with an explanation "they revoked my credentials already." It could be overexplained that you must check in with your RSA SecurID which you do not have in your possession.

    We had this plan in place at one shop I was at. And no, we didn't have any top secret data. :) If folks didn't check in at boarding time, or check in after they got out of the airport, their credentials were to be removed immediately. If this happened, they would be reinstated after verifying that they were no longer under duress. We never had to use it though. The only times it was invoked were when the person in question failed to call in or show up to work. :)

    I still haven't seen the TSA nor any other law enforcement agency actually demand credentials for a computer, or a subset like an encrypted partition, unless they already had probable cause for that information. I, as a fine upstanding citizen, have been patted down, my luggage examined, stood in the "totally safe" backscatter X-ray machine, and my private parts touched for the sake of security. Sometimes on a long business trip, that makes up for it. :) I've only been told to turn on my laptop once, and when I told him the battery was dead, that was the end of the story. Is there a subset of Slashdot that has red flags coming out of their asses, or are there just a few too many conspiracy nuts around here, believing government thugs are hiding around every corner?

Noting that in this case, the malware did not bother hiding the messages, but just posted them as notes instead

Not that complex... relatively friendly to newb's and other people who aren't super technically adept... and does a nice job. If you need more security, it's time to switch to SecurID and give everyone a token.

I was going to chime in about smart cards being more appropriate for local access than SecurID tokens, but I just discovered this =D
http://www.rsa.com/node.aspx?id=1215

What does this OpenSSO do for me that Kerberos doesn't?

If Oracle wants to do something useful with the Sun assets, they should kill off java. Java is an abomination upon the IT world. I have yet to see a well-written unbloated java app.

Case in point: RSA rewrote their entire SecurID one-time token server in java. What used to be a fast, nimble application that started within 15 seconds now takes 15 minutes to start. RSA recommends 60 gigs of free space. The previous version required 200 megabytes.

What does this OpenSSO do for me that Kerberos doesn't?

If Oracle wants to do something useful with the Sun assets, they should kill off java. Java is an abomination upon the IT world. I have yet to see a well-written unbloated java app.

Case in point: RSA rewrote their entire SecurID one-time token server in java. What used to be a fast, nimble application that started within 15 seconds now takes 15 minutes to start. RSA recommends 60 gigs of free space. The previous version required 200 megabytes.

RSA Labs explains the meaning of factorization in the old Challenge FAQ:

http://www.rsa.com/rsalabs/node.asp?id=2094

Look at the section, "What does it mean when a Challenge Number is factored?"

It is interesting to note that this section of the FAQ makes an example of RSA-768 being cracked in 2010 -- turns out they were very close, whether they tried to be or not (the article states that the number was actually factored in Dec 2009).

They're comparing the relative strength of a 768 bit RSA key to a 1024 bit RSA key. Because of the mathematical correlation between the public and private keys, the strength is nowhere near 2^768 or 2^1024. RSA has created a comparison table for RSA -> symetric cipher strength.

1024 bit ----> 80 bit
2048 bit ----> 112 bit
3072 bit ----> 128 bit

However, "1000 times stronger" seems far too small, in any case.

Source: http://www.rsa.com/RSALABS/node.asp?id=2004

As a crypto geek, I wanted to know more so I read the original post where "FloppusMaximus" disclosed the first key (for TI-83). It turns out that TI was using an RSA key of only 512 bits(!) This is extremely short: keys shorter than 1024 bits are considered unsafe, and in practice the largest semiprime ever factored was 663 bits (see RSA-200 challenge). Why was TI even using such small keys? It can't be cost, chips doing 1024-bit RSA cost less than $1. TI almost deserved what happened, if only to teach them a crypto lesson.

Your interpretation of the law is inaccurate. ask RSA.

and no, not everyone has nuclear technology, but containment of the information, which has been our national security strategy, obviously isn't working, or the news wouldn't be so full of reports of countries happy to show off their newly developed technology. Strangely it's somewhat difficult to keep the laws of nature a secret.

Would it be too much trouble to give customers an RSA SecurID, so it would be impossible for them to give their password to some third party person, without being ultimately stupid, and handing them a physical device. Real two factor authentication would be great. Something you know (a password), and something you have (RSA SecurID), should be the minimum for logging into any bank account.

I don't have too many good things to say about RSA but they actually do have challenge-response capable tokens. http://www.rsa.com/node.aspx?id=1311

Give everybody their own RSA ID tag. You know, those little keychain things that spit out a new random number every 1 minute based on some secure cryptographic algorithm. That way you could prove your identity (or at least that you had your device) at any point in time, yet nobody could use that information to prove your identity at a future point in time. There would be a process for reporting a lost device, followed by a whole bunch of verification to ensure that when a new device was granted, that it was granted to the correct person. Wouldn't be fool proof, but would be much better than any current system I've seen.

http://www.rsa.com/rsalabs/node.asp?id=2333

I would like to see if you could pull off an interesting idea. See if you can get the Nepal government to allow the citizens to use whatever level of encryption they see fit. I believe my government does not allow an encryption level so high that they can never hope to crack it. It's strange, companies are allowed to implement DRM at whatever level they see fit yet I'm restricted, especially if it might be exported.

Take a look at this and see if you can get your country grouped into level 1 at the bottom of the page. Unrestricted levels of encryption would be a nice liberty to enjoy.

they phone you with an access code

Yikes, somebody PLEASE tell them about SecurID.

Why make up a story title whose claims are unsupported by TFA? Nothing was 'cloned' here.

The cloned chip article is here;

http://www.rsa.com/rsalabs/staff/bios/ajuels/publications/EPC_RFID/Gen2authentication--22Oct08a.pdf

It was on pasport and Washington Driver license chips.

How did you test this to make sure?

In a link in the old article was the full testing. In a nutshell, they cloned some Washington Drivers licenses into the same chip. Then tested sending the kill command at low power, when there is not enough power to complete the operation, the chip reports a low power comman fail. After the power needed to produce low power fails and kills, it was tested on real licenses to see if the kill was enabled or protected by a PIN. It is unprotected.

Here is the info;
PDF alert http://www.rsa.com/rsalabs/staff/bios/ajuels/publications/EPC_RFID/Gen2authentication--22Oct08a.pdf

See table 4 in the PDF for the kill bit testing on Washington State Drivers Licenses.

When the Nintendo DS came out, RSA made it well known that its code protected the games Now I don't hear so much from them about this. Maybe it's not their best example of protecting data?

This press release is really misleading. In the last two years, RSA only surveyed these three cities, no others. So London is the world's wireless capital when they only surveyed NYC, Paris, and London? Not really.

Besides, the gross number of wireless network doesn't tell us much. A per capita figure would have been a more useful comparison. NYC metro has 17 million people, London 8 million and Paris is at 9.6 million. It also looks like they only focused on the city's "financial hubs."

If you read further into the press release, you see this other interesting note, most networks are closed:

However, New York City remains the leader in regards to its concentration of hotspots. At 15%, New York City is well clear of London where just 5% of wireless access points were found to be hotspots. In Paris, hotspots represented 6% of all the access points we located.

Press Release: http://www.rsa.com/press_release.aspx?id=9725
Survey Results: http://www.rsa.com/node.aspx?id=3268

This press release is really misleading. In the last two years, RSA only surveyed these three cities, no others. So London is the world's wireless capital when they only surveyed NYC, Paris, and London? Not really.

Besides, the gross number of wireless network doesn't tell us much. A per capita figure would have been a more useful comparison. NYC metro has 17 million people, London 8 million and Paris is at 9.6 million. It also looks like they only focused on the city's "financial hubs."

If you read further into the press release, you see this other interesting note, most networks are closed:

However, New York City remains the leader in regards to its concentration of hotspots. At 15%, New York City is well clear of London where just 5% of wireless access points were found to be hotspots. In Paris, hotspots represented 6% of all the access points we located.

Press Release: http://www.rsa.com/press_release.aspx?id=9725
Survey Results: http://www.rsa.com/node.aspx?id=3268

Apologies for replying to my own post, but I found the list in this PDF document:

Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Talisman-controlled (sic) (Taliban-controlled?) areas of Afghanistan as of January 2000.

(Although there are nine -- counting "Talisman-controlled areas of Afghanistan" -- listed, not 7.)

-- Glenn

That's because a certain amount of fraud is part of the cost of doing business. Stores occasionally take returns of goods which were perfectly OK (until the buyer got their hands on it...), insurance companies occasionally receive claims for a house where the owner perhaps might know a little more about the fire than they claim to. And banks occasionally find people trying to defraud them of money.

The nature of that fraud may or may not involve someone on the inside. Given the number of people employed by most banks, it's practically inconceivable that every single employee is 100% honest. The fraud may be a million people stealing £1 or one person stealing £1 million, but it will always be there.

Fighting that fraud costs money. If a bank calculates that a new measure to fight fraud will cost £10 million but is only expected to save £500,000 worth fraud per annum, enacting the measure makes no sense.

Replacing every customer's credit card with something akin to an RSA SecurID card would mean reworking your systems so they don't expect a single, unchanging card number to tie to the account.

It would mean working with Visa to have such a card accepted as a Visa card worldwide.

It would mean updating every merchant terminal in every merchant in the world to work with the new system.

In cases where the merchant has decided not to use terminals and instead integrate accepting cards directly with their PoS system, it would mean asking these merchants to update their system or they won't be able to accept such cards.

This would be obscenely expensive and have obscene risk because it's not an incremental change like chip & PIN was. I can't see it being even remotely practical.

At my work we use two-factor authentication. (We use RSA SmartID tokens and a RADIUS server, but other similar systems are available.) Two factor authentication relies on something you know (in this case, a PIN number), and something you have (in our case, a hardware key-fob that generates a pseudo-random number every 60 seconds). We use this to allow VPN connections into our network while on the road.

The price for these tokens is coming down to the point where banks are considering giving them to their customers who wish to bank online, I don't see why universities couldn't use them to allow access to their network, whether via Ethernet or wireless.

If your keyfob is lost or stolen, you report it immediately and the IT department disables that fob and issues a new one, presumably with a fee. Otherwise, you are held accountable for whatever is done with your account.

I'd imagine that this fob would also allow you to access any of the other services that are typically offered online by universities (access to library resources, registering for classes online, etc).

It's not that difficult to store information as to which IP address is issued to which account during which time, we do it at work.

Unfortunately there are still a lot of legit uses for SMS. Many IT departments use SMS for contacting on-call staff. When I'm on call (one week out of every six) I have the option of getting paged via SMS's to my cell phone or carrying around a Skytel pager. A lot of folks I know prefer the SMS route since it means one less gadget they have to carry around.

Bank of America has recently rolled out a new security feature for their on-line banking that relies on SMS that they call SafePass. You register your mobile phone number with your account and when you want to log into your account they send you an SMS with a random 6-digit code. You then have to enter that along with your PIN to log in. It provides additional security since phishers can't easily get that random code off of your mobile phone, and each code expires after 15 minutes. It wouldn't surprise me if you start seeing more on-line systems using something like this to enhance security. It's basically a poor-mans RSA SecurID since most people have mobile phones these days.

http://www.rsa.com/rsalabs/node.asp?id=2007

linear time factorization cannot be achieved without a quantum computer. Without a linear time factorization algorithm a 1024-bit RSA encryption would take a government organization with millions in dedicated hardware decades to crack. http://www.rsa.com/rsalabs/node.asp?id=2007

Take a look at RSA: http://www.rsa.com/node.aspx?id=1267

We use RSA two-factor ID key-fobs. My password is an 8+ didgit standard chain of numbers which I set to which you then add another 8 numbers generated by the key-fob which are changed every minute. Each fob is unique and about the length of a matchbox and one third of its width. http://www.rsa.com/node.aspx?id=1156

/Crafack

There is a reason why the RSA Factoring Challenge is no longer active.

RSA-640 took approximately 30 2.2GHz-Opteron-CPU years to crack according to the submitters, over five months of calendar time. (This is about half the effort for RSA-200, the 663-bit number that the team factored in 2004.)

I can guarantee you that the NSA has a processing farm with a LOT more than 30 CPUs.