Slashdot Mirror

See, a rational person would have looked at what's going and concluded that the NSA's position is "of course you're more likely to be an extremist" rather than "of course you must be an extremist".

This is a comment in the actual code used by the NSA:

/* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */

The source also says the NSA refers to "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

So yes, the NSA, in their own words, do indeed believe if you use TAILS, or read The Linux Journal, you are an extremist.

I'm appalled that your post has been modded "informative." Please do us all a favor and abstain from any future posts on cryptography. Instead, I recommend you spend your time with resources like Applied Cryptography. Seriously, please put down the shovel, and if you're doing anything involving crypto for a living, please do the world a favor and resign today.

Bruce Scheneir wrote in his latest newsletter: The NSA is Not Made of Magic https://www.schneier.com/crypt... Details of his below...but the point is...there is no conspiracy...DES worked when it was long enough. I am regularly asked what is the most surprising thing about the Snowden NSA documents. It's this: the NSA is not made of magic. Its tools are no different from what we have in our world, it's just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is Metasploit with a budget. QUANTUM is AirPwn with a seriously privileged position on the backbone. The NSA breaks crypto not with super-secret cryptanalysis, but by using standard hacking tricks such as exploiting weak implementations and default keys. Its TAO implants are straightforward enhancements of attack tools developed by researchers, academics, and hackers; you can buy a computer the size of a grain of rice, if you want to make your own such tools. The NSA's collection and analysis tools are basically what you'd expect if you thought about it for a while. That, fundamentally, is surprising. If you gave a super-secret Internet exploitation organization $10 billion annually, you'd expect some magic. And my guess is that there is some, around the edges, that has not become public yet. But that we haven't seen any yet is cause for optimism.

Well it has been done before and this seems like something that would be accessible when in operator mode.

Remember 'reflections on trusting trust'?

That again?

With that said, this is just ridiculous. What if you're actually the only sentient being in existence, and everything is just part of your dream? What if we're all in the matrix? What if, what if, what if!

Personally, I don't care about vastly unlikely possibilities. Something needn't be 100% safe for me to use it. Obviously. I don't see why people are obsessed with all these vastly unlikely possibilities.

I'm waiting for Bruce Schneier's final take on this.

Right now he is throwing up his hands and saying "WTF?"

https://www.schneier.com/blog/...

By: Anon | 05/2014

Fiction: Do you remember the scene near the end of the movie Scarface where the group of criminals conspired in an attempt to remove an individual speaking out against them before he spoke at the UN? (UN - IIRC)

Reality: Do you remember the individual who died just shortly prior to speaking out about pacemakers (and possibly other technology) and how they are vulnerable to hacker attacks?

Possibility: Sn0wd3n and/or others about to deliver a speech which mentions the useful tool TrueCrypt to a wider audience - TrueCrypt project dies.

I'm interested in the results of the complete TC code audit, but give this comparison some thought.

However, I was concerned about the project when releases ceased after 7.1a. There were steady releases up until that time and I'm curious if 7.1a was released as low hanging fruit with a backdoor and the site was allowed to operate for a few years before closing shop when the hunger for enough interesting people who downloaded/used TC was satisfied.

TrueCrypt WTF @ Bruce Schneier blog
https://www.schneier.com/blog/...

Also contains TC posts:
https://www.schneier.com/blog/...

By: Anon | 05/2014

Fiction: Do you remember the scene near the end of the movie Scarface where the group of criminals conspired in an attempt to remove an individual speaking out against them before he spoke at the UN? (UN - IIRC)

Reality: Do you remember the individual who died just shortly prior to speaking out about pacemakers (and possibly other technology) and how they are vulnerable to hacker attacks?

Possibility: Sn0wd3n and/or others about to deliver a speech which mentions the useful tool TrueCrypt to a wider audience - TrueCrypt project dies.

I'm interested in the results of the complete TC code audit, but give this comparison some thought.

However, I was concerned about the project when releases ceased after 7.1a. There were steady releases up until that time and I'm curious if 7.1a was released as low hanging fruit with a backdoor and the site was allowed to operate for a few years before closing shop when the hunger for enough interesting people who downloaded/used TC was satisfied.

TrueCrypt WTF @ Bruce Schneier blog
https://www.schneier.com/blog/...

Also contains TC posts:
https://www.schneier.com/blog/...

And it will be interesting to see what Bruce Schneier finally has to say about it: https://www.schneier.com/blog/...

It's OK to write down your password. Just keep the card in your wallet instead of on your monitor. You probably already keep a piece of plastic with your credit card number on it in the same wallet anyway.

I know we're all joking around here, but there's some people that still haven't been caught up on why this is a non-issue.

In short, for those of you who want to know how you can trust that your compiler doesn't have a backdoor in it, you do this.

Why is your security code depending on undefined behavior?

https://www.schneier.com/blog/.... Also OpenSSL-related, funny enough.

It should make sense to you.

A keyboard is easier to intercept than hardware, won't get bios flashed, and will never be ROM checksummed by most people. When embedded, it may last for years -- has a reliable power source, and a handy hardware spec ... (USB).

As a USB device, it's capable of emulating virtually any other driver that can run over USB -- such as bootable drives, network appliances, and of course... sending keystrokes.

If you read the TAO catalog (he used to have a post of the day over at schneier.com), you can verify for yourself that there are established off-the-shelf (to NSA) components capable of being inserted into a keyboard (drop in usb port replacement, chips, or wiring) that could be dropped into keyboards. Their systems tend to set up their own wireless channels.

To save you the thinking and googling you won't do...

http://arstechnica.com/informa...

https://www.schneier.com/blog/...

To be *really* clear, the keyboard intercept capabilities are nothing new at all -- I've bought hardware to do that off of Amazon, and you can too. The agency ones are presumably much smaller and probably better hidden ...

So yeah... when you're targeting somebody, you go through all channels. A keyboard is a good one...

You seem to have the wrong website for this. You should post this on Schneier on Security, https://www.schneier.com/blog/...
You'll need to work in the NSA as being behind it. However, I think you missed this year's contest, but there's always next year!

I thought that regularly changing one's password was unnecessary https://www.schneier.com/blog/archives/2010/11/changing_passwo.html. I thought that it needs to be changed if found to be hacked, but otherwise as long as its strong, there's no need to change it. So while promoting good password habits is a good idea, I'm not sure that "annually change all your passwords on the same day every year so that any eavesdropper/keylogger can look for possible password change activity on one day" is one of them.

BoomBoom wrote:
> So what's the incentive to create works? How is an author paid?

The author proposes a work. He finds customers who want it made. He sets a bounty level. The customers pay the bounty (if not, author revises his bounty or moves on to another idea). The bounty is held by an independent third party (escrow). The author makes the work. The author releases the work TO THE GENERAL PUBLIC and receives the bounty.

https://www.schneier.com/paper...

I'm not saying it's a perfect model (in particular there is controversy about non-paying users benefiting from other's payment), but unlike RMS, I am at least answering your exact question. ;-)

password's aren't echoed on the screen

Bruce Schneier agrees with Jakob Nielsen that mandatory password masking is another thing that needs to go away.

That's why I actually have a password list on paper ...
At home, in my apartment

Bruce Schneier actually recommends writing your passwords down. He says "in your wallet" rather in "your apartment" but yeah, he recommends it for most people.

When people tell me not to write passwords down, I point them at Bruce and say "argue with that guy."

https://www.schneier.com/blog/...

--
BMO

Bruce Schneier considers writing down passwords to be acceptably secure. Carrying around a card with your passwords on it isn't really any less secure than carrying around a piece of plastic with your credit card number embossed on it.

Clients are also affected. https://www.schneier.com/blog/...

It has been suggested that by tampering with the masks late in the process, you could sabotage functionality with very few people being in on it.

Discussed to death on Bruce Schneier's blog. Long story short: The draining is part of a political fight between two groups who want to control and monetize the water supply. All in a city of nuts who, in this day and age, drink untreated water direct from uncovered reservoirs and streams. A lot of things to worry and wonder about there...

https://www.schneier.com/blog/archives/2014/04/reverse_heartbl.html

What he has shown is what was already known, that it is possible to generate a backdoor with the technology, not that an actual backdoor exists in the specification. It is like showing that anti-lock brakes can fail in a particular way, but not that the brakes of a particular model have that flaw. I understand the concern. I understand the suspicion. But the actual proof isn't there.

Although this isn't a direct comparison, if you want to liken it to DES, people generated various alternates and random S-boxes for that to test too. They tended to not work as well as the S-boxes that NSA generated. Did that mean that the DES specification was bad? No.

Did NSA Put a Secret Backdoor in New Encryption Standard?

What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.

Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does.

A backdoor is possible, but we have no way of knowing if one exists. You can generate the curve numbers without there being a backdoor, and that is simpler.

Rather misleading article and slant there. It implies that the NSA deliberately took action to make TCP/IP insecure. However, in reality, the NSA merely didn't contribute their classified work towards the specification of TCP/IP.

Yes, Slashdot is rather sad these days.

But the NSA isn't just about withholding classified information. The NSA is about weakening encryption standards. Vint Cerf said he would have used encryption if he had the opportunity to do it over again. The Internet community had such an opportunity, IPv6 with IPsec, and the NSA bungled it up.

IPsec doesn't involve the routers, because that would kill performance. IPsec is designed to handle different algorithms, so you don't need to support the same broken algorithms indefinitely. But the IPsec spec is a horrible design that in practice has made it very little used outside of very professional environments with very full-time engineers to keep it running.

I've done an analysis based on what's in their paper and posted it to Schneier's blog. Link below.

https://www.schneier.com/blog/...

Spoiler: it's not trustworthy but it's good work in progress.

Nick P
Security Engineer
(High assurance security focus)

I posted my rebuttal to and analysis of this on Bruce Schneier's blog. Link below. https://www.schneier.com/blog/...

on these goings on, including some exceptional conversations.

https://www.schneier.com/

also, search his blog entries here:

https://www.archive.is/

fantastic free page archival service.

Bruce Schneier did not boycott the RSA Conference. Instead, Schneier also attended TrustyCon.

However, if you do use "good" passwords, chances are that you're also able to educate yourself enough about encryption to make - at least - an educated guess about the strength of an encryption scheme.

You're not getting it. Even Bruce Schneier says encryption is hard to get right. While the encryption scheme may be fine, the actual implementation may be utter crap (or subtly flawed). Trusting the encryption as your only line of defense is unwise.

Appeal to authority much, eh? It's right that you have to trust the implementation. But then again, you have to (and do) trust many implementations in real life every day. Stuff that could actually KILL you if the implementation was "utter crap (or subtly flawed)". For starters: Think everything you eat, drink and use for transportation. That's why I was talking about making an educated guess.

In most companies...

This entire paragraph is just filled with speculation. You don't know the internal business practices of the cloud services any better than I do. Why would you assume that they care about security and separation of access privileges?

I would assume that because a company wants to earn money and especially in cloud service providers there is so much competition that they couldn't afford to screw up even once. The least thing they can do to avoid that is to avoid being grossly negligent about security. Especially when their main selling point is the prospect of security.

1. 2. 3. 4.

If you can't imagine solutions to simple problems like this, how do you feel qualified to judge the quality of encryption software?

As to 5, none of this relates to someone who wants to steal your passwords (as I specifically said in the post you responded to). This is more about mass harvesting of data in the cloud as is commonly done with credit cards, etc. Can you really not see the value in having access to hundreds or thousands of bank accounts?

If you think not blindly trusting random people at companies is paranoid then there's nothing I can say to convince you otherwise.

1. was a rethoric question and answered right away. 2. isn't as obvious as you make it sound... a proper true crypt container isn't easily distinguishable (if at all) from a massive file of just random data 3. and 4. are concerning the "Any random employee, hacker" figure... also: I don't store my bank account credentials anywhere...

besides: it's easier to get access to hundreds or thousands of bank accounts by fishing than by stealing and breaking massive amounts of encrypted data... I didn't say not blindly trusting random people at companies is paranoid, did I? Interesting rethorics on your side...

My main point still stands however: things like lastpass are fine for password storage, sync and transfer if used right because for most attacks on private data and credentials there are more efficient vectors: general, mass scale: fishing and malware via ads work just fine... targeted: well, let's not elaborate in detail about this, but in case of a targeted attack, it's probably any physical, offline vector you could think of...

The biggest weakness with any crypto currency is not the Maths but the outside influences or side-channel attacks.

c.f. Rubber-hose_cryptanalysis

What are your views on the recent NSA activities and how do you think it will change free software & the internet?

Along those lines, I've casually followed Richard's advocacy of open hardware for a while. I didn't truly understand the need until I started to read some of the Snowden briefings on things like SWAP, which is almost as terrifying as the undetectable router exploits they've been deploying for five years or more.

This leads to the inescapable conclusion that one cannot have a secure computing system unless the entire stack is open, possibly right down to the CPU. I long ago learned not to dismiss Richard's ideas, but this one took an example to understand.

But still, now that we're just getting people to understand that in order to have secure software, it has to be free and open, very few appreciate that the whole thing is still vulnerable to secret hardware, and yet, secret hardware predominates the market and perhaps even owns the entire middle and high-end.

Question, then: how do we get from here to a free hardware ecosystem that can compete in the market with secret hardware?

"Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on the cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake into the ground and hoping that the adversary runs right into it. Smart attackers will just go around the algorithms." "Security Pitfalls in Cryptography", Bruce Schneier, https://www.schneier.com/essay...

Bitcoin uses cryptologic building blocks that have been around for years. On their own these algorithms have gone through extensive peer review. The challenge with cryptography comes in the implementation of the algorithms and the end-to-end protocols involved in the system. To quote Bruce Schneier "Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around." [1] [1] - https://www.schneier.com/blog/...

No, they proved they can invent made up scary data. I think this is actually stolen straight from Schneier's site. It's pure movie plot silliness. https://www.schneier.com/blog/...

However, if you do use "good" passwords, chances are that you're also able to educate yourself enough about encryption to make - at least - an educated guess about the strength of an encryption scheme.

You're not getting it. Even Bruce Schneier says encryption is hard to get right. While the encryption scheme may be fine, the actual implementation may be utter crap (or subtly flawed). Trusting the encryption as your only line of defense is unwise.

In most companies...

This entire paragraph is just filled with speculation. You don't know the internal business practices of the cloud services any better than I do. Why would you assume that they care about security and separation of access privileges?

1. 2. 3. 4.

If you can't imagine solutions to simple problems like this, how do you feel qualified to judge the quality of encryption software?

As to 5, none of this relates to someone who wants to steal your passwords (as I specifically said in the post you responded to). This is more about mass harvesting of data in the cloud as is commonly done with credit cards, etc. Can you really not see the value in having access to hundreds or thousands of bank accounts?

If you think not blindly trusting random people at companies is paranoid then there's nothing I can say to convince you otherwise.

Right here:

... given what we now know, do we trust that the government wouldn't abuse this system and kill phones for other reasons? Do we trust that media companies won't kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won't kill phones from delinquent customers? What might have been a straightforward security system becomes a dangerous tool of control, when you don't trust those in power.

And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.

I seem to recall a or (the) winning plot was an airliner crash that was solved because one of the investigators noticed a particular type of butterfly - not often seen - was quite plentiful fluttering around one window of the airliner. It turned out the butterfly was attracted to a certain chemical (sodium something sticks in my mind) and that lead them to swab the surfaces which then lead to the eyeglass frames of the passenger in the seat by the window.

Oh - google is your friend:

https://www.schneier.com/blog/...

and

http://www.slate.com/articles/...

You're welcome!

F.

Schneier in booth with RSA: https://www.schneier.com/

If you are required to have such a high level of security that this is not a good idea then you should use your memory. A failing memory means that you are not suitable for the job and should find something else, like working in a retirement home.

people can no longer remember passwords good enough to reliably defend against dictionary attacks

Bruce Schneier - 2005!!

Remember you can combine methods. Write down the beginning of the password and memorize an ending. One will defend against password crackers, the other against people who read from behind your back.

1. 1) BULLRUN - http://en.wikipedia.org/wiki/B...
2. 2) The exploit marketplace is greatly enhanced by the activities of the NSA. This marketplace drives the creation of new exploit. It threatens us all. The NSA never publishes an exploit. Instead, they purchase exploit. Again and again. Many times, they are purchasing exploit they already own, because they don't want to reveal what they own. It is inevitable that they frequently purchase info on exploit that they create. The exploit marketplace would collapse, if the NSA, CyberCommand and their consultants would just stop buying. The exploit marketplace would vanish, if the NSA freely disclosed a fraction (say 30%) of their exploits every year.
3. 3) Large networks of Bots can only exist at the sufferance of the NSA. Again, if the NSA wished, they could easily, trivially track the C&C of the large criminal Bots. Then they could be dismantled using the ShadowServer's infrastructure: https://www.shadowserver.org/w... Instead, it appears the NSA is maintaining the existence of the Bots for it own reasons.
4. 4) The lack of malware Epidemiology. The NSA could publish accurate statistics on incidence of malware. Again, the NSA is in a unique position to track the dissemination and activity of malware. With those stats, we could make accurate determinations of the effectiveness of different security measures. With accurate Epidemiology, we can move defense from superstition to science. Instead, it appears the NSA doesn't want effective defense.
5. 5) Spoofed DoS packets on the internet can only exist because the NSA tolerates them. If the NSA wished, they could easily, trivially identify all the sources of Spoofed packets. The NSA has enough listening points they can track a stream of spoofed packets back to it's source. Then those sources would be identified, fixed/shunned, and eliminated. Instead, it appears the NSA maintains those sources as cover for their own activities.

That is why Schneier is advocating the breakup of the NSA. We must remove the equities debate from their hands. One part will be driven by offense, the other by defense. And Offense will stop being able to suppress Defense.

I more or less agree with everything you just said. This blog by Bruce Schneier gives another nice perspective on it.

Since this type of encryption was recently brought up on Slashdot as an "IBM breakthrough," we may as well get Bruce Schneier's arguments debunking the practicality of it out of the way...

https://www.schneier.com/blog/...

You do realize that making people change their passwords all the time simply leads to people using weaker passwords or writing them down, right? This type of policy though up by some self-proclaimed security expert amongst the IT monkeys almost always leads to worse security than not. And you don't even need to take my word for it:

The downside of changing passwords is that it makes them harder to remember. And if you force people to change their passwords regularly, they're more likely to choose easy-to-remember -- and easy-to-guess -- passwords than they are if they can use the same passwords for many years. So any password-changing policy needs to be chosen with that consideration in mind.

https://www.schneier.com/blog/...

As for the rest of your rant^H^H^H^H post, it doesn't really make sense. You believe that a self-signed certificate will somehow "protect" you from the NSA? Who is somehow incapable of a MITM? Well, this, this and this may prove... enlightening. And while we're on the topic of "additional reading", may I also recommend "Alice in Warningland" - a study showing 70+% clickthrough rates for SSL warnings.

There are some other issues, like you mentioning wireless traffic. With WPA2 being the default, and with many modern wireless NICs no longer supporting promiscuous mode, it is often more difficult to sniff wireless traffic than to mount a MITM on a wired network (especially when the target is the victim's router - again, see the links above).

Security means encryption + integrity + authentication. Period. Anything less is no longer secure.

Emotion is a fact.

I take from this short statement the same sentiment that Bruce Schneier was speaking about, when he stopped whining about how everything "security theater" was completely irrelevant, and started exploring the real and tangible impact and importance of the feeling of safety IN ADDITION TO actual safety controls. You cannot just dismiss grandma's warm and fuzzy acceptance of strict authoritarian searches, you have to actually include it in the calculus, the whole of which can inform the security methodology.

Security is both a feeling and a reality. The propensity for security theater comes from the interplay between the public and its leaders. When people are scared, they need something done that will make them feel safe, even if it doesn't truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn't make any sense.

Religion is the same: you can't just dismiss religion, it's a palpable phenomenon for a large number of stakeholders. Often, you can coexist with their philosophy while still doing real science. Galileo wasn't locked up in house arrest for his science, he was locked up for being an ass to the church. The church actually had little problem with the already-common views on the shape of the solar system, and would have "come around" on the matter much faster without his goading.

To Wit Many weapons, though a common person cannot understand how they work, at least understand how they can be used and effective.

Hogwash. While it is true that such backdoors can created, and nation-states may have had backdoor tampering installed in the server, first -- it is not shown to be used, and firmware based attacks are also hard because they are hardware-specific, AND computer hardware varies widely. FOR NOW, you still do not need to worry about system firmwares. There are scant if any significant cases, where firmware backdoors have been leveraged by hackers.

I see post-compromise firmware backdoors firmly on my security radar, but it's not really a major threat or risk yet.

It's kind of like talking about ARP-injection based sniffing malware. It's certainly possible, but the bad guys have not reached that level of tooling or technological enablement just yet.

You obviously haven't been paying attention lately.

Bitcoin, at least, isn't run by a corporation, and has no say in transactions (like ordering antique violins destroyed)

i don't understand how bitcoin advocates can be so confident in the security of the system

after all, it's digital, and nothing digital is secure... ever

hackers (and governments) prove this repeatedly

most bitcoin advocates aren't security experts

even if bitcoin is secure today, there is no guarantee that it will be secure tomorrow

https://www.schneier.com/blog/...
not a comment by bruce himself, but one that i think rings true. its also the opinion of economic pundit peter schiff:
"Bitcoin, like the US dollar only has value when the vast majority of us believe it has value. Its intrinsic value to the community is that it enables exchange; if it has no velocity it has no value. Not eveyone believes Bitcoins have value nor is there an universally accepted value - some are made more cheaply than other (e.g no minimum hourly wage). Because of these facts, the system can readily collapse .... say when the market is cornered."

https://www.schneier.com/

Bruce Schneier has access to the documents and is releasing an exploit a day for the next few months. Each exploit contains a line of the format:

"Unit Cost: $0
Status: Released / Deployed. Ready for Immediate Delivery"

That's a pretty good indication the programs made it to the real world.