Slashdot Mirror
Ex-NSA Analyst Warns Of NSA Security Backdoors
jagger writes: "In this ZD-Net article ex-NSA analyst Wayne Madison has issued a warning about many proprietary software packages coming bundled with NSA backdoors. This must be very troubling for non-US governments, because it means that they have no security against anyone knowing the backdoor. " This is one of the reasons China has cited in wanting to use Open Source and home-cooked solutions.
It scares me that big corporations would agree to allow the NSA to place these backdoors into their software, especially with the very bad press this would generate if the rumors were ever substantiated. How much do you think Mirosoft is payed or what informaion are they given acess to in exchange for this service?
If you read the article more carefully, you'll see that this guy has been "ex"-NSA for a long time. He probably has no idea of what the current position on software is inside the agency itself. If he did, he certainly wouldn't be allowed to release it.
If anyone has any actual hard evidence for or against NSA backdoors in commercial software, I'd be very interested in seeing it. Meanwhile, it looks like we'll have to put up with the usual conspiracy stuff.
Visit the
Maybe this is how the DOJ will settle with Microsoft. Put this little password into your server software and we'll forget we saw any anti-trust violations.
Don't call it paranoia, call it realism!
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
No, pick any dictatorships, and you would find a government who is more paranoid.
Je ne parle pas francais.
No Such Assurance
Note to the humour impaired: Win95 2nd ed=Win 98, Win 95 3rd ed=Win 98 se, Win 94 4th ed=Win Me, MacOS 7.6=MacOS8, MacOS7.7=MacOS9
This is not exactly new news, many people may remember how a certain Melissa virus author was tracked due to some serial number in the Microsoft software he was using. (if memory serves correct)
And while I think this is a valid reason to use open source, we should remember that unless we compile the software we use ourselves from our own source that we ourselves have checked, then we can never be sure if there exists a backdoor into our software. I speculate most people are not willing to wade through literally millions of lines of source and compile by hand each program they use to ensure that the "man" is not watching them. However, the article (which refers to the NSA agent as a "spook") does not mention why he is an ex NSA agent. What is the reason he is no longer with the NSA and why is he so freely admitting these facts. Having had clearance in the past I know very well you need to sign many numerous agreements that state you can be imprisoned indefinitely without trial if you violate said agreements. You basically sign over your rights as a US citizen to obtain that kind of security clearance. This story raises some good issues about how much we as citizens should trust our government and our software, as well as raise the ire of many foreign nations using US software. But there is always a nagging doubt in my head when we hear stories from ex employees and there is no knowledge given about why they are ex-employees.
But in general this news is not really new. The government has had backdoors in software as long as software has been around. And this has been shown in the press before to be true.
I do think however this presents those of us in the open source world with a strong argument in favour of open source software with respect to dealing with trusted programs.
Regards...
Nice that the person writing the comment couldn't even read, his comments make it sound as if Wayne had personal information about these backdoors or even any backdoors, but the actual news items states:
Notice the 'may'.
Next the article states:
These are just GUESSES from Wayne, not any hard proof. The article never states that he has seen this, only very indirect evidense. I bet alot of people will get irate without even reading the original article.
http://slashdot.org/articles/99/09/03/0940241.shtm l
---
Printed in Denmark nov. 26. 1999.
"In 1985, their long-term goal was "total hearability", i.e. the
capability to listen in on all communication around the world."
EX-AGENT TO DANISH MINISTERS: YOU ARE BEING MONITORED
Former Echelon agent warns Danish politicians against confidential
conversations over the phone.
The Echelon system not only listens in on private persons, companies and
interest groups, Danish politicians and ministers are also the target of
the NSA's extensive espionage, reveals Wayne Madsen to Ekstra Bladet, who
meets him in Washington D.C. Wayne Madsen was once a spy for the National
Security Agency NSA - the intelligence service behind Echelon - but he has
severed connections with his former employer.
We are crossing the border into the state of Maryland. Behind us lies
Washington D.C., the US capital - and somewhere in front before us lies
Fort Meade in neighbor-state Maryland. 'The Fort' is the headquarters for
world-wide espionage and the workplace for 38,613 of the most talented
secret agents in the world.
Wayne Madsen is very familiar with Fort Meade. For several years, it was
his clandestine workplace. He has a pistol in the glove compartment of his
car. Loaded. Wayne Madsen is always armed wherever he drives.
"I don't carry a gun because I think it's cool to have a pistol. But based
on the sources I still have in the NSA, I know there are people in the
intelligence services who do not care for people who talk about the secret
services. Since they are armed, I had better be prepared, too."
Wayne Madsen is an experienced man in regards to secret projects and
surveillance. Since 1975, he has been operating the most sophisticated
computer technology in existence. First as a marine in the US Navy, then
as an agent for the National Security Agency, NSA, and most recently as an
employee at two of the NSA's partners, RCA and the Computer Science
Corporation.
"Whenever anyone criticizes the NSA, it is important to remember that they
have done a lot of important work, too. Both during the Second World War
and the Cold War, when they were talented at breaking the codes of the
Nazis and the East Bloc countries respectively."
TOTAL HEARABILITY
To prove to us that the NSA does more than just 'black work', Wayne Madsen
wants to show us an unusual museum, the NSA's Center for Cryptologic
History.
"Since it is located at the same address as NSA headquarters, Fort Meade,
we can see the buildings I worked in at the same time -from the outside at
least."
Just before we get to Fort Meade, Wayne Madsen points down an access road.
"I went through a lie-detector test and a voice-test analysis over there,
before I was approved by the NSA," Wayne tells us with a faint, shy smile.
He was a lieutenant in the Navy at the time with ten years of experience
in tracking Soviet U-boats and monitoring computer security.
What is the role of the NSA now that the Cold War is over?
"Primarily, they have a global network of computers known as Echelon. The
computers are connected with their intelligence satellites and listening
posts all over the world. And they still do military work. The difference
is, however, that today they monitor everything and everyone. Politicians,
organizations, companies, private individuals, even friends in allied
countries. In 1985, their long-term goal was "total hearability", i.e. the
capability to listen in on all communication around the world."
MINISTERS MONITORED
Is Denmark part of this system?
"Yes. Denmark is a third-party partner in the surveillance agreements. On
the other hand, however, Danish ministers and politicians must assume that
they are under surveillance."
What?
"Yes, that is part of the way they work. At their embassies, they have
groups called 'Special Collection Elements' that monitor local
low-frequency communication. Anything of interest is forwarded here to
Fort Meade where it is analyzed."
"If something can't be intercepted from the embassies, they try to
intercept it from the listening posts in the various neighboring
countries. So is it very risky for Danish ministers to talk on cellular
and satellite telephones alike," says Wayne Madsen as we enter the NSA
museum.
SPY TO EX-SPY
Inside the museum, Wayne Madsen asks whether Jack Ingram is at work today.
A moment later, a tall man appears. Ingram has been an NSA spy for many
years. Now he administrates the museum. He shakes hands with Wayne, and
the pair quickly strike up a conversation about common acquaintances at
various intelligence agencies and companies.
Shortly after, we walk around looking at the NSA's exhibits of cast-off
super-computers and code deciphering equipment - debris from more than
fifty years of intensive espionage in world-wide communication. Wayne
Madsen continues:
"Denmark doesn't get very much out of being a third party, because NSA is
the first party and decides which information the other countries receive.
So obviously, whenever they monitor specific politicians or companies in a
certain country, they naturally don't tell the local government about it.
The information they give to Denmark is something that promotes their own
interests or something they themselves consider to be a threat. For
example something about Tamilians or the PKK, the Kurdish resistance
movement. If it involves information which promotes their own financial
interests, then naturally they use it for their own benefit."
Do you have specific examples of what you are saying?
"Mike Frost, who worked for Canada's intelligence service, which also
participates in Echelon, has personally monitored both politicians and
companies in other countries. He told me among other things about
monitoring the Chinese embassy in Canberra, Australia. All the information
was forwarded here, to Fort Meade. The Australians never saw the
information because the US could use it to control the world wheat trade.
Although I write books and articles about the NSA, I still have good
contacts in intelligence circles at present," states Wayne Madsen.
As we drive back to Washington, he turns briefly toward Fort Meade's
parabolic antennas with a serious look on his face:
"The problem is that the NSA has lost sight of its purpose. It's not right
that taxpayers' money is used to help major shareholders in large
corporations to earn huge profits. Or for that matter the fact that the
NSA puts ordinary people, legal organizations and politicians under
constant suspicion."
EXTRA FACTS
In a joint council in September, Minister for Defense Hans Hækkerup
admitted that Denmark cooperates with other countries on surveillance.
However, Hans Hækkerup would not reveal which countries and intelligence
agencies Denmark cooperates with. It does appear, however, in the archives
left behind by the former head of the Danish Defense Department's
Intelligence Service, Commander Mørch.
Sources in Mørch's archives show that Denmark entered into an agreement
with the US on surveillance cooperation all the way back in 1947 - the
same year that the UKUSA - the pact behind Echelon - was established. The
UKUSA pact is controlled by the National Security Agency in the US, in
which the Australian, Canadian, New Zealand and British intelligence
services participate as second-party partners.
Most NATO countries - including Denmark - officially entered the pact as
third-party partners in 1950.
According to documents in the possession of Extra Bladet, the National
Security Agency has now confirmed that it has third-party partners.
BY BO ELKJÆR AND KENAN SEEBERG
COPYRIGHT 1999: EKSTRA BLADET - COPENHAGEN, DENMARK
If tits were wings it'd be flying around.
*sigh* I can understand why the NSA wants to be able to monitor Internet traffic. National security and all that.
BUT.
There is wayyy too much room for abuse.
I, for one, wouldn't want my software to be sending data to NSA or any other place without my knowing.
I'm glad that Open Source is where it's at today. It would be our worst nightmares if Open Source hadn't gained enough widespread acceptance and entities like the NSA lobby for outlawing Open Source software for "security reasons". I mean, it's very conceivable that your local ISP will only grant you access if you install their proprietary software which contains who knows what kinds of backdoors. Good thing open source systems like Linux is so widely available, and not locked into any proprietary vendor, so that ISPs *have* to allow for users to not use their software.
Thank God for open source software...
OTOH, I think NSA is shooting themselves in the foot. Foreign goverments aren't gonna put up with this backdoor nonsense in *their* software. So open source is going to become even more attractive, which will be good for all of us.
---
mikre he sophia he tou Mikrosophou.
you know that there's a problem when CHINA gets it right...
"I hope I don't make a mistake and manage to remain a virgin." - Britney Spears
I found one article that said he started in the spy business in 1975.
I found another article that said he worked for the NSA for 20 years.
My incredible deductive powers have allowed me to determine that he left the NSA 5 years ago.
(knock knock)
Ummm. Folks, I have to go now. It seems that I have impressed more people than just myself and thou. Some men wearing nice suits are offering me a job. Bye.
If tits were wings it'd be flying around.
Seriously, treat ANY statement by the NSA as potential disinformation, potentially mistaken and potentially correct.
In short, stop judging and treat it as you would a claim by any stranger on the street - with a pinch of skeptisism (NOT cynicism) and LOTS of salt.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Even if you have the source, that isn't a 100% guarantee that there aren't any back doors. Surely everyone remembers the famous Ken Thompson article about the back door in login with support in the C compiler, which is even referenced in the Jargon File.
One more drink, and I'll move on. --Dave Matthews Band
Microsoft always leaves the toilet seat up.
Microsoft chews with its mouth open.
Microsoft left its cell phone on during a movie, and answered it when it rang.
Microsoft snores in bed.
Oh yah - let's see we've got:
all in one story. It's like the story was written to be posted on /. for crying out loud!
Furthermore, it lacks any real meat. This Madison guy isn't saying that they are doing it: "Ex-spook believes", "applications may have backdoors" (emphasis mine). It's nothing definite - just this one guy's beliefs. And if he used to be an analyst, shouldn't he know this rather than sucumb to conjecture? The article got one thing right though: he's "fuelling conspiracy theories".
Now I hate MS as much as the next guy, but I also believe in the principle: Don't subscribe to mallice what can be explained by stupidity. I think they gave a reasonable explaination of the whole NSA key thing back when that happened. They also made the very valid point that it's not in their best interests to do something like that because if a foreign nation found out, MS would be skinned alive. Furthermore, I think people give the NSA too much credit - despite all the talented people they have, they're still a government agency and as such tend to resource limited. Can you imagine how much computational power would be required for Echelon to actually do everything that people claim it can? Do you think even the US Government has that type of money and could spend it in a covert manner even if it did? If you do, I think you give bureaucracy too much credit.
Standard disclaimer - these opinions are entirely my own. My employeer may well disagree with me - I can't speak for them.
-"Zow"
In later years, the NSA and other NATO intelligence agencies arranged for subtle defects to be added to the systems sold by Crypto AG.
I wouldn't doubt that the NSA is still trying to get backdoors installed in commercial software. How successful they've been is an open question.
Xerox provided the Soviet embassy in Washington with a photocopy machine that had a "special feature", a well hidden camera that photographed every document that was copied.
Mea navis aericumbens anguillis abundat
In small print, printed on the backside of the seal you have to break, thereby agreeing to the EULA, "contains less than 3% backdoor code; percentage measured by volume and may not apply to this release as code does not occupy space".
My mom is not a Karma whore!
Nice in concept.
Have you actually read the source? Understood it? All of it?
I personally don't have the time to read through each new version of, say, glibc, to find that it's clean. Now, I happen to believe that it's fine, but that's a faith-based opinion, not a knowledge-based one. And it only takes a few lines of source buried deep in some function to open up a back door.
In any case, you've got a better shot at finding backdoors with Open Source, but it's not like a back door'll jump out at you and wave, just because it's in an Open Source program.
Eternal vigilance, etc...
-
bukra fil mish mish
-
Monitor the Web, or Track your site!
Eloi, Eloi, lema sabachtani?
www.fogbound.net
seineeweraseipsteivos
As a journalist, I can tell you that this smells as fishy as they come. I say the guy's a self-promoter hyping himself by exploiting paranoia. If he's brave (and informed) enough to go public with this kind of imflammatory charge, he should be brave and informed enough to be able to name a single app that has such a backdoor (and, no, Carnivore doesn't count. Sheesh!).
I'll call him on it. Name 'em or shut up.
No compromise is required, only very strict enforcement of Constitutional rights.
Let me explain. What if Carnivore was authored in such a way that it could only sniff a particular person's e-mail? Further, what if it could only do this if law enforcement could prove to the system that a warrant had been issued, perhaps via an incredibly strong digital signature that even Moore's Law wouldn't bring into the realm of crackability for centuries? And finally, what if Carnivore would not function at all, not even passively watching the data stream, if there were none of these "proofs of warrant" active in the system (the only functionality still available, in other words, would be to put proofs of warrant into the system to unlock the remaining functionality)? And, as a crowning touch, what if the Carnivore system were Open-Source, so it could be inspected, and also put through formal verification to ensure no exploits either from hackers or law enforcement trying to hack around the security to do a little illegal surveillance)? Oh, yes, and make it an embedded system (no Windows NT to introduce exploits of its own).
Once that mechanism is in place, it's guaranteed that it cannot be abused. And if Carnivore can, by these means, be proven conclusively to be unabusable, then I no longer have any problems with it. But as the situation is now, I very much doubt any of the measures I mentioned above are in place.
----------
This is a hard story to believe. If there are backdoors, then there has to be a way for the NSA to transfer the information gleaned. Surely someone would have noticed activity like this. RealAudio certainly didn't get away with it for long. Not to mention the likelihood that someone in one of the companies is going to notice and talk. His hedging language ("may have backdoors"), means he has no direct knowledge. If that's the game, I can warn of lots of things the NSA "may" be doing as well. Did you know that the NSA may be secretly running SlashDot? (And apparently deliberately botching the job ...)
"If I have seen further than other men, it is by stepping on their glasses." - Michael Swaine
If I were the NSA (and I'm not), except for something big and common like Windows 2000, I wouldn't bother sticking backdoors in every bit of software out there. For one thing, it's too likely that someone will open their big mouth, and the general public won't like it much.
;)
I'd go online, and find me a small group of talented crackers and script kiddies, and offer them the job of their dreams: cracking into every bit of software and computer system on the planet and getting paid for it. Not to mention the added perk of being cool spys. Even open source software has the occasional security hole, and if the hole is patched, my team could simply find another one. Microsoft's software is so riddled with silly security holes, and so popular, that it would not be difficult to have an in on most of the computers in the nation, if not the world. Plus, Microsoft sometimes never fixes known bugs because fixing bugs doesn't give them market dominance, so the holes might stay open longer.
As for the "ex-NSA employee", I pretty much take what he is saying with a grain of salt the size of Utah. Ex-employees shoot off their mouths for two reasons: to make the former employer look bad, or because the former employer wants them to say what they are saying. Sometimes it is just as effective to make people think you are watching them, and it is certainly easier on the budget.
Another thought: did you ever consider that this might be a big piece of FUD against proprietary software? Perhaps the NSA prefers open source.
Extremely bloated commercial software may contain full fledged flight simulators and pictures of the software designers. It is also suspected that some software may harbor dancing blue elephants.
Seriously folks, does it take 30Megs of software to read email. Not only is it likely that large software houses are cooperating with the US gov, it is probable.
I was working at an AT&T plant as a technician several years ago, and one of our projects was a device about the size of a Palm Pilot. You plug your handset into it, then plug it into your telephone. The person on the other end used a similar device, and with one button press you got instant voice encryption. We built hundreds. I tested a large portion personally. Then I personally helped tear them apart and install the clipper chip after the FEDS moved in. Funny, but we didn't build anymore after that.
We also built another telephone. It's the one that Harrison Ford uses on Air Force One. Not the little satellite phone, the big white desk phone. We had to count the ICs that did the cryptography for that every morning and evening. The phones had to stay under lock and key at all time. Not that it has any relevancy here, just to note that the FEDs will control cryptography and if you trust anything they approve of, you're going to be tracked.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Perhaps 1% of the /. population could.
I'm sure a higher percentage could probably apply a patch and recompile, but that's not too much different than applying a MS hotfix - except
a) the patch comes quicker
b) the hotfix is usually "delete this dll unless you really need this functionality"
That is not to say that the NSA did not have some influnce on the design (back before the rules changed and put the FBI and State Department in charge of export procedures). The NSA really discouraged (using the export license stick) the use of triple-DES. The fact they discouraged certain designs types is pretty much public knowledge.
What is less known, is that the NSA did a through examination of the product. In order to get an export license, the NSA also had to review the product - all specifications, code, manufacturing diagrams, samples devices. They also requested and got our future product plans. It is my impression that the NSA did this future product research everywhere they could.
So this means the NSA knew all details of any crypto product that was being exported. They knew the specifications, and in some cases the future product directions. I never heard of a case where the NSA would come back after a product evaluation and say "you have a security hole". In summary, even without a formal backdoor, they have (had?) a lot of knowledge.
PS: When I hear about ex-NSA members joining public companies, I wonder how many of my company's ideas (forcefully obtained by USA export regulations) went with them. You might say, the NSA was all knowing, so their was nothing to steal. The truth is that the NSA was really into military uses (they supposedly passed up developing public key algorithms because they did not have any use for them). Don't under estimate the value of a practical commercial related applied cryptography use.
- MbM
- MbM
National Surreptitious Agency
For those who don't see where I'm going: one of the early unix guys (Ken Thompson if I remember right) created a version of login with a backdoor for him to get in. Then he created a C compiler that could tell if login was being compiled and if so insert his backdoor. Then he modified the C compiler to check if it was compiling itself and if so insert both hacks. Soon he was able to (but claims he never did) distribute a C compiler that looked normal, yet would give him access to any machine.
It wouldn't have been hard to put this hack into compilers, so long as they started early and had some assistence. There must be someone at mit who can be bribed (there always is) to put it into any binaries on ftp.gnu.org. Sun is a closed company, and easially bribed to put it into their code. Of course we are today in a maze of unix's, all different. (4 BSDs, SCO, linux, Solaris, Irix, Aix, HPux, and probably others I've forgotten) You get the idea though.
If every government wants perfect security, they should have their own classified programs with classified keys. That way, even if an opponent were to discover a key, they would still have to figure out the encryption scheme (one of the tacit assumptions of encryption is that the opponent already knows the scheme. It also is the most difficult part of an encryption program to discover through reverse engineering).
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
This article could have been lifted straight from the pages of the National Enquirer. You've got a so-called "authority" that nobody has ever heard of, warning that there "may be backdoors" in some unspecified software. There's NOTHING specific here, no real information, just some lunatic jumping up and down and shouting.
So, of course, half of Slashdot starts screaming about how "Microsoft is downloading all our personal information!"Yeesh.
> but it is extremely rare to see acknowledgement
> of the underlying problem (Bad Guys Doing Bad
> Things In Secret
Please define "Bad Guys".
Terrorists maybe? You mean the people who are out there blowing things up and making a rukus because their people were screwed over by some government
Perhaps there would be less bombings if governments didn't go around pissing people off? You know doing things like supporting people loosing their homelands that they have inhabited for centuries? Or interfereing with other governments and people every time there is a buck to be made, or it fits "our needs".
That doesn't even matter, since echalon and the NSA arn't used for law enforcement. They are used to spy on everyone. They are used to gain advantage over other countries, or to serve the special interests of whoever controls the NSA.
Crime is easy to detect. Someone gets hurt, they either complain, or a dead body is found. Until that happens, there is nothing to do. Any crime that doesn't involve someone being killed or otherwise hurt, is not a crime anyway. (may be illegal...but the real crime is the fact that its illegal).
Whats more...none of this is even being used to "detect crime". Carnivore is (supposedly) just for monitoring individuals that are already under surveilence (which is suspect...since capturing email and or traffic can be done less intrusivly).
Echelon data isn't even available to law enforcement, only to the NSA and whoever the NSA sees advantage in filling in. Its mostly used for spying on foreign politicians and companies.
Frankly....crime is easy to detect. Either someone tells you about it, or you find a dead body. Those are the only crimes that I support the government looking into.
And finnally there are no "Bad Guys", only people. The world is not, and never has been, divided into "white hats and black hats", just people.
More important than finding the criminals is allowing the innocent to live their lives undisturbed and without fear of having every dirty little secret about themselves reviewed by others.
Putting a person under a microscope and examining their life should be done very carefully, in fact it should be considered as if it were itself a punishment and used with much caution.
There is just too much potential for abuse in these systems.
-Steve
"I opened my eyes, and everything went dark again"
Because it can be abused.
Think what Nixon or Hoover would have done with this ability.
As I mentioned in another post in this thread, it would be very easy to ruin someone's reputation or blackmail them.
Yes, the legitimate uses for a system like this is to watch for terrorist attacks or organized crime activities. But how hard would it be for the NSA to track the activities of those on its 'enemies list'? Not hard at all.
So when Senator Doe, formerly an out spoken critic of the NSA, comes out of a meeting with the NSA and now says he understands why the NSA needs to do what they do, is it because he has had a change of heart? Or is it because the NSA showed him his file? And mentioned that information wants to be free.
That's why we should all care.
Steve M
Back before export restrictions were loosened (1996), Lotus worked out a "deal" with the NSA that would allow them export 64 bit encryption internationally in Lotus notes. For the international versions, they took 24 bits of the private key and encrypted them with the NSA's public key, so that (in theory) the NSA would get these 24 bits for "free", and would only need to crack the remaining 40 (which was export legal). The theory was that this was ultimately better for their international coverage, since they'd have 64 bit protection from everyone except the US government. (I won't waste space by pointing out the obvious problems with this approach.)
This was publically announced and the technical details disclosed, so while it isn't great conspiracy fodder, it does point to close collaboration between the NSA and at least one major software company...
> Congresscritters are very territorial.
This is true and this is why the NSA is exempt from most of the checks in the system. People outside of the US (The targets of the NSA), don't have anyone on their side and the congressman from some small districat won't get worked up about something the NSA does because it won't effect his district.
This is why congress has almost never had a problem with the NSA but has had issues with the ones that work in the US (by their charter) like FBI, CIA, BATF.
I had a conversation with a bank recently about them thinking about switching to 3des from des. I pulled out the Applied Crypto book, found the table of how fast things can be cracked, fixed up the historical data (it is an Old book), added a few factors that I've heard about and a projected when 3des should be able to be broken in real time. Its about 10 years away.
How about some of 1024 bit public key crypto? Ever wonder why most of this stuff puts the message digest on the outside of they crypto payload? Its so you don't have to decrypt the data, if you can guess at the contents and can do the md fast, you don't ever even need to brute force they key. Its amzaing how much crypto does this. Also most of it is based on finding good primes. The keys you have are not good primes. If you look at RSA public key stuff you will find that if you have 2 primes as the keys you have a one to one mapping of the encode to decode keys. If one of thouse keys has two factors you will find that you 4 decode keys. 3 facotrs and you have 9 keys since the number seems to square. One bad pseudoprime and your rsa key could have thousands of decoding keys. Considering the NSA gave up buying machines that do big primes fast in about 1994, I'm assuming that the've found out something very interesting about factoring large psuedoprimes.
Recently someone gave me a sample of a bunch of credit card numebrs that were safe since they md5ed them. A bit of code, a few computers and I was generating the card numbers within seconds. 5 minutes later the entire database was converted to plain text.
Bad guys are people who hurt me or those who I care about. _Dangerous_ guys are people who have the potential to hurt me or those who I care about (even if they haven't done any hurting yet).
Being under the scrutiny of either type of person makes me feel unsafe, and looking for a means of protecting myself (either through offense or defense).
At the "Information, National Policies, and International Infrastructure" Symposium held at Harvard Law School, Paul Strassmann, of the National Defense University, and William Marlow, of Science Applications International Corporation, in a session entitled "Anonymous Remailers as Risk-Free International Infoterrorists" were asked by Professor Charles Nesson, Harvard Law School, whether the CIA and similar government agencies are involved in running anonymous remailers as this would be a perfect target to scan possibly illegal messages. The answer: Yes. In addition they mentioned that the NSA has successfully developed systems to break encrypted messages below 1000 bit of key length and strongly suggested to use at least 1024 bit keys. They said that they themselves use 1024 bit keys.
And this one is really amazing: Crypto AG, which several post have cited as having been revealed in numerous press accounts to have sold compromised crypto systems to governments around the world, is still in business! But the gold plating on the brass balls is the following statement from their CEO, which is currently on their Web site: "Since 1952, Crypto AG has been the specialist for information security at the highest cryptological and technical level. More than 130 countries have chosen Crypto AG as their trusted partner. This trust is based on the fact that Crypto AG is a financially and legally independent Swiss company. All shares are owned by one shareholder: a foundation with one goal, the commercial success of our company. Foundation status rules out any third-party influence, and this also guarantees full independence and freedom in the design, production and marketing of our products."
What does this mean? For one, it means that having a backdoor revealed will not sink your company even if supposedly secure government communication systems are your only customers. And second, it means that back doors, if they do exist, are an economy measure. If it was encrypted by any popular and widely used tool, it can be forced. Which might explain why you don't see Louis Freeh on TV every night bashing consumer crypto tools.
I wrote parts of this stuff
... projected when 3des should be able to be broken in real time. Its about 10 years away.
Wrong. Amazingly, staggeringly wrong. The minimum amount of energy required to flip a bit is kT, which is 1.3 * 10**-23 joules per Kelvin. Multiply that by the ambient temperature of the universe, 3.2 K, and you get a minimum of 4.16 * 10**-23 joules per bitflip. This is a thermodynamic limitation of computers, and cannot be surpassed without shifting computation away from Turing machines.
Now, 3DES has an effective 112-bit keyspace. 2**112 is about 5.2 * 10**33. Multiply (5.2 * 10**33) by (4.16 * 10**-23) and you get 2.16 * 10**11 joules of energy required to break 112 bits by brute force.
2.16 * 10**11 is a huge amount of energy, on the order of 200 terajoules. But that assumes you have to exhaust the entire keyspace--considering you only have to search 50% of it, on average, you only have to apply 100 terajoules of energy.
Remember: there is no way around this that we know of. This is a thermodynamic limitation; as soon as you figure out how to get past this, I suggest waiting by the phone because the Nobel folks are going to be calling long-distance from Oslo soon.
I've got no choice but to completely and wholly discount your entire message. This analysis took me all of five minutes to conduct. It's not hard.
Insofar as the likelihood of pseudoprimes not actually being prime--do you have any idea what you're talking about? I hate to sound irate (it's only because I'm very irate), but the entire notion of pseudoprimes is that they are probably prime. The likelihood of a pseudoprime not being prime is less likely than you winning the lottery, getting into a car crash, and being struck by lightning while having a hot date with a supermodel. Really. No, I'm not kidding.
Please, get a clue.
If I get any more irate (see my other posts in response to this story) I'm going to get the Theo deRaadt Award...
It's fairly simple to write an encryrption scheme using the available algorhythms...
Yes. It's even simpler to screw it up. Any fool can make a system which they can't break. Making a system which nobody can break requires absolute genius.
If every government wants perfect security, they should have their own classified programs with classified keys.
No. Wrong. Go back to class and study some more. The Germans thought that Enigma was secure since the Allies didn't know how it worked, but Turing and friends did amazing work breaking the Enigma even before they had one of their own. The Japanese PURPLE cipher (?) was broken without ever knowing how it worked; they recreated it entirely from first principles.
Without exception, every cipher I know of which kept its internals a trade secret has been a failure. The most recent spectacular failure is the NSA's SKIPJACK, which for years had its internals protected as a national secret. It didn't do anything to preserve the integrity of its messages; Eli Biham invented an entirely new branch of cryptanalysis (impossible-differential) and used it to cryptanalyze all but one round of SKIPJACK.
The only systems which are worth trusting are those which have survived years and years of brutal peer review. I trust PGP and GPG; I trust Blowfish, IDEA and 3DES; I trust this, that and the other. I trust the PKCS-11 CRYPTOKI standard, I trust SSL when used properly. All of these have been peer reviewed extensively and exhaustively, and so far they're still standing.
I don't trust anything which hasn't been extensively peer-reviewed. History shows that systems which have not survived brutal peer review do not survive in the real world.
Some of my Marine friends are fond of saying, "Training ought to be so hard combat is a vacation." There's a lot of merit to that. In cryptography, peer review means that everyone is trying to break a system. Of all those people, odds are there are people with more skill and better resources than the people who are trying to break your system for-real. If a system survives peer review, it'll probably survive your enemies.
If it's not submitted for peer review, you take your chances.
Your chances aren't very good.
Where to look next? I'd look closely at
-
Voice-over-IP software
-
Instant messaging systems
-
Methods by which microphones on computers or cell phones might be remotely activated
-
PBX remote maintenance systems
-
Router remote maintenance ports
Look closely at tools for private person-to-person communication.I used to be pro-NSA. But since we beat the Commies, we just don't have a big, well-organized enemy that requires that kind of snooping. Let's face it; the countries that really hate the US are basically losers. We might have some terrorism problems from some loser country, but they'll be down in the noise compared to, say, drunk driving. If state-sponsored terrorism gets to be a real problem, it's an act of war. This limits what a government can do before they end up at war with the Last Remaining Superpower, or, as with Iraq, most of the developed world.
Even wiretapping is marginal from a law enforcement perspective. Well under 1% of prosecutions involve wiretaps. A total prohibition on wiretaps wouldn't cause a measurable blip in the crime rate. On the other hand, lousy computer security makes lots of white-collar crimes possible, some with high dollar amounts.
So bad computer security as public policy is bad public policy. Any government official involved with backdoors or wiretapping should be considered soft on crime. That's the position to take in political forums.
This is not a joke.
I am very, very tired of hearing people say that they can break this-and-that, or that such-and-such is trivial, or what-have-you. Most of the time, these people are total incompetents who like to make themselves sound much more clued in than they really are.
The last time someone made claims like thogard did, I made a public challenge which was not accepted. Maybe this time will be different. So, without further ado:
THE 6-HOUR MD5 CHALLENGE
1. Rules.
The only rule is you can't bribe the judges. If you want to lurk around my workplace, bushwhack me when I come out and beat the answer out of me, feel free. Don't do the crime if you can't do the time, though. You can cryptanalyze this, you can attempt to coerce it out of me, you can send an attractive woman my way (free hint: I'm partial to tall redheads) to coax it out of me, you can try and eavesdrop on my phone lines and overhear me give it away, I don't care.
But you can't go after the judges, because then we don't have a fair contest. Fair?
2. The Challenge
If this challenge is accepted, I will submit to CmdrTaco (or another Slashdot employee, as he assigns) a credit card number. Specifically, my credit card number (with a few digits changed for my own self-preservation). I will also submit the MD5 hash of this (slightly modified) credit card number.
No cribs will be given. It will not be announced whether it's the credit card number by itself, whether my name is part of the data, whether the expiration date is included, etc. CmdrTaco will verify that I'm not cheating.
Once everything is set up, the MD5 hash will be put up on Slashdot. From the time it's put up, you'll have SIX HOURS to reverse the MD5 hash and get my credit card number.
3. The Reward
The reward is $1,000 cash. (Well, it'd actually be a cashier's check, but same difference.) If you can do it--especially if it's as easy as "a bit of code, a few computers, and I was generating the card numbers within seconds"--then this will be the easiest grand you've ever made in your life.
All monies will be deposited in advance with CmdrTaco (or others as he assigns). If I don't cough up the dinero up front, the contest doesn't go forward.
4. Frequently Asked Questions
Why only six hours?
Credit card numbers really aren't all that entropic; they're very predictable. The card I'm looking at right now has 16 digits, plus my name and two dates (valid-throughs). Brute-forcing 10**16 would take some time, even for an immensely large network, and that doesn't include the permutations of my name, the expiration dates, etc.
Breaking DES by brute force requires an average of about 3 * 10**16 operations. Thus, breaking my credit card is a little harder than breaking DES. It's possible some Slashdotters with access to extremely large networks would be able to brute-force this, but I don't find it likely.
If it's really as easy to break MD5 as thogard is claiming, six hours will be plenty of time.
Why are you changing the digits of your credit card? If you have such faith in MD5, shouldn't you leave it unaltered?
As I said, some Slashdotters may have access to extremely large networks which could brute-force it in a few days' time. I'm changing it just to cover my tail in case someone decides to spend weeks of processor time brute-forcing every possibility.
Isn't MD5 in disfavor nowadays? Wouldn't SHA-1 be better?
Yes, MD5 has a couple of potential attacks against it. I still have faith that it's very strong in practice, though.
Are you serious about this?
I'm serious about this. Are you?
Show me the academic papers which show you can reduce 3DES to complexity 2**78. The same attack could be used to reduce DES to complexity 2**39, which would be the world's first strong cryptanalytic attack against DES.
Show me just one instance where someone used this attack against DES to break it by brute force in an average of 2**38 operations.
Your argument about computing hardware is (a) wrong and (b) irrelevant. Moore's Law says that we can expect it to roughly double every eighteen months; if it increased eightfold in a year, this is highly unusual and is likely not a trend. Please point out the academic reports which talk about chips capable of doing a billion keys a second by themselves, or that the field of brute-force crackers is increasing by eightfold a year. That's why it's wrong; it's irrelevant because no matter what, thermodynamic limitations still apply.
Please present me with a real analysis which backs up your claims, not some vague statement of potential attacks and a made-up number about hardware crackers.
Too bad the crypto only works with one to one keys if the numbers are prime, probably prime isn't close enough.
The odds of a good probable-prime being composite is less than the odds of you being struck by a meteor at the instant you read this post. If you're concerned about your probable-primes being composite, I would respectfully suggest that you should consider the threats to your life that meteor strikes, attack by killer bees, random violent stranglings with rabid wombats, etc., pose. To lament the likelihood of a composite probable-prime while not living in stark fear of death by slipping in the tub and breaking your neck is extremely irrational. The one is far more likely than the other, and has much more dire consequences.
I have already issued a challenge to you on one of your more outrageous claims. I hope you take me up on it.
That's comic. So they're alleging that software *bought from* the justice department might have a possible backdoor that the justice department could access? Please. Not only has no evidence turned up (did the mounties drop the investigation?), but even if it did, that would be neither very surprising nor what this thread is about. The allegation here is that commercial software from independent software firm (even possibly the scary evil empire itself, whooo) contain such a backdoor.
I repeat: prove it.
Sorry, that's a telecommunications network, not a software app. Most telecoms networks have the capability to be tapped under court order; indeed, Globalstar would be one of the few exceptions if it didn't.
The allegation here was independent software apps (predictably, everyone immediately mentioned Microsoft) had such backdoors. I'm challenging them to provide any example of that.