Slashdot Mirror
NSA Backdoors In Open Source and Open Standards: What Are the Odds?
New submitter quarrelinastraw writes "For years, users have conjectured that the NSA may have placed backdoors in security projects such as SELinux and in cryptography standards such as AES. However, I have yet to have seen a serious scientific analysis of this question, as discussions rarely get beyond general paranoia facing off against a general belief that government incompetence plus public scrutiny make backdoors unlikely. In light of the recent NSA revelations about the PRISM surveillance program, and that Microsoft tells the NSA about bugs before fixing them, how concerned should we be? And if there is reason for concern, what steps should we take individually or as a community?" Read more below for some of the background that inspires these questions.
quarrelinastraw "History seems relevant here, so to seed the discussion I'll point out the following for those who may not be familiar. The NSA opposed giving the public access to strong cryptography in the '90s because it feared cryptography would interfere with wiretaps. They proposed a key escrow program so that they would have everybody's encryption keys. They developed a cryptography chipset called the "clipper chip" that gave a backdoor to law enforcement and which is still used in the US government. Prior to this, in the 1970s, NSA tried to change the cryptography standard DES (the precursor to AES) to reduce keylength effectively making the standard weaker against brute force attacks of the sort the NSA would have used.
Since the late '90s, the NSA appears to have stopped its opposition to public cryptography and instead (appears to be) actively encouraging its development and strengthening. The NSA released the first version of SELinux in 2000, 4 years after they canceled the clipper chip program due to the public's lack of interest. It is possible that the NSA simply gave up on their fight against public access to cryptography, but it is also possible that they simply moved their resources into social engineering — getting the public to voluntarily install backdoors that are inadvertently endorsed by security experts because they appear in GPLed code. Is this pure fantasy? Or is there something to worry about here?"
Since the late '90s, the NSA appears to have stopped its opposition to public cryptography and instead (appears to be) actively encouraging its development and strengthening. The NSA released the first version of SELinux in 2000, 4 years after they canceled the clipper chip program due to the public's lack of interest. It is possible that the NSA simply gave up on their fight against public access to cryptography, but it is also possible that they simply moved their resources into social engineering — getting the public to voluntarily install backdoors that are inadvertently endorsed by security experts because they appear in GPLed code. Is this pure fantasy? Or is there something to worry about here?"
We need all the eyes we can get to those memory leaks!
This is fearmongering. Encryption standards that have been adopted are open source and mathematicians comb over them with a fine tooth comb before giving them their blessing. Yes, there is a worry among mathematicians about the NSA developing an algorithm that would permit a pre-computed set of numbers to decrypt all communication. Which is why they make sure it DOESN'T HAPPEN.
See https://www.schneier.com/essay-198.html
Who needs back doors when you can buy an 0day for a few 100k? Backdoors are passé.
.... but unless they have the worlds top obfuscating coders working there (quite possible) , how long do you think it would be until someone spots the suspect code especially in something as well trodden as the Linux kernel or GNU utilities? I would guess not too long.
Why would they care about your cryptography when they can simply use something like TEMPEST to read the plaintext or laser-acoustic eavesdropping (forgot the term for it) to listen in on you? Hell maybe they finally came up with a satellite that can do that to anyone they target.
Problem is, the cryptography is only a link in the chain.
Last year or early this year there was a fix for a Linux kernel bug that could provide root privilege escalation. Here's the kicker though: The bug had been fixed years earlier but had been reintroduced into the kernel and nobody caught it for a very long time. For some reason, OpenSuse's kernel patches still included the bug fix, so OpenSuse couldn't be exploited, but mainline didn't reintroduce the fix for a long time.
Given the complexity of the kernel as just one example of a large open-source project, I don't really buy the "all bugs are shallow" argument from days of past. That argument was making a presumption that people *wanted* to fix the bugs, and as we all know there are large groups of people who don't want the bugs fixed. That's not to say that there is a magical NSA backdoor in Linux (and no, there isn't a magical NSA backdoor in Windows either, get over it conspiracy fanboys). That is to say that simply not running Windows isn't enough to give you real security and yes, your Linux box can be attacked by a skilled and determined adversary.
AntiFA: An abbreviation for Anti First Amendment.
I hear the Vegas odds of NSA backdoors into encryption schemes is 1000:0. Meaning everyone who bets $0 on the NSA not having a backdoor will receive $1,000 if they do.
sudo make me a sandwich
Seems to me that if they used to oppose public cryptography and are now encouraging it, then they no longer see it as a threat. Therefore I would wager that they can bypass it through some other means, such as ubiquitous backdoors in the actual hardware.
DES was developed in the early 1970's, and has been proven to be quite resistent to differential cryptanalysis, which didn't appear in the public literature until the late 1980's.
During the development of DES, IBM sent DES's S-boxes to NSA, and when they came back, they had been modified. At the time there was suspicion that the modifications were a secret government back door, however when differential cryptanalysis was discovered in the 1980s, the researchers found that DES was surprisingly hard to attack. It turned out that the modifications to the S-boxes actually strengthened the cipher.
Is there a question in there about something specific or are you throwing pasta against the wall to see what sticks? Take AES for example. A pretty open selection process evaluating a number of known ciphers among many smart eyes. Are you saying No Such Agency pulled a fast one in broad daylight in front of multitudes or is your line of question non-specific and open ended?
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Some guy claimed to have put backdoors in the OpenBSD IPSEC stack for the FBI, but a full audit proved no such thing ever happened.
I seriously doubt this is happening in open source.
I have yet to have seen a serious scientific analysis of this question, as discussions rarely get beyond general paranoia facing off against a general belief that government incompetence plus public scrutiny make backdoors unlikely.
Government's are not nearly as incompetent as many pundits would have you believe. We have some very seriously talented people doing some pretty amazing things in our government. Government isn't always a model of efficiency but inefficient does not (always) equal incompetent. And in some cases inefficiency is actually a good thing. Sometimes you want the government to be slow and deliberative and to do it right instead of fast. Some of the most remarkable organizations and talented people I've met are in government. Sadly some of the worst I've met are in government as well but my point remains. Assuming government = incompetent is in clearly wrong in the face of copious evidence to the contrary.
With the continuing audit process and complete transparency I would trust OpenBSD along with OpenSSH, etc.
There are plenty of holes in the kernel and privileged program "as is". All they have to do is find them
You mention the Clipper chip and its key escrow system guaranteeing government access, but what you should remember is that the cryptosystem that chip used was
1. Foolishly kept secret by the NSA, although it has long been understood that academic scrutiny is far more important than security through obscurity, and
2. The symmetric cipher the chip used, Skipjack, was subject to a devastating attack on its first day of declassification (breaking half the rounds) and by now is completely broken. That remains rare for any seriously proposed cipher...
Since presumably the NSA did not try to make a broken cryptosystem (why, to help other spies? They themselves had the keys anyway!) this illustrates that yes, incompetence is a concern even at super-funded, super-powerful agencies like the NSA.
xkcd is not in the sudoers file. This incident will be reported.
if Microsoft giving NSA info on undisclosed vulnerabilities, they have in effect a magic backdoor in Windows.
You miss a major point in your FUD, having access to source at least gives people an option to go over it. Try that with Windows, or any closed source kernel or application.
Front doors, look at the key exchange for HTTPS and TLS. All it takes is a man-in-the-middle attack and a way to generate valid certificates and any HTTPS connection can be intercepted at any point. Verisign, Thawte etc. are all NSA establishment companies, any one of the myriad of certificate companies built into your browser could be working with the NSA generating fake certificates.
That goes for code signing too, and auto-update of software that connects to https.
You're looking for hidden secret security holes, but missing the really really big one, Certificates.
Likewise mail protocols, they're essentially unencrypted, SSH we do a one time key public exchange, and there after the key hash is checked each time to make sure it doesn't change. We could do the same with mail protocols, we could have secure email tomorrow. But we don't because whenever we try to introduce it, some expert tries to morph it into a certificate exchange. Protecting it from first-time key intercepts, but opening it up to a MITM attack from an NSA operative. It makes it complex and less secure, so nobody uses it.
Encrypted should be the default for all comms these days.
Well, Ken Thompson's in login.c since like 1984, so we have that much.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Do eagles give NSA live feeds via brain waves? Do birds and insects let NSA collect frequencies so they can pull them together and have ultimate listening machine? You decide!
Also I have cloak of invisibility to sale, with NSA control beam repellent...
Seriously, people....
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Obviously I haven't read the literature enough to know how it works or why it's impossible... But it would be really funny if it turned out that Bitcoin mining was actually the NSA's attempt at crowdsourcing brute-force decryption...
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
Obviously the government has access to very fast computers beyond what the public has available. As computer power gets greater it becomes easier for specialists to break into supposedly secure situations. We have also been in a war mode since 9/11 and all kinds of covert snooping are taking place. Deeply embedded agents do exist in this world. I have seen it first hand. Back in the 1960s that fine young girl that spent a lot of nights in your bed that you thought was a hippie was often some kind of cop. It was all too common.
Despite what you think, lots of people, including security researches, have access to the Windows source code too.
What you are saying is that:
1. Without source code, people find security holes in Windows all the time... you do agree with that statement right?
2. With source code, only the good guys find all the security bugs and fix them so fast that they never become an issue. Oh, and all existing Linux deployments, including the embedded Linux installs in your home router/cell phone/toaster/etc. get up to the minute security fixes applied too (yeah right, and I really don't care if you personally hack your devices with daily upstream kernel commits because there are millions upon millions of devices that aren't running that way).
3. Before you start accusing other people of spewing FUD, I never said that Windows is some paragon of security. You obviously see things in a very simplistic black and white world where Windows == All Bad and !Windows == All Good. Sorry sunshine, life is a lot more complex than that.
AntiFA: An abbreviation for Anti First Amendment.
Close to Unity.
That argument was making a presumption that people *wanted* to fix the bugs, and as we all know there are large groups of people who don't want the bugs fixed.
They don't just cancel out.
OpenBSD had the same press smear in . The result? there was no secret back door in SSL libraries or BSD.
The NSA arguably doesnt need a linux backdoor. They own the links between you and the server. They already get preferential access to the #1 and #2 OS on every desktop and laptop, and when that doesnt cut it they've had a foot in the door of everything from Facebook to Amazon for quite a while now. the warrants and courts are secret, and the action comes with a free 'shut the fuck up' stamp to make sure you never hear a word about it.
what the NSA cares about is mostly what the government cares about: detecting and correcting civil unrest. monitoring social networks, chat rooms and forums ensures things like Occupy never get too far out of hand. Sure, running occupywallstreetrightnow.com from your basement might be safe if you're encrypting root, running SELinux and wiping disks, but the NSA will still have enough metadata from your driving patterns and network traffic to fashion a very long noose for your execution.
Good people go to bed earlier.
Just use the concept of plausible stupidity.
IIS is roughly half of the web servers on the internet
IE is roughly half of the web browsers on the internet
When you either use IE or IIS there are high probabilities that one of them will inflict something that can be assimilated to some downgrade attack when establishing ssl tunnels effectively undermining the security provided by any secure web browser or any secure webserver.
When you apply that reasoning on large scales it is equivalent to putting a backdoor on the whole internet without ever needing a clever backdoor to be inserted in open source softwares. There is most of the time a microsoft product at some end of the pipe, the pipe becomes compromised.
If you don't believe me just compare the behaviour of major browsers/webservers with regards to how they deal with their choice of ciphering algorithms for SSL.
It is indeed very tedious to configure cipher preferences on a webserver in order to have microsoft clients using anything not vulnerable to BEAST or providing perfect forward secrecy.
This is in my opinion a blatant example of backdoors "done right".
We can look over the crypto-specific parts and make sure they are sound but we are still vulnerable to mistakes in implementation. The Debian OpenSSL memory initialisation bug is the elephant in the room here. If it had not been found after two years how long would it have been there? Although that was a 'mistake' by two seperate people (one a debian package maintainer and one the OpenSSL upstream developer), I find it interesting that by 2011 they were both cycling around Germany for the OpenStreetMap project and one of them was later beaten to death with his laptop by some eastern-Europeans in what was made to look like a robbery.
My guess is that some peope got burned by that and suspected fould play enough to take revenge.
"Never attribute to malice that which is adequately explained by stupidity."
But I guess that still doesn't speak to the question of whether it is happening or not.
AES was developed in Belgium by Joan Daemen and Vincent Rijmen. It was originally called Rijndael and was one of the AES candidates. What happened is the NIST put out a call for a replacement for the aging DES algorithm. It was one of a number of contenders and was the one that one the vote. The only thing the NSA has had to do with it is that they weighed in on it, and all the other top contenders, before a standard was chosen and said they were all secure and that they've since certified it for use in encrypting top secret data.
It was analyzed, before its standardization and since, by the world community. The NSA was part of that, no surprise, but everyone looked at it. It is the sole most attacked cypher in history, and remains secure.
So to believe the NSA has a 'backdoor' in it, or more correctly that they can crack it would imply that:
1) The NSA is so far advanced in cryptography that they were able to discover this prior to 2001 (when it got approved) and nobody else has.
2) That the NSA was so confident that they are the only group to be able to work this out that they'd give it their blessing, knowing that it would be used in critical US infrastructure (like banking) and that they have a mission to protect said infrastructure.
3) So arrogant that they'd clear it to be used for top secret data, meaning that US government data could potentially be protected with a weak algorithm.
Ya, I'm just not seeing that. That assumes a level of extreme mathematical brilliance, that they are basically better than the rest of the world combined, and a complete disregard for one of their missions.
It seems far more likely that, yes, AES is secure. Nobody, not even the NSA, has a magic way to crack it.
GP wrote: and no, there isn't a magical NSA backdoor in Windows either, get over it conspiracy fanboys
You are forgetting something. A pretty BIG BACK DOOR into windows that has been known and confirmed for some time now.
“...the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system“. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards”
I can't find a good reference right now, but I recall reading a few years back the observation that one of the GSM stream ciphers (A5/1?) has a choice of implementation parameters (register sizes and clocking bits) that could "hardly be worse" with respect to making it easily breakable.
This property wasn't discovered until it had been fielded for years, of course, because the ciphers were developed in the context of a closed standards process and not subjected to meaningful public scrutiny, even tough they were nominally "open". The implication was that a mole in the standardizing organization(s) could have pushed for those parameters based on some specious analysis without anyone understanding just what was being proposed, because the (open) state of the art at the time the standard was being developed didn't include the necessary techniques to cryptanalyze the cipher effectively. Certainly the A5 family has proven to have more than its fair share of weaknesses, and it may be that the bad parameter choices were genuinely random, but it gives one to think.
Perhaps some reader can supply the reference?
The 802.11 ciphers are another great example of the risks of a quasi-open standardization process, but I've seen no suggestion that the process was manipulated to make WEP weak, just that the lack of thorough review by the creators led to significant flaws that then led to great new research for breaking RC4-like ciphers.
your post just made everybody in this thread dumber.
Oh yeah, I'm so sure after this many years and many people looking at the source code for AES that nobody happened to see a totally stand-out backdoor code in it. And nobody noticed the resulting weakness in cracking the encryption. That's completely ridiculous.
Check out the Underhanded C contest (http://underhanded.xcott.com/). There are great examples of code that look innocuous, but aren't. What's more, some of them look like legit mistakes that people might make programming.
So that is always a possibility. Evil_Programmer_A who works for whatever Evil Group that wants to be able to hack things introduces a patch for some OSS item. However, there's a security hole coded in purposely. It is hard to see, and if discovered will just look like a fuckup. Eventually it'll probably get found and patched, but nobody suspects Evil_Programmer_A of any malfeasance, I mean shit security issues happen all the time. People make mistakes.
In terms of how long to spot? Depends on how subtle it is. If you think all bugs get found real fast in OSS you've never kept up on security vulnerabilities. Sometimes, they find one that's been around for a LONG time. I remember back in 2000 when there was a BIND vulnerability that applied to basically every version of BIND ever. It has been lurking for years and nobody had caught it. Worse, it was a "day-0" kind of thing and people were exploiting it already. Caused a lot of grief for my roommate. By the time he heard about it (which was pretty quick, he subscribed to that kind of thing), their server at work had already been owned.
Don't think that just because the code is open that it means that it gets heavily audited by experts. Also don't think that just because an expert looks at it they'll notice something. It turns out a lot of security issues are still found in the runtime, not by a code audit. Everyone looks at the code and says "Ya, looks good to me," and only when later running it and testing how it reacts do they discover an unintended interaction.
I'm not trying to claim this is common, or even happening at all, but it is certainly possible. I think people put WAY too much faith in the "many eyes" thing of OSS. They think that if the code is open, well then people MUST see the bugs! All one has to do is follow a bug track site to see how false that is. Were it true, there'd be no bugs, ever, in release OSS code. Thing is, it is all written and audited by humans are humans are fallible. Mistakes happen, shit slips through.
You have a point, but at the same time, there are plenty of people who install pre-compiled binaries on their Linux systems too. Having the source code for what you are supposed to be running isn't the same thing as having the source code for what you *are* running.
Granted, that does make an open source application safer, if you do compile it from source, but how many people do that? And be aware that you need to make sure you're always getting the source itself from the right place or that could be compromised itself. It's a simple matter of checking, of course, but many people don't.
Open source provides a means to install and operate more secure code, but you do need to take necessary precautions, and you need to make sure everyone who does it knows to take the necessary precautions.
They aren't giving the NSA stuff that nobody else gets. The NSA is just on the early notification list. Various groups get told about vulnerabilities as soon as MS knows about them. The rest get told about them when there's a patch. So sure, I guess the NSA could quickly develop and exploit the vulnerability (if it is relevant, amazing how few no-user interaction, remote initiated exploits there are now that there's a default firewall) before MS patches it, but that is not really that likely a scenario, and more than any of the other groups that get it.
there's a story i heard about the origins of linux, which was told to me a few years ago at a ukuug conference by a self-employed journalist called richard. he was present at a meeting in a secure facility where the effects of "The Unix Wars" were being exploited by Microsoft to good effect. the people at the meeting could clearly see the writing on the wall - that the apx-$10,000s cost of Unixen vs the appx-$100s of windows would be seriously, seriously hard to combat from a security perspective. their primary concern was that the [expensive] Unixen at least came with source: microsoft was utterly proprietary, uncontrolled, out of control, yet would obviously be extremely hard to justify *not* being deployed in sensitive government departments based on cost alone. ... so the decision was made to *engineer* a free version of Unix. one of the people at the meeting was tasked with finding a suitable PhD student to "groom" and encourage. he found linux torvalds: the rest is history.
now we have SE/Linux - designed and maintained primarily by the NSA.
the bottom line is that the chances of this speculation being true - that the NSA has placed back-doors in GNU/Linux or its compiler toolchain - are extremely remote. you have to bear in mind that the NSA is indirectly responsible for securing its nation's infrastructure. adding in backdoors would be extremely foolish.
https://github.com/search?q=nsa+backdoor+extension%3Arb+extension%3Apy+extension%3Ajava+extension%3Aphp&type=Code&ref=searchresults
We use Open Source, the entire point is using something that is not under the control of one single agency, entity or company. To have a back door in mainline like that, that isn't considered a bug would take the kind of creativity these organizations neither attract nor harbor on their own. So your probably good, besides SELinux vulnerabilities are the least of your worries. There's probably a Ton of sysad's that administer Linux boxes from windows with poor to minimal security.
Good leaders run toward problems, bad leaders hide from them.
That will answer the question.
"Don't teach a man to fish, feed yourself. He's a grown man. Fishing's not that hard." - Ron Swanson
and no, there isn't a magical NSA backdoor in Windows either, get over it conspiracy fanboys
You tell'em Cajun! Our Guubament would NEVER do such a thing. The US Government follows the Constitution to a 'T' and would NEVER abuse the powers granted to it by the PATRIOT Act!
And obviously, you are in a position to KNOW what's in Windows source code and have examined the 50 million or so lines in it. So _I_ believe you!
What's that "fiction" book that talks about the Chinese hiding backdoors in chips and networking hardware (i.e. routers/switches) that are made in China, and then installed by gubmints all over the world?
As I posted above... why does the NSA need Stuxnet to attack Windows computers in Iran when they have magical access to every Windows machine in existence already?
P.S. --> At no point in my post did I ever say that I trusted the NSA, I just pointed out facts that an open-source project is not magically invulnerable to security breaches simply because people can read the source code. If the Windows source was so uber-secret, how would you even know that it is approximately 50 million lines?
AntiFA: An abbreviation for Anti First Amendment.
I can attest to the lack of backdoors in SELinux. I am the SELinux maintainer. I'm the guy responsible for it.
Then the only question remaining is whether we should trust you.
The gold standard of secure operatings systems, OpenBSD, already experienced this. This isn't paranoia or fear-mongering.
On the otherhand: If history is a guide, the DES algorithm introduced by IBM and the NSA was a very good algorithm for its time. The only glaring weakness has been computing power, which is amazing. 40 years and the only real attack is still brute force.
This misses the dual goals of the NSA:
(1) Break other peoples communications.
(2) Protect US (govt?) ones.
The trouble with backdoors is that they can be used by others to break US systems. So this is not the preferred solution from the NSA's perspective.
A good lesson in this is the DES cipher. The DES cipher was a 56-bit cipher based on IBMs original 128-bit Lucifer algorithm. When it was released everybody worried about the S-boxes and design and wondered if the NSA has created a backdoor for themselves. As attacks on Fiestel network ciphers (such as DES) were found, it was apparent that DES was already hardened against these: the NSA knew of these attacks and had produced the hardest 56-bit cipher possible. Their strategy became apparent: by setting the strength at 56-bits, they created a cipher they could break because they had the processing power, but no-one else could (at the time).
Similarly today: its apparent that 22 years after PGP was created, mail is not encrypted by default. The NSA's strategy is to help push the design of open standards to suit their goals: small -enough quantities of encryption that it is possible for brute-force or black-bag jobs to be used as required.
Anyone who believes exponential growth can go on forever in a finite world is either a madman or an economist
I think a much bigger issue that I have not heard mentioned in these debates is how much access to bank and credit card records do these outfits get? It would seem if they pressure Google and Facebook to release records, they would do the same to the banks.
Here's an article about the new encryption standard and its back door - master key. The facts are as follows:
1) There exists a set of numbers that could be used as a master key to the system that has since been published as a standard.
2) NSA created the system.
3) You can't prove they don't have this skeleton key.
4) It's their job to do stuff like this.
Now re-read #1 again. Mathematically there IS a back door. The question is weather anyone knows the key.
If an important commonly used crypto program like gpg or ssl were broken by the NSA's mathematicians, it would be a secret of the highest order. Any use of the secret tends to reveal the secret. Therefore the secret can only be used for national business of the highest importance. Most people's secrets are just not that important, even if they involve matters that the federal government does not like. Thus most ordinary people are protected as free riders. This is "Coventry logic".
It is for this reason that the NSA's abilities should not be probed. If some investigative people probed the NSA's abilities, with fake messages about fake plots and that scheme worked, it could remove the "coventry logic" protection that millions of people now currently enjoy. If an important secret were forced out, then why not use the secret? Thus it is in no one's interest, other than the genuine malefactors, that this type of secret be probed. Everyone else has an interest in strategic ambiguity.
It doesn't even have to be a specific executable we're talking about. All you really need is a library everything depends on where some guy did a unbounded copy without checking parameters. There have been several of those over the years -- compression and image libraries where some guy did an unbounded copy without checking parameters.
Of course, if someone's really interested in YOU (versus just trawling around for generic information) they could always just break into your house and plant bugs. If you browse the internet at all, it's ridiculously easy to get information on what you're up to. Sure you could use https everywhere and erase cookies, but I'm not sure how much I'd trust https. Keep in mind that a LOT of those certificates are issued by a central authority, and central authorities are easy to subvert.
With all that being said, if we were really that concerned about it we'd be making it MUCH easier to use pgp and personal private encryption for everything. We'd be making it much easier to use opportunistic encryption with self-generated keys for point-to-point communications. We'd be making it much easier to encrypt voice and video communications. Everyone would be using tor to access the internet. And we're not really doing any of those things. Hell, we volunteer so much information about our daily lives through social networking that there really isn't any need to listen in on most people anyway. I'd guess someone completely avoiding social networking sites would raise a red flag that would warrant more scrutiny.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Could you people please put that lie down already. Yeah, technicaly, lots of people have access to the source code of Windows. In practice, nobody outside of MS (or, at least, that's the official line) has the means to compile that source code, and verify that it's really Windows or to use it - and forget about all that discussion about trusting your compiler, things are not open enough to even care about that.
Rethinking email
Hint from former contractor that worked for no such agency: All these algorithms rely on a good pseudo-random number generator. A key space can be shortened significantly, if certain properties of the random number generator are known.
Your post is insightful. There were two earlier insights:
1. Someone in government realized they could offer to call off antitrust dogs if MS gave them early access.
2. Someone at MS realized they should take them up on this offer.
If MS wanted to give government early access to a patch so they could patch ahead of public disclosure (as some entities would have the desire and resources to reverse-engineer patches almost instantly and try to exploit them) well how nice of them.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
...can't you just look through the code. I mean I'm not a programmer but I'm sure a group of them could get together and have a look.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
With the ability to store all communication, all an attacker has to do is exploit one-side of the communication to acquire its private key, at which point they can decrypt the stored comms at their leisure. You should be more concerned about end-point security and vulnerabilities, than holes in the cipher itself.
Having said that, the largest employer of mathematicians in the world may have also figured out how to factor primes efficiently, or at least, pruned the problem space enough to where a couple billion dollars worth of hardware can solve it in a tractable amount of time.
The real concern comes when they are bored with their imaginary war on terrorism and they start going to work on the American people.
Brush up your language skills.
"If any question why we died, Tell them because our fathers lied."
I'd assume the NSA has SSL private keys they can use at will to intercept (MITM) SSL connections. The question is if they just have some "standard" leaked certificates which could be spotted by opening the detailed info window, or if they have some common ones like VeriSign as well. I don't have any proof, but it's just too easy.
They will of course be trying to create back doors into everything. We must stay vigilant, peer review everything and trust only after comprehensive verification.
see things in a very simplistic black and white world where Windows == All Bad and !Windows == All Good.
It's more like: WINDOWS==ALLBAD and !WINDOWS>ALLBAD.......ROTFLMFAO
The NSA does not need back doors nor do they need to nerf primitives. We are clearly incapable of effectivly using the crypto we have.
Planet sized trust anchors, unflinching leaps of faith, widely deployed password authentication schemes vulnerable to offline attack. New such schemes continue to be invented and advanced. Just last week I stumbled on idiots from Avaya submitting an I-D to add more hash algorithms (SHA-*) to http digest authentication cuz MD5 is "broke". You can't make this shit up if you tried. The problem with "open standards" is not NSA subversion it is the lack of thought by those producing and reviewing standards.
We accept a world where all primary means of network communication are insecure by default. Email, SMS, mobile calls, IM. Those niche systems which deploy crypto either punt key management or do it soo poorly as to be unusable to most.
"To the cloud" campaigns have mostly resulted in vendors having control of all your data and all your keys.
There are a few outliers where developers have actually put trust management front and center rather than punting or ignoring it. The problem is these channels currently account for rounding error quantities of information flows.
NSA has two areas it has dealt in. One is the spying side of the house; the other is the infosec side. As I have heard it, the infosec side tosses what it develops to the spy side, but the reverse does not happen (or happens not much), but they are distinct. SELinux is something from the infosec side, which has also given out guides to how to harden Windows NT and the like. While it is likely that folks working on the infosec side will find it useful to figure out ways not to interfere with the spy side, I suspect that succumbing to that temptation is not universal.
That's one thing I've been wondering about.
The idea behind open source, if I understand it correctly, is that you can see what the code is doing and possibly be able to customize it for your own use, as opposed to being locked into closed source software, where it simply does an operation but you don't know how efficiently or whether or not it's doing anything inappropriate.
However, if something is open source, then it can be read by anyone. It could also possibly be modified by anyone, meaning it's possible someone could introduce a bug into the code that wasn't previously there, intentionally or unintentionally. Open source is all well and dandy if you vet it line by line, but unless you do so, how can you be sure that the code works correctly? Yes, that's what checksums are for - vetting that the information hasn't changed from a known value, but that doesn't apply after an update is made.
Keep fucking that chicken editors.
Our biggest "cyber security" problem is one of persistently insecure endpoints. The reason we have persistently insecure endpoints is that they can't be made secure, no matter who writes them, checks programs for virii, etc
All of them run a program within the context of a users permissions, leading to the possibility of privilege escalation. SELinux tries to fight this by locking down each program, but even that approach has some strong limitations
To be able to securely run a program on any operating system, you need to be able to specify the side-effects you're willing to allow, before running the program. This is the reason that Functional Programming is getting so much attention and the application level.
The IBM VM system was among the first to provide such an environment, back in 1972. (I'm sure someone will dig up an earlier system). The reason that VM systems can be secure is that when you set up a virtual machine, you specify all the things it's allowed to use, and to change. It can only affect it's own disk space, etc.
Modern systems such as VMware also offer the possibility of real security, but at such a gross level of granularity that it's unlikely to be used in this manner. The only system on the horizon that offers a way out (as far as I can see) is the Genode project which is a full on capabilities based system, built upon your choice of secure kernel.
This whole cyber-war mess can be shut down, if you folks wake up, and start acting in a manner to fix things... otherwise prepare to be serfs to our corporate lords and masters.
The thing with encryption (follow the Coursera course by Dan Boneh) is that the code doesn't have to be compromised for the encryption to be insecure.
And showing the encryption is secure or not. Well. That is not so easy.
Some smart ass thought doing DES twice was safer than just DES. Wrong. Meet In The Middle Attacks.
Think of the scenario where random primes are picked every time directly after a device boots. A random generator didn't have enough time to get random. Those primes that are not random but in fact very predictable.
There is a thing called an s-box. It shuffles data around in a pseudo random way. One algorithm used 5 of those. Too bad one of them was a fraction less random than the others.
Implementation mistakes or lack of understanding are the worst enemies. They are very hard to recognize. They might even require quite some research to be found.
With the complexity of encryption it's far from unthinkable that mistakes are made that cripple the strength of the algorithm.
Privacy is terrorism.
if Microsoft giving NSA info on undisclosed vulnerabilities, they have in effect a magic backdoor in Windows.
Would you prefer that Microsoft tells foreign companies about vulnerabilities *without* informing the NSA about the same vulnerabilities?
The MAPP program is public and has been since it's introduction. As part of the program, Microsoft will release vulnerability information (and sometimes even PoC exploit code) to MAPP partners a few days in advance of releasing the patch for a vulnerability.
The reason is that a vulnerability patch is essentially the same as a disclosure. It is in the interest of both Microsoft, AV vendors and Microsofts' customers that AV vendors get a head start when creating scanning signatures that will catch exploit attempts.
Some of these AV vendors are foreign companies. Yes, some of them may be shells for or cooperate with e.g. a foreign intelligence service. Yes, even if they are only given a head start of a few days, there certainly is a risk that a foreign intelligence body could use the information to infiltrate US companies or government entities.
In that light, is it so terrible that the NSA get the information as well? You know, it could actually deter the foreign entity from actually attempting an exploit.
This is a fabricated scandal. Worse, it detracts from the *real* scandal, which is not what companies have been forced to hand over but rather the erosion of rights in the law.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
As mentioned in alt.privacy in 1993:-
A lot of people think that PGP encryption is unbreakable and that the
NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
arrested _one day_ before he and others wee to stage a protest at government
buildings; the police had a copy of a message sent by Steingold to another
activist, a message which had been encrypted with PGP and sent through E-mail.
Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
allow the NSA to easily break encoded messages. Early in 1992, the author,
Paul Zimmerman, was arrested by Government agents. He was told that he
would be set up for trafficking narcotics unless he complied. The Government
agency's demands were simple: He was to put a virtually undetectable
trapdoor, designed by the NSA, into all future releases of PGP, and to
tell no-one.
After reading this, you may think of using an earlier version of
PGP. However, any version found on an FTP site or bulletin board has been
doctored. Only use copies acquired before 1992, and do NOT use a recent
compiler to compile them. Virtually ALL popular compilers have been
modified to insert the trapdoor (consisting of a few trivial changes) into
any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft,
Borland, AT&T and other companies were persuaded into giving the order for the
modification (each ot these companies' boards contains at least one Trilateral
Commission member or Bilderberg Committee attendant).
It took the agency more to modify GNU C, but eventually they did it.
The Free Software Foundation was threatened with "an IRS investigation",
in other words, with being forced out of business, unless they complied. The
result is that all versions of GCC on the FTP sites and all versions above
2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
with itself will not help; the code is inserted by the compiler into
itself. Recompiling with another compiler may help, as long as the compiler
is older than from 1992.
Andrew Yeomans
What is more likely is the NSA has access to a super top secret quantum computer that can hack any publicly available cipher. They've probably had this tech since the 90's, which is why we are just hearing about the promise of quantum computing for the public sector.
Remember, they only dole out the new tech after they've 'mastered' it and have something an order of magnitude beyond, as history plainly tells us.
She blinded me with science, she tricked me with technology. ~ Thomas Dolby
If Ubuntu is being run by someone who wrote spyware for the government, no worries, we can all feel 100% safe.
http://zsmith.co/Ubuntu.html
The biggest, greatest service M$ could do for the computer industry is release their source code to be used as a teaching tool of how-not-to-write an operating system. LOL!
Stories of large complexes that house big data go back to the 1970's. Does anyone remember the giant warehouses filled with data tapes? Where the warehouse is 99%+ automated? Come on! What do you think those tapes were filled with? I remember my father, (ex Navy), saying, "never say anything on the phone you wouldn't say in front of an angry mob, staring at you." My take on Snowden is two things, he'll learn to hate the day he decided to take this course of action. And 2, foreign diplomats that have known all along that this crap has been going for decades will use it as leverage at the bargaining table. For example, that stupid ass contract to some Indian software company for 'DC medical software? India will shut the F up, and as each country "strikes while the iron is hot", then they to will in turn shut up when they get some concession. And Obama gets to eat the credit. By the way, if Snowden has an "accident", that will cause the other countries to want more to shut up.
Since we're talking spying on other governments and eve dropping on allies here.
What backdoors would you expect to be present in the JSF?
Privacy is terrorism.
Both Windows and OSS have undergone a change in search utility design philosophy wherein unattended indexed search subsystems for both data and metadata are provided by default and run in the background almost constantly. These search systems start upon boot and perform periodic full system scans. It is not easy to disable all elements of these search subsystems. Their obviousness (they are CPU-intensive during their initial runs) belies their nature.
Yet search performance with these systems is no better than with the previous "search when asked to search" utilities which seem to have fallen by the wayside.
Or maybe I'm just paranoid.
SELinux isn't claimed to be secure. NSA's defensive side, the Central Security Service, created it because they wanted application developers to start writing applications that would run under a mandatory security system. Once all major applications could run under SELinux, it would be possible to swap out the Linux kernel for something smaller, with far less trusted code.
That didn't work out. Not enough applications were redesigned to run under the tight restrictions needed to make most of their code untrusted. A good example of commercial developer incompetence in this area is Matlab, which won't run with SELinux enabled. So Matlab's official instructions tell users to turn SELinux off. There is no justification for Matlab requiring security privileges.
There is also a new "backdoor" to SELinux in Linux installed recently to support a competing "security" package.
It gets worse. Not all keys are equally safe, and weeding out unsafe keys is extremely difficult. This is far less of a problem for symetric crypto (like AES), but it is a present and real concern for assymetric crypto (like RSA).
El-gamal is an widely-used system where the quality of the key is more important than its size for it [as long as it is above a certain minimum size] to be reasonably strong(!)
My question is if the government has the means to access encrypted material, why do we keep seeing people going to jail for refusing to hand over the password to their encrypted drives and files?
It seems to me that the NSA wouldn't develop backdoors in publicly scrutinized standards. Even if they managed to get away with it for a long time, they wouldn't be able to get away with it forever - the suspicion raised by events like the PRISM leaks would ensure that the standards continue to be scrutinized.
It's far more likely that the (very intelligent) cryptographers and engineers working for the NSA are developing a capable quantum computer behind closed doors. If Google has -announced- a 512-qbit computer publicly, then it's very likely that they, or other companies and institutions, have a more advanced prototype in the works (or even completely working). So long as the public announcements never belie the progress and prowess of the (hypothetical) actual cutting-edge quantum computers, work on standards which will be secure against quantum cryptanalysis won't move to double time to catch up. The NSA would have a nice renaissance where their secret quantum computers can crack AES in minutes, en masse.
When that period is over, of course, then we can worry about secret backdoors again...
I have been saying this for years.
Way before the NSA was doing its whole spy grid: You have to consider at what point security ends on assumptions and begins on certainy.
Source Code provides another level of that certainty, and in the past couple of years due to all sorts of crazy things I have seen happen, increasingly that certainty is source code for myself personally.
So I insure most of my edge routers and security devices are built with source code and I do not use proprietary devices.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
The govenment can not admit that it has access to encrypted material. If it did the method would become useless.
Why not in the compiler?
Posted anonymously because I don't like Russian airports.
Why would it pipe to NSA's servers? Not like the hardware is made in the USA.
Wired Article from 2007
what are the odds that the piece of paper called "one us dollar" has value?
No more secrets.
You are all a bunch of idots.
https://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
they dont need to actually:
www.absolute.com and their computrace products - see also corresponding patent application - bios equipped with that software have the backdoor which also can be used to access windows partitions etc.
I know it isn't happening the same way I know I have not ingested thought broadcasting nano bots and that all those flies I see are not part of a NSA cybernetic fly army spying for the Americans. Oh wait, I don't really know that.
Damn you technofacist apple pie eaters!
A well-tainted EFI removes the need for backdoors in higher privilege level software.
Another important thing to realize about EFI is that it also contemplates enabling chipset features that will trap certain OS operations to an EFI-based control system running in System Management Mode. In other words, under EFI, there is no guarantee that the OS owns the platform.
The California voting information books are now in English, Spanish... and Chinese :)
1. The skipjack algorithm has never been broken. You look silly claiming otherwise.
2. "Broken" is a relative term when talking about encryption schemes. Exploitable weaknesses are found that can produce attacks which are faster than brute forcing. That doesn't mean a massive amount of effort isn't still involved.
3. You're really confused, mixing up symmetrical, asymmetrical, and quantum concepts. It makes the last paragraph make zero sense to anybody with even a basic grasp of those concepts.
What you've likely done is google encryption and read a few basic pages, and you're trying to come off sounding like you know what you're talking about. The problem is that you just don't. The blatant frauds tend to be easy to spot by anyone paying attention. Too bad you didn't spend a bit more time googling skipjack before making that first grand assertion.
Maybe next you can read a few articles about golf and then turn around and tell Tiger Woods how to play the game.
"What Are the Odds?" - Is classical trolling question.
The probability that NSA can/will put a back door in a protocol standard: LOW
Probability that NSA can put a back door in open sourced software: HIGH
IMO: most attacks against encrypted systems are keyloggers. This would be the most appropriate attack vector against any encryption software. The keylogger would likely be installed by software other then the encryption software. Device drivers would be an ideal candidate. The printer drivers are large and complex and installed on every computer regardless of whether you have a printer connected or not. If I was the NSA, I wouldn't spend all my time trying to hide malicious code in areas where encryption specialists would be looking for it. I would hide it in the background and simply track keystrokes to gain direct access using their passphrase.
no. "yet to see" works fine.
Just need the algorithm and the key.
Anyone who thinks about it will realise they either store their key somewhere the NSA can access or they type it in which is also tracked. Fait accompli.
Help me out here; I'm hearing a lot of talk about planting a bug in an encryption standard, but how do you do that. Not everything that uses, say, AES does so using the same libraries or even instruction sets. The only way you could globally infiltrate communications based solely on that would be to exploit lots of other larger systems that implement in whatever ways they do. No one flaw in AES is big enough to allow you to compromise any system that uses it. The question is, is there anything about an implementation using it to, say, behave predictably enough for you to compromise the communication it's involved in, because if you can, you've won.