Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Backdoors In Open Source and Open Standards: What Are the Odds?

Posted by timothy on from the trusting-trust dept.

New submitter quarrelinastraw writes "For years, users have conjectured that the NSA may have placed backdoors in security projects such as SELinux and in cryptography standards such as AES. However, I have yet to have seen a serious scientific analysis of this question, as discussions rarely get beyond general paranoia facing off against a general belief that government incompetence plus public scrutiny make backdoors unlikely. In light of the recent NSA revelations about the PRISM surveillance program, and that Microsoft tells the NSA about bugs before fixing them, how concerned should we be? And if there is reason for concern, what steps should we take individually or as a community?" Read more below for some of the background that inspires these questions. quarrelinastraw "History seems relevant here, so to seed the discussion I'll point out the following for those who may not be familiar. The NSA opposed giving the public access to strong cryptography in the '90s because it feared cryptography would interfere with wiretaps. They proposed a key escrow program so that they would have everybody's encryption keys. They developed a cryptography chipset called the "clipper chip" that gave a backdoor to law enforcement and which is still used in the US government. Prior to this, in the 1970s, NSA tried to change the cryptography standard DES (the precursor to AES) to reduce keylength effectively making the standard weaker against brute force attacks of the sort the NSA would have used.

Since the late '90s, the NSA appears to have stopped its opposition to public cryptography and instead (appears to be) actively encouraging its development and strengthening. The NSA released the first version of SELinux in 2000, 4 years after they canceled the clipper chip program due to the public's lack of interest. It is possible that the NSA simply gave up on their fight against public access to cryptography, but it is also possible that they simply moved their resources into social engineering — getting the public to voluntarily install backdoors that are inadvertently endorsed by security experts because they appear in GPLed code. Is this pure fantasy? Or is there something to worry about here?"

13 of 407 comments (clear)

  1. Re:This is stupid by F.Ultra · · Score: 2, Informative

    Not to mention that what became AES was a Dutch(?) algorithm to begin with (Rijndael).

  2. Re:Well they COULD put a backdoor in some OSS... by pegr · · Score: 5, Informative

    Reflections on Trusting Trust (PDF alert). Required reading for anyone with interest on that very topic. Written by Ken Thompson, in fact.

  3. Re:This is stupid by Anonymous Coward · · Score: 3, Informative

    Also what is left out in the summary is that the NSA worked to strengthen the S-boxes in DES against differential cryptanalysis attacks, even though the existence of such attacks were not know publicly at the time.

    http://en.wikipedia.org/wiki/National_Security_Agency#Data_Encryption_Standard

  4. Re:Real threat or open question? by eparis · · Score: 5, Informative

    I can attest to the lack of backdoors in SELinux. I am the SELinux maintainer. I'm the guy responsible for it.

    https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/MAINTAINERS#n7166

    I work for Red Hat. Not for the NSA. SELinux code does not go from me through the NSA, it actually goes the other way around. The NSA asks me to put code in the Linux kernel and I pass it to Linus. I have reviewed each and every line at one point or another.

    The NSA may have some magic backdoor somewhere in the Linux kernel, but I'll stake my name that it isn't in the SELinux code.

  5. Windows does have a backdoor. by FriendlyLurker · · Score: 5, Informative

    GP wrote: and no, there isn't a magical NSA backdoor in Windows either, get over it conspiracy fanboys

    You are forgetting something. A pretty BIG BACK DOOR into windows that has been known and confirmed for some time now.

    “...the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system“. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards”

  6. Re:This is stupid by zerro · · Score: 4, Informative

    It's always interesting to see what (some of the best attempts at) intentional code obfuscation can look like:
    http://www.ioccc.org/

  7. Re:This is stupid by Joce640k · · Score: 4, Informative

    This is often quoted as an example of NSA's supposed superiority in cryptography but that happened back in the '70s when there were hardly any cryptographers or computers in the world.

    The knowledge gap between the NSA and independent cryptographers has closed a lot since then.

    --
    No sig today...
  8. Re:This is stupid by dargaud · · Score: 5, Informative

    Much more relevant to this discussion is the underhanded C contest where backdoors much be introduced in innocuous-looking C code. There's an art to it.

    --
    Non-Linux Penguins ?
  9. Re:This is stupid by blacksmith · · Score: 4, Informative

    I believe the s-boxes were provided by the NSA without much comment about them.

    You're probably thinking of DES rather than AES with regards NSA provided s-boxes. IIRC said s-boxes in DES were changed by the NSA with no real explanation. Some years later when differential cryptanalysis was discovered in the non-secret world it turned out that the change actually hardened DES against such an attack - so in this case the NSA created a stronger algorithm. See wikipedia.

  10. Re:Yep by Noryungi · · Score: 5, Informative

    Let me add a few datapoints here, as a reminder...

    1) The AES competition was launched in part because DES and 3DES were cracked by EFF using FPGA-based brute-force decryption machine. Source :
    https://en.wikipedia.org/wiki/EFF_DES_cracker
    https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html

    As a reminder, DES was THE standard crypto algorithm, vetted and approved by NSA. It could be cracked by EFF only because of Moore's Law and some serious budget and effort.

    2) Public-key cryptography was invented separately at GCHQ (UK NSA) and NSA itself, several years *before* Diffie-Hellmann. Source:
    https://en.wikipedia.org/wiki/Public-key_cryptography#History

    So, yes, these people (NSA/GCHQ) are very good at what they do. They have had at least 10 years of head-start, since cryptography was considered for many years just a branch of mathematics in academic circles. These guys work on nothing but crypto and digital/analog communications, year in, year out. Do not underestimate them.

    3) One of the first electronic computers, was delivered to the NSA in the 1950s. NSA later suggested improvements to the company that built it. The first Cray supercomputers were delivered straight to NSA. Again, that was in the 1950s, when most computer companies (IBM comes to mind) were still struggling to define what a computer was good for. Source:

    http://www.nsa.gov/public_info/_files/cryptologic_quarterly/digitalcomputer_industry.pdf
    http://www.physics.csbsju.edu/370/mathematica/m1_eniac.pdf

    4) The NSA and GCHQ have a long history of backdoors. They love these things, as they make their life so much easier. Read on Venona, Enigma, Ivy Bells: all of these were made possible by intercepting/copying one-time pads, selling "unbreakable" German encryption machines and tapping undersea Russian cables. And I am willing to bet these are just a small fraction of what these people have done over the years. Source:

    https://en.wikipedia.org/wiki/Venona_project
    https://en.wikipedia.org/wiki/Enigma_machine
    https://en.wikipedia.org/wiki/Operation_Ivy_Bells

    Again, this is just a small fraction of what NSA and GCHQ have done over the years. So, yes, suspecting backdoors in open-source software is... shall we say... only natural.

    If I was paid to be a professional paranoid, I would be taking a very long hard look at my computers and telecom equipment right now.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  11. Re: This is stupid by schappim · · Score: 3, Informative

    It's Romansh not Romanian !!! a Rhaeto-Romance language descended from the Vulgar Latin spoken by the Roman era occupiers of the region. It is closely related to French, Occitan, and Lombard, as well as the other Romance languages to a lesser extent.

  12. Re:This is stupid by hawguy · · Score: 3, Informative

    This is fearmongering. Encryption standards that have been adopted are open source and mathematicians comb over them with a fine tooth comb before giving them their blessing. Yes, there is a worry among mathematicians about the NSA developing an algorithm that would permit a pre-computed set of numbers to decrypt all communication. Which is why they make sure it DOESN'T HAPPEN.

    See https://www.schneier.com/essay-198.html

    And there's the fact that AES-192 and AES-256 are NSA approved for protecting Top Secret classified documents.

    It seems unlikely that they would approve the use of an algorithm with a known vulnerability to protect classified information -- knowing that a vulnerability would likely eventually be discovered (or stolen) by an adversary, leaving classified documents at risk. It would be awfully embarassing if, for example, someone stole secret documents and handed them over to a newspaper reporter and revealed some of the inner workings of the NSA.

  13. Re:This is stupid by SecurityTheatre · · Score: 4, Informative

    You'd never know the official langauge of the country was English.

    That's probably because it's not....

    The US, on principle, never adopted an official language in the way most other countries do.