Slashdot Mirror
NSA Foils Much Internet Encryption
An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.
For awesome powa
Hasn't the majority of the internet already applied that twice?
I believe the "working with industries to install backdoors" part, but the cracking internet standards encryption? Nope. The report doesn't even say what they are supposed to have cracked, only some nebulous "widely used internet encryption". Do they have a ton of computation power? Yes. Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.
From Bruce Schneier Here and here.
Also a nice call to arms here.
"I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better."
grammar-lesson free since 1999. (rescinded - 2005)
So I'm left with the impression that the NSA will add features in return for improved access.
SELinux comes to mind as a gift from the NSA to the Linux community. A gift with a hidden payload.
Hmm.... We can call it Trojan Linux. Ribbed for your pleasure. The ultimate in back door penetration.
I wonder if their list includes SSH
OpenSSL came from SSLeay, which was created outside of the US specifically for this reason.
Its not a technical attack in the first round;
The long, strong arm of the NSA
July 27, 1998
Web posted at: 4:15 PM EDT
http://edition.cnn.com/TECH/computing/9807/27/security.idg/
[..]
It's gotten to the point where no vendor hip to the NSA's power will
even start building products without checking in with Fort Meade first.
This includes even that supposed ruler of the software universe,
Microsoft Corp. "It's inevitable that you design products with specific
[encryption] algorithms and key lengths in mind," said Ira Rubenstein,
Microsoft attorney and a top lieutenant to Bill Gates. By his own
account, Rubenstein acts as a "filter" between the NSA and
Microsoft's design teams in Redmond, Wash. "Any time that you're
developing a new product, you will be working closely with the NSA,"
he noted.
[..]
Clearly wary of granting the government supervision over its products,
Microsoft has stubbornly refused to submit a data-recovery plan, even
though the Redmond giant already includes a data-recovery feature in
its Exchange Server.
"The Exchange Server can only be used when this feature is present,"
Rubenstein said. "Because we haven't filed a product plan, it's harder
for us to export this than for companies that have filed plans."
[..]
I'd wager that the fundamental flaw in HTTPS is that the government has the private keys direct from the CAs. The protocol is flawed in the key management (as most are).
Socialism: a lie told by totalitarians and believed by fools.
From ProPublica:
In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
Who else remembers the debacle about the government no longer purchasing Lenovo computers? I remember some people saying that if the U.S. government is making all this fuss about it, they're probably the ones doing it.
This seems to indicate those people are correct.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Just don't use paypal to get funding...
The claim is VPNs and SSL... so either a break in RSA or AES, either way SSH would be covered.
You do not need to break RSA or AES to break a lot of VPNs. I.e. if you use aggressive mode IKEv1 PSK (typically plus XAUTH, but that does not actually help), the shared private key can be recovered by offline attacks. NSA supercomputers should have no problem handling most keys. Alternatively, if certificates are used, many organizations buy premade certificates including secret keys instead of going through the trouble of generating their own secret keys. That means the NSA only has to compromise the few certificate vendors.
And this is just the passive attacks the NSA can do. If they actively interfere, they can use downgrade attacks or (for HTTPS) the various TLS vulnerabilities or use proper fake vendor certificates or all sorts of other mischief. That is harder to pull off unnoticed of course.
Very little equipment supports IKEv1 with "raw" RSA keys (no certificates), even though that takes the whole PKI problem away and avoids aggressive mode. I'm only aware of (free|open|libre|strong)SWAN and RouterOS. IKEv2 is almost non-existent, and what little equipment supports it tends to only support the equivalent of IKEv1 main mode with PSK or certificates -- precisely the areas where IKEv1 is already good enough.
For those of us who use proprietary encryption acceleration: how do we know that the session keys are chosen securely and not divulged with steganography somehow? I know that products have existed which did exactly that, revealing part of the encryption key in the encrypted data stream (and I know that because the vendor was fairly open about the practice).
Finally! A year of moderation! Ready for 2019?
Certificate authorities never see private keys so you are dead wrong about that. What's more, even if a rogue CA was minting bad certs on the fly to attest that the NSA was really foobar.com, that would have been noticed. Remember that secrecy is something they value insanely highly. They wouldn't ever do something so easily noticed and the articles do not imply any kind of CA compromise.
In fact if you read all the stories (they overlap largely but not entirely) you can get a vague picture of what's going on. Firstly, they record all encrypted traffic in case they can decrypt it later. Secondly, they have a database of public to private keys, populated via any means they can. Thirdly, they obtain keys in lots of ways (hacking, subversion, bogus court orders, brute forcing old/weak keys etc) but they don't seem to have a magical solution to all strong crypto. The closest that the leaks come to this is discussion of some amazing cryptoanalytic breakthrough, which could possibly mean they're able to break some kinds of RSA? Perhaps they're ahead of Joux et al by some years?
Regardless, what it is, it can't be a solution to all crypto, because these governments apparently asked the newspapers not to publish on the grounds that people might switch to stronger systems that worked.
There are a surprisingly large number of public key generators with weak random number generators:
And those are the ones we know about.
For open source systems, the person or persons who inserted the weak code should be identified and kicked off the project. It may just be incompetence, but that's a good reason to keep them out of security-critical areas.
Weak keys don't just let the NSA in. They let the People's Liberation Army of China in, too.
Bruce Schneier should be technically competent enough for you, see his articles today at the Guardian.
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
How did the NSAs ability to decrypt most of the encrypted communications of the world prevent Syria's chemical attack on its own people?
Or even help after the fact, for that matter?
How is helping Syria's people even part of the NSAs charter?
To be 1000% clear... all a CA does is sign keys generated by others. They never see the private server key(s). Having the CA signing certificates doesn't give you the magic ability to decode a site's traffic; it only allows you to pretend to be that site. (assuming you can get the users traffic to come to, or through, you. and that other steps (fingerprint validation, serial number checking, etc.) aren't being used.)
Spy on foreign governments and foreign citizens. They need to stay the fuck away from Citizens of the United States of America. Spying on Americans is what other governments are for.
The NSA is operating far outside of its charter. Put them straight.
Why is it so hard to only have politicians for a few years, then have them go away?
This has nothing to do with liberal or conservative and everything to do with the power of government.
From Bruce Schneier:
Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
I don't read your sig. Why are you reading mine?
I trust the math, even though I don't understand it.
I don't necessarily trust the people who coded the math into a program.
I don't necessarily trust the computer that is running the program.
//TODO: Think of witty sig statement
I think at this point it is safe to assume that all US or US ally based commercial software of any kind that is of some value to the NSA/GCHQ has been compromised. I would imagine that this will present a huge advantage to open source software in relevant fields. IMO any software company that allowed such backdoors deserves to go out of business. It also means that commercial anti-virus, firewall, and other security software has to be assumed to be backdoored for the NSA/GCHQ. This also gives Linux a huge advantage because it is not so dependent on high quality security software.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
With closed source, you don't know if it's secure and you can't verify that it's secure and now we have these NSA documents which state that they have already compromised the most popular commercial security software and they are working on compromising the rest of it.
With open source, you don't have a guarantee that it's secure but you do have lots of knowledgeable people looking at the code (especially now) and you yourself can audit the code. It has a much higher chance of being secure.
You're right, "a security solution with a destroyed reputation is no solution at all"... and the NSA just destroyed the reputation of all commercial security software.
I don't read your sig. Why are you reading mine?
While you guys are cracking jokes on ROT13, a letter to NYT ( http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0 ) caught my attention
- - - B Missouri Reader
Missouri
On the one hand, âoeIn the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,â but on the other hand the liberties of Americans are at risk by such programs.
In other words, we face a situation where the strongest, most secure nation can no longer be a nation that guarantees the rights of its citizens.
Privacy is not simply a convenience, but it is intimately linked to free speech and to the future prospects for democracy in America. Key elements of the Constitution provide a framework where incumbents can be challenged in free elections, ensuring that better ideas and better leaders will become available to guide the nation. But nobody can win an election against an incumbent with unlimited access to the communications of its rivals. We're not there yet, but the trend is in that direction.
It is high time that members of both parties in Congress get off of their high horses and address this growing threat to our democracy. Technical and legal hurdles must be cleared, and it may even be necessary to make significant changes in the way the internet works. But time passes very quickly in the technology world, and the clock has already been ticking for quite a long time."
Muchas Gracias, Señor Edward Snowden !