Slashdot Mirror
John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore
has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
Given the recent hoo-ha with the NSA listening in, and then also admitting that (along with GCHQ) they have "broken" most commonly used encryption, it looks as though the "don't use anything that we can't either backdoor or crack" is, if not NSA itself, certainly from one of their supporters.
"She's furniture with a pulse"
Thank you for holding the world back.
Because the kernel maintainer didn't use his code, the NSA must have been out to get him and destroy strong crypto.
Shit, the FBI and NSA, et al put the kibosh on that before the damn things hit the streets. Instead they made a law that prohibits the sale of full spectrum scanners to the public, like was supposed to make them secure...
“He’s not deformed, he’s just drunk!”
It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.
Of the multiple examples John calls out, the most poignant is probably the needlessly complicated IPSEC standards. Overly complicated standards lead to bugs and flaws. He and Bruce Schneier describe a process that certainly sounds like NSA sabotage of security standards.
What should be the upshot of this? Perhaps people involved in security research should recognize that [b]anyone affiliated with NSA is a likely saboteur[/b]? Is such sabotage, which deliberately cripples the security of USA electronic infrastructure, a form of treason? Since this sort of deliberate sabotage of technology is the sort of thing terrorists might do, perhaps the NSA, and every person associated with that organization, should be placed on a Terrorist Watch List?
In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?
Encryption is one thing, but I suppose one of the principal spying techniques at the diverse intelligence agencies' disposal is the SSL MITM. We must assume the private signing keys of the CAs are also held by government authorities so they can spoof any website.
Here's the idea: have the web browser display the flag of the CA's jurisdiction. So if you can see, say, the Chinese flag next to the URL, you can be reasonably certain the NSA isn't listening in (although the Chinese authorities might).
because openvpn !
This post needs repeating.
+=+begin paste+=+
The destruction of trust (Score:5, Insightful)
by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)
The worst part of the damage done by this isn't technical. It's human.
The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.
I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?
Will anyone be asking themselves the same questions about me? (They probably should.)
The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.
+=+end paste+=+
--
BMO
So, let us know when Mr. Gilmore drives off a cliff some night.
Have gnu, will travel.
Unfortunately Sun Tzu would've said something in Japanese and I don't speak Japanese, so that wouldn't help at all.
"In all seriousness, how should the technical and geek community deal with this sort of sabotage?"
Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.
--
BMO
Stop the US from accessing those repositories.
For many years, I just felt that something was wrong, and would do "silly things" (I was an admin, whoops) like setup VPN tunnel, then require everyone to use SSL and client certs to access a service. So people would laugh at usage of VPN + SSL (and then certs on top of it) and ridicule it.
Spent more than a decade trying to explain to *technical* people why self-signed certs are much more secure than 'commercial' certs, and I could never understand why people couldn't understand what I am saying. Well now I know, they simply couldn't beleive any government would do things we're seeing done.
Been laughed at quite few times, but I can tell you that noone is laughing right now.
And now I finally know that I am not a fucking lunatic.
Thank you Edward Snowden.
Read all (4 pages) of chapter 13 basically, but in this case perhaps specifically;
"Spies cannot be usefully employed without a certain intuitive sagacity. Before using spies we must assure ourselves as to their integrity of character and the extent of their experience and skill."
"Without subtle ingenuity of mind, one cannot make certain of the truth of their reports."
"Kill 'em all and let Root sort 'em out"
"Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent's fate."
Sun Tzu
Unfortunately Sun Tzu would've said something in Japanese and I don't speak Japanese, so that wouldn't help at all.
What about Chinese, you speak that?
This! Yes! I was hoping someone would say this. Yes, this is [part of] what needs to happen.
NSA sockpuppets just modded this comment chain DOWN. I watched it go up, then back down. Actually, I'm only guessing the down-modders were NSA sockpuppets, but can you think of anyone else who would do so?
..."backdoor":
bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack
Many people laughed at this at the time.
Guess they're not laughing now.
https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html
When IBM submitted DES as a standard, no one outside the National Security Agency had any expertise to analyze it. The NSA made two changes to DES: It tweaked the algorithm, and it cut the key size by more than half.
The NSA's changes caused outcry among the few who paid attention, both regarding the "invisible hand" of the NSA--the tweaks were not made public, and no rationale was given for the final design--and the short key length.
It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.
We live in an Open Source world now. So why don't the cryptographers who said IPSEC was too complicated not draft a simpler protocol that can be scrutinised by their peers? It won't matter if corporations don't rally round it, if you can get support from the open source community to implement it in things like the Linux kernel it will be adopted in preference to IPSEC anyway. Corporate users who have concerns about IPSEC might prefer it too.
After all, PGP didn't need a standards body behind it. The Blowfish encryption algorithm (developed by Bruce Schneier) is still more trusted than most variants of AES.
The current tactic is turning your car into an inferno - less evidence that way, makes the cliff optional.
The great thing about this is that you wind up kicking out the incompetents simultaneously.
Someone who is shit at maintaining a security module? NSA hack or incompetent, doesn't matter. Find someone else to do it.
--
BMO
Or, is John Gilmore actually doing exactly what the NSA wants? Are there a bunch of other "contributors" whose code was rejected, who actually work for the NSA and are trying to slip their own backdoor updates into the codebase?
I can easily see the NSA playing both sides of this. In fact, I can't NOT see them playing both sides of this.
"In all seriousness, how should the technical and geek community deal with this sort of sabotage?"
Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.
--
BMO
Seems like another witch hunt to me. Good ol' McCarthy would have been proud.
Instead of searching for culprits, get the community to examine the compromised code and improve it.
If you think the whole community is in the hands of the NSA then we've already lost.
PGP comes to mind. Cant an application developer just create a 1024-bit public key encrypted chat program?
First of all, this is a substantial claim that requires substantial evidence. You may think standards are "needlessly complicated", but each of those complexities had a use-case behind it and was discussed among experts who concluded it's a good idea to do it that way. I don't deny NSA can subtly influence the standardization process, but surely it can't be all a grand conspiracy to make standards useless, I much rather believe the issue they are dealing with is very complex and lacking sufficient geniuses the standardization group created a complex solution, with or without NSA's assistance.
Secondly, this sounds too much of an 80's cipherpunk wet dream, "if only everything was encrypted... but the government won't let us". Practical encryption is a very hard problem. Key distribution is hard. Interoperable, secure and non-patented implementations are hard. It's not simply about flipping a switch, changing a standard and everything is all of a sudden encrypted with 1 gazillion bit encryption; secure communication requires significant changes up and including the user's level who must change his behavior. And IPSEC with all it's complexity does very little to address those far reaching problems.
Stop! Stop this immediately! Why do you want to hide your communications from the NSA? What do you have to fear? Nothing to hide, nothing to fear, I'd say! I'm not upset that the NSA is attacking these encryption methods. In fact, I'm glad they are! The NSA can do no wrong! If we didn't have the NSA doing this, we would be more vulnerable to terrorists than ever before! The terrorists! Think of the terrorists! The government can do no wrong! The terrorists!
-- cold fjord
They went over the code with a very fine comb and found nothing. So that one seams to have been a false alarm.
When it comes to international standards I should remind everyone that the NSA doesn't need to do much to make those complicated and unwieldily. Look at SOAP or UML. For some reason when you gather an international consortium together to make a standard it is natural for it to be a huge WTF by the time it eventually becomes finalised. People feel the need to cater for every conceivable use case even if they're unlikely to be practical or real-world and often those pushing for things have very little grasp of the implications. Crypto related standards are different though, because you actually need people who know what they're doing. So apply the same approach to security and the resulting standard is bound to contain weaknesses. I would bet money that the NSA probably saved the IPSEC standards committee from making it overly weak (much like they enhanced DES when it was first created). Is there an open source alternative to IPSEC that has been scrutinised by cryptographers?
Until recently, the public hasn't cared about cryptography's political/privacy ramifications, let alone about crypto itself. As a technical person, I concede that the learning curve is steep; to even make basic judgements on the safety of others' cryptosystems like, "well, does it use AES?" typically takes several months of training that don't always sink in. One of the better jinns to emerge from the NSA Spying Pandora's Box has been increased public interest in crypto/general information security. In my present personal opinion, a better project for the EFF et al. to engage in rather than continue to prop up the fairly vulnerable and incriminating Tor system (given the people intent on breaking it) is launch a policy to educate laymen on principles of encryption use (things like what a public-private cryptosystem is, what a digital signature is, general advice on what to use and what not to use--that sort of stuff).
Email was created around a time when it was used by a few thousand academicians and not expected to carry messages between business partners, political activists, and loved ones. Its lack of inherent security has driven the layering of security ameliorations on top of the basic protocol, most of which don't work terribly well (PGP is fractured, hard to use, doesn't support rich email, and is generally hard to use, for example). The same goes for HTTP. I agree that it's probably time for a new spec, but I don't know where or how to begin the creation of one, let alone how to get the public on board to transition, though again, the spying fiasco may generate the the impetus needed.
It's still interesting to me that mail, which I'd generally consider far less inherently secure than secured electronic communications and as having a far lower "reasonable expectation of privacy," receives all kinds of legal protections that, say, even email exchanged purely through Gmail (which has all kinds of security precautions like DMARC, SSL/TLS, and STARTTLS) doesn't. I think this reflects a long-term interest in western policy-making to incrementally convert "free societies" into police states, as others have observed. It looks like the governments of the US, UK and collaborators are simply waiting for mail to become completely obsolete so all communications are fair game for eavesdropping. It brings to mind what Ray Bradbury said in Farenheit 451: the government didn't have to outlaw books until most people were so fed up with them that no one noticed when the crackdown began.
Beware the eyes and minds of OSS! Set loose the Penguins! And be Devilish quick about it!
WE can cause them to completely fail. How? Make this like SETI, or the RC4 competition, in reverse!
They find needles in haystacks. Our job is MORE, BIGGER HAYSTACKS!
Create more crypto-garbage for them to sift. Expensive to crack and useless, when decrypted. Start by upgrading to Tor 2.4, and running a non-exit-node relay.
Add your own ideas. We can chaff the net with more problems than they can manage, even with their stadiums full of Xeons!
"Flyin' in just a sweet place,
Never been known to fail..."
Remember/Find those who laughed and odds are high they are fbi/nsa/national security related agents doing their mastery at counter-intelligence to hide their foot prints.
Indeed. IPsec is a terrible, terrible mess. I always wondered how the IETF could mess up so badly when doing reasonable work otherwise. Now I know, intentional sabotage of critical infrastructure by the NSA is to blame.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I think most useful to the public would be a list of what security standards and methods are presently believed to be most secure and those known to be insecure and/or backdoored.
— George Bernard Shaw, Man and Superman (1903)
What would the NSA do confronted with an individual so high-minded and abrasive as to be relatively immune to the bullying tactics of the second-largest bullhead in the room? They would plant and nurture the meme that Theo sucks as a human being and that one's choice of OS and security software deployed rests on social morality rather than logic.
Who's looking like the reasonable man in the room now?
It's almost tautological than anyone abrasive enough to successfully push back against covert and well-funded NSA assholerly is not going to be a poster child for harmonious cooperation.
I've followed this little soap opera avidly (but with a relatively small corner of my mind) since Bamford's Puzzle Palace in 1982. I was then enrolled in an undergraduate mathematics program at a university famous for its cryptographers and I heard a few stories directly. I suspect I've read twenty books on the origins of these agencies before, during, and after WWII, ranging from espionage to black budgets to the ITAR fiasco.
I'm surprised by exactly none of this. I just didn't know the specifics of how it was done. The peculiar part was that the NSA seemed to have a very low appetite for taking this fight to the courts in the Clipper chip era. Now we know that they had a giant Plan B, much more to their taste than entering into a public process where things get written down.
Seems like another witch hunt to me. Good ol' McCarthy would have been proud.
Instead of searching for culprits, get the community to examine the compromised code and improve it.
If you think the whole community is in the hands of the NSA then we've already lost.
You/we need to do both. Fixing the compromised code without finding and removing the culprit(s) is a short term solution at best. The unknown culprit would be free to compromise other code repeatedly, unless they are outed to the community at large.
For a permanent solution, the mole MUST be found.
"City hall" in German is "Rathaus" Kinda explains a few things......
this guy seems to be intelligent and he made a couple good observations
https://yorkporc.wordpress.com/2012/01/15/premenos-and-cryptome/
any other smart cookies here on slashdot care to chime in? bonus points if you are a crypto researcher
In response to the current situation, I've been researching random number generators - especially the builtin one in Intel processors.
It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.
If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.
With a very large number of keys, you don't need to try N*(N-1) pairs of keys: partition the keys into two sets, multiply all the keys in the first set together, multiply all the keys in the second set together, then calculate GCD(Set1,Set2). In one calculation, you've determined whether any single key in the first set has factors in common with the any key from the second set.
Bruce Schneier believes that the algorithms are robust, and that the NSA is using other methods to break the encryption. Here's one likely way that they are doing it - they weaken the random number generator on a class of devices, harvest all the encryption keys they can find, then look for common factors.
From this article talking about the study: "[Researchers from the linked paper found] “vulnerable devices from 27 manufacturers. These include enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; VPN devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products [1]."
The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.
At least in my experience, having been involved in several IETF WGs, both ones where security is necessary and ones where security was explicitly out of scope (to be handled at a lower layer), complexity has relatively little to do with security.
Everyone has their own pet use-case that the standard must address, and the majority of the use-cases people want solved are massive edge cases nobody apart from the person requesting it cares about.
Often nobody objects, and nobody worries about scope creep, so "rough consensus" is no issue; there are also often people who care about the specification succeeding (regardless of the state they think it is in) that they'll implement it, so "running code" is no issue.
That the NSA have abused such things should come as no surprise, but it seems equally unfair to put all blame for the complexity on them.
Honestly, after having dealt with these standards committees. I wouldn't say these acts of "sabotage" are the NSA trying to weaken security.
Null algorithms help alot with validating security protocols and should be disabled in actual use. TLS supports NULL crypto, but it should never be allowed in production systems.
Weaker algorithms have been used in committees for many reasons. Usually it is either a vendor has low end equipment and they want to claim support of a protocol, or to encourage adoption of a protocol or use case earlier.
I've seen big name companies not related with the NSA do more to damage security or add complexity to problems more than an official from any government agency(US or foreign). I had a protocol I was working on explode in complexity because Microsoft, IBM and Cisco wanted to minimize the differences between their home brewed implementations and the standard I was working on creating. This made the protocol go from something reasonable to something that took me months to develop a reference implementation since there were soo many edge cases now.
Reference: I worked with the IETF for years.
Yeah, I'd use some obscure USSR crypto (GOST), crypted by some obscure India crypto (Trinetra), crypted by some obscure chinese crypto (you tell me).... That way they'd need the UN Security Council to approve the eavesdropping of my communication. Simple, really.
becomes more relevant with every passing day.
Brought to you by Carl's Junior.
you mean like many if not most free software jabber clients out there?
You might want to click the wikipedia link in the fine summary.
Help stamp out iliturcy.
(which is the amazing part - how do all the non US security professionals and their respective countries sign themselves up to a NSA destroyed security standard?):
Because (a part of) the standards comittee meetings are kept in the USA. And even EU citizens need a de-facto visa (issued under the highly irocnically named "visa vaiver" programme) to enter the USA. If you read recent NSA statements about whom they may and may not spy on, a "foreinger" has a bit less rights than a "human". Add this all up, and traveling in and out of USA might not be the nicest experience after you vocally accuse some delegates of being agent saboteurs.
Parent post was also modded down [by NSA sockpuppets]. It went up to a 5, then down, then up again. Then it was stable at a 5 for while. Just now, about an hour after the story was first posted (when traffic to this thread is dropping, and a forum slide has been initiated on the front page) it was quietly modded back down. Who besides NSA sockpuppets would do that? Here's an exercise: how much would it cost to station paid sockpuppet moderators at every popular online watering hole? Is this number more or less than the available budget?
Depends on which of the many languages called "Chinese" you are referring to.
No. You misunderstood what Em Adespoton wrote. He wasn't stating or implying that Gilmore is somehow connected to the NSA; only that he may be doing what they were hoping someone with enough clout would do. OTOH, Em Adespoton.might be NSA ;-)
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
While China is doing a lot of research lately, until now the US has been the main place for research and development and commercialisation of computing systems, so any standards of such would have a preponderance of US influence through individuals and processes.
Probably with the abolition of committees. One genius can come up with a spec and even make a program that uses it all by themselves, they do not need committees that invite NSA operatives and corporate representatives in. One person, can come up with the best way to do something, and then just do it. Creating software is not that hard.
Troll is not a replacement for I disagree.
Parent post was also modded down [by NSA sockpuppets].
Would the NSA need sockpuppets? Wouldn't they have some backdoor that allows directly rating every single post?
Why would they choose to backdoor such an obscure OS?
Only the State obtains its revenue by coercion. - Murray Rothbard
...And if they're wrong and falsely accuse an innocent person? What then? You just destroyed someone's reputation over something you couldn't prove in the first place.
This the correct position. Anyone in government must be assumed hostile until conclusively proven otherwise.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
No, it doesn't really. Do you speak any of them? If not, the answer is no.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Sabotage and incompetence look the same.
Either should not be tolerated.
"Any advanced incompetence is indistinguishable from malice."
Me, butchering a quote from Arthur C. Clarke.
--
BMO
".... cipherpunk". Why does that sound like when an older generation person, tries to be hip and down with it. Otherwise well written Mr. Bond. And no, encryption implementation will become a habit for all people everywhere. The seed is sown, just let time, sun and rain do the rest.
It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.
Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are. Also, few intel processors have built-in RNGs, at least not ones the Linux kernel can use. None of the machines we've bought in the last 5 years have them. When was the last major intel x86 processor to have one? P2/P3 based systems?
I always wondered why; now I think I know *exactly* why. Hardware RNGs increase crypto security; by removing them, the NSA can influence/corrupt OS-level pseudo-RNG routines.
I wonder how many of the software RNG projects like haveged are compromised...
Please help metamoderate.
Perhaps because that same OS provides other security utilities (you use OpenSSH, don't you?) used by pretty much everyone?
Well, Sun-Tzu would have written it, in which case it wouldn't matter - the various dialects share a written language (in the way that various bits of English share a written language; there are still differences). Something about an emperor way back who burned all the books and killed a bunch of literate people...
If NSA has a backdoor to anything, it simply allows for a backdoor to everybody. It is not like the backdoor would be wired to an NSA IP address. Ultimately it creates a disservice for the country.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
“It is no measure of health to be well adjusted to a profoundly sick society.”
Jiddu Krishnamurti
They did in the hope that others copy it and spread their backdoor. Is known that Microsoft once used BSD IP stack, and being BSD license it's more likely it will make it's way into propietary software of the ones who prefer to just copy than develop it by theirselves.
...says the Anonymous Coward.
1024-bits is too damn low. Try 4096 or 8192.
OpenBSD was proud of how secure it was. Many paranoid admins and tin-foil hatters flocked to this OS and praised it (I know quite a few of them). I'd want to backdoor anything that would be likely to be used by "terrorists" (could be interpreted as dissidents as well) if I wanted a 1984-esque environment.
In all seriousness this guy has written an incredibly vague article, dropped Snowden's name and let the geek community's intellectual blindspot for the emotions they convince themselves they don't have do the rest of the work for them.
Within a few weeks this article, like all the others, will be walked back once it turns out the guy had little if any clue of what he was talking about or reading, and it will turn out he was simply making huge leaps of logic not unlike the previous Guardian articles like Greenwald.
NULL algorithms are also handy when you just want to do secure authentication but nothing else. I have an SSH implementation with the none cipher enabled because it means I get packet verification and secure authentication without the overhead of AES when I'm just moving a bunch of non-secure log files (or don't want to install a totally different daemon on a machine on a local network).
If only we had two the NSA and a meta-NSA... the meta-NSA's job is to spy on the NSA. Then we could listen to the NSA and accept advice from them only when the meta-NSA tried to undermine it -- because then we would know that it was a suggestion that actually made the meta-NSA's job harder. We could set it up such that however many files the NSA has in its possession, the meta-NSA's job is to copy as many as possible, and the more documents that the meta-NSA does copy, their pay goes up and the NSA's pay goes down. That way we maintain enmity between them.
Maybe the comber was an informant?
It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.
Does he have prove that it's intentional sabotage and not overengineering?
Seth Vidal, creator of “yum” open source software, killed in bike accident: http://www.businessinsider.com/36-year-old-seth-vidal-tragically-killed-2013-7
His last words were: "don't track things. Just ride," Vidal
Or the FBI developers are simply smarter than the combers.
Most likely the intentional bugs were patched up over the years, afaik OpenBSD only audited their current code base, not the code which was submitted over a decade prior.
Yep, there is an XMPP spec for using PGP with it. It works quite well if the client does it right too. A friend and I used it very frequently.
What my country is doing is so incredibly hypocritical - it's shameful!
...since DES:
3DES was not secure because of NSA
AES is not secure because of NSA (Rijndael supports up to 2048 bit keys but in AES it is limited to 256 bit)
i dont understand this crypto stuff. how can two parties that dont know each other communicate securely? this must be impossible if you cannot secure/thrust the communication channel. whoever can get in the middle can just intercept and duplicate all communications. this is why there is research into quantum network communications (or super fickel photonics)?
like i said i dont understand alot about this, but the only way to use a not thrusted courrier (internet) is for two parties to meet physically in one location and exchange secrets (and algorithems). this is still not secure but not trivial to break. more security can be added if the secret changes (thru a beforhand) agreed upon algorithem over time. even more secure if the secret doesnt change linearly in time (both parties know at what time it jumps to a new secret).
in the end all the talk about best encryption is useless if the endpoints doing the encryption cannot be secured, like a keylogger.
..."Off-topic"?
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
So you're basically saying, "TRUST NO ONE!"
I guess there might be some wisdom in that, but if you truly trusted no one, it'd be impossible to get anything done.
Maybe we need to be more careful to not put all our eggs in one basket. Standards are great, but what if AES-n turns out to be backdoored or intentionally weak someday? Maybe the runners-up should continue being developed and used as well.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
I read it as, rather than have a useful, usable, implementable standard, they kept tacking things on for corner cases until it was an unruly behemoth that no one could even comprehend. It would have been better to have something that supported fewer use cases but did a few of them well, and was actually widely used. And that seems believable to me.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Interesting. Is it actually noticably faster when SCPing files?
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Mod parent up.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
You're talking about Gilmore? I was under the impression that he was actually involved in the processes he is talking about, and therefore that he ought to know what he's talking about. If you read some more of the thread under his message, you'll find responses from people who were indeed involved in the processes he mentioned. I don't think these folks are journalists who are in over their heads.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
I think his point is that it was sabotage in the form of overengineering. You know, hiding in plain sight, subtle, etc.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
You may think standards are "needlessly complicated", but each of those complexities had a use-case behind it
Same with the tax system.
Because they also backdoored the others?
OpenBSD might have cared more so they reacted when they got the information?
What a genius idea; it must have been thought up by a true vigenèry.
Because a lot of network and OS providers use *BSD as their reference implementation for any new network protocol.
I'd like to believe that most top notch people either aren't American, or aren't for sale to the highest bidder. If you're top notch, you will make a decent living anyhow, so you have to be top notch and an asshole to sell your integrity for extra money
You are thinking along the line that it requires a top-notch guy (or gal) in order to run a sabotaging campaign.
It ain't.
As most in the programming world are geeks, and geeks are notoriously very lacking of suspicion of others - NSA does not need to recruit a really top notch mole to do their dirty job for them, in Linux, in PGP/GPG, or in any other tech project.
While so many people said SeLinux was beneficial to Linux and done by the NSA to help secure Linux, I have so many doubts about its integrity.
While the common belief is that the back door would be obvious if you review the (very complex) source code, I think that it would be better to have an external (non-US) team of researchers (Russian or Chinese) review code submissions by the NSA.
Not sure if that would even do any good - maybe grasping at straws, but the revelations of this week just unraveled by views of encryption, security and the standards protocols/tools stated as the foundation of good Internet Security practice.
No wonder they wanted this guy back at all costs...
False dichotomy.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Calming the fears of the masses that we have nothing to worry about with backdoor in RNG, IPSEC or SeLinux?
Depends on whether your bottleneck is the network or the CPU. If you've got more than about 100 MB/sec between the hosts (and don't have hardware-accelerated encryption) the crypto speed could be a limiting factor. But for most over-the-Internet applications the network tops out well before the CPU.
In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?
Replace IPsec with an open and non-pathological standard.
I'm sure you have used OpenSSH and/or OpenVPN, they are simple, elegant, cross platform, and come with mountains of features. IPsec is a confused nightmare in comparison.
I heard the same discussion on reddit. Their conclusion was that some kind of psyops operation is going on to game reddit's moderation but it's only partially successful due to the number of genuine viewers.
Wrong question. The question is, why wouldn't they?
Besides, you're begging the question: is OpenBSD obscure? I'd suggest that since it is reputed to be so secure, it's more likely to be used for installations that want or need high security, and so a backdoor in it could be quite valuable.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Indeed. OpenVPN has 'null encryption'. Just authentication network traffic, or even just tunneling, serves its own purposes.
Religion is what happens when nature strikes and groupthink goes wrong.
I'm sure it was not your intention, but right now you're leaving the impression that their (the FBI's, assumed) plan actually worked. For the record: it didn't, it was discovered before it could do any damage, they made a big stink about it, and it was never tried again.
Religion is what happens when nature strikes and groupthink goes wrong.
Why do you need to travel to America at all ? For burgers and twenty flavours of unhealthy sugar water ??? For the latest in half-baked technology ? To demonstrate your obedience to the Imperium ???
I assume it is the latter one thing. Now, maybe you can free yourself from being an obedient slave and become a free man ? Simply don't travel to the core of the Anglosaxon Imperium. It is an Imperium that actually loves its own nasty cynicism, violence and nasty behaviour.
Travel to France and then you can learn how to make healthy and well-tasting juice YOURSELF.
Why can't you meet people in your country/area and work on some standard and its implementation ? Because "it can only be done in English" ? Because "computer technology must be done in the language of the Imperium" ? All the traits of a traitor.
Paying someone an insane amount of money to do this would make this person easy to spot. How much kernel developers do you know have three houses, a private plane and a collection of racing cars? You can't pay them money without them being able to spend it.
A way more likely scenario would be to set them up for something criminal and then make them "an offer they can't refuse". It would be way cheaper and they would hold control over this person for the rest of their lives, not until they spent all the money.
I was promised a flying car. Where is my flying car?
Turn it around: if you were worth snooping, why would you use an obscure OS?
Ye ha Pitchforks and Torches is back in fashion.
Please.
On my LAN it is a lot faster - it's part of HPN-SSH which speeds up SSH over a gigabit network enormously for me (2 mb/s -> 30 mb/s with parallel AES ciphers). If I then use the none cipher I get 80-90 mb/s, which is closing in on the practical line speed for the network.
No because enough people with the necessary level of mathematical expertise are not available here. Any such are busy now working for the US govt and companies in return for fat paycheck, and that happened because the government is made up of people who never even completed high school and are rouges, and don't know or care about the wider implications of science and technology for humanity, and are in general content with milking money of lucrative deals, securing their office and living their decadent lives. Not saying things couldn't improve, but I can't see who are what can kickstart this ground-up sea change that needs to happen.
'Code' isn't even really the crux of the issue here. The entire standard is flawed and hopeless because the committee process required to create it was itself exploitable by the NSA, which they did with little restraint. So you have to critically examine ANY human process involved in creating software security standards as if the process ITSELF is code, and improve upon that process to eliminate 'exploits' within it. One of those steps must be to expose anyone who would try to exploit the process and shun them professionally, which will marginalize their ability to do it in the future. Improving the process to eliminate them in the first place would be helpful, but unfortunately to do that 100% effectively would require becoming the very thing you're trying to prevent. More attention needs to be given to John's analysis by the software security community at large, so they can recognize future attempts to sabotage standards efforts like IPsec and prevent them, much like we already do with security software itself (at least in the open source world).
Without running foul of those regulations about exporting strong crypto? They still exist, you know, even if it's been a long time since you've heard about them.
This application, are you going to run it on an operating system? What happens when the NSA hacks your OS? Or your BIOS? Or your keyboard controller? Or your LCD controller? Or your home alarm panel? Or your food and drinking water? Or your essence?
And if that genius is employed, or compromised, by the NSA?
Standards committees, consisting of industry experts who can evaluate and discuss proposals, are exactly what we need.
An earlier poster had it right: expose and shun those who would try to weaken or corrupt the standards on which we all rely.
Why would they choose to backdoor such an obscure OS?
OpenBSD is not obscure in the ITSec community. It is a golden child. The vast majority of security flaws come from standard configurations, defaults, services running that don't need to be and so on. It is OpenBSD's mandate to be secure right out of the box and you have to work hard to get it to do anything useful. It is the opposite of other systems where they are capable of so much initially but are full of holes.
Choosing to backdoor OpenBSD is a great idea as anyone that is running it is explicitly trying to hide something.
http://news.cnet.com/8301-31921_3-20025767-281.html
Not a chance, right?
Kicked your ass, didn't it? Yes it did -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44668899 - nothing like turning a fool's (yours) tactics against him to completely annihilate them!
Yep, there is an XMPP spec for using PGP with it. It works quite well if the client does it right too. A friend and I used it very frequently.
You might prefer to use OTR instead. OTR offers perfect forward secrecy, and it's constantly re-keying. It's also widely available.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
This is why I post as A.C. now, though it does suffer the issue of being invisible if down-voted right off the bat. However, the number of trolls I've attracted to my user profile is off the hook. Posting about certain issues, particularly economic and security based, results in a substantially higher number of down-votes than I experienced in years past. This used to be a great forum for people of all opinion types to discuss in a respectful manner, and up-voting was generally the norm - down-voting was for the the true troll posts (with rare exception - Dr. Bob comes to mind). Now it just seems like another tool of the PR swine.
And so you think that hasn't already happened ... in the OSS world ... but suddenly now we can do so?
So basically the leading tenet of OSS 'that many eyes can catch the bad guys' is completely false and has failed to catch said bad guys in the most important bits that have the most eyes looking at them?
If you haven't caught them by now, you aren't going to.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Because slashdot is such an important part of the world to bother with them trolling it? Seriously?
I'm sorry, but any down voting is just that, normal '-1 disagree' on slashdot from someone who ... disagrees. Go figure.
Slashdot, while popular among a limited selection of minor geeks, is hardly important in the grand scheme of things. Very few high level geeks have anything to do with slashdot, its mostly people wanting to pretend they are more than they are so the vote swings are nothing more than your typical 'I agree/I disagree' crap.
You of course inject some silly statement and everyones drooling to bitch about the NSA and you get voted up ... then down ... oh look, same thing.
Silly conspiracy theories you have. slashdot isn't worth their time.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
No, you don't. You only think you know.
You're making assumptions as if they are fact. Until you find actual proof, 'knowing' based on assumptions is a good way to waste a bunch of time.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I was under the impression that he was actually involved in the processes he is talking about
That would be the emotional blind spot he was mentioning.
What you need is proof. Some one saying 'I helped fuck it up' (which is not what gilmore said) but not showing how is just as unbelievable as the NSA saying 'no we didn't!'
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
The code in OpenBSD was the first OS to have IPSEC support. It is licensed such that it could be copied into other operating systems. In fact, this suspect code HAS been copied into other operating systems, routers, etc. It isn't clear today how many implementations of IPSEC have inherited this potentially backdoored code.
Kicked yer ass -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44668899 - nothing like turning yer fool's tactic against ya completely annihilating ya: So much for yer +5 rated post here since everyone can see how ya operate in that link above n' how ya got smoked for it (pure reverse psychology + facts did ya in).
Quite a few years back I was involved in the development of a VPN appliance based on FreeS/WAN. One of the obstacles that we faced was in getting our appliance to interoperate with a wide variety of other IPSEC implementations. Some were in software, some firmware, but we found significant interoperability problems when it came to FreeS/WAN: It just didn't want want to talk to anything else. The problem was simple: It refused to negotiate through single DES and on to a more secure protocol. The reasoning given was that single DES was not secure enough, so FreeS/WAN wouldn't support it at all, when all that was actually needed was just to claim that it was and negotiate past it. This was easily correctable with a patch. However, someone at the FreeS/WAN group wouldn't accept the patch, choosing instead to keep FreeS/WAN isolated. This made no sense at all... but it does now.
If I went to France, I'd probably hire one of those poor brown people you keep locked up in the slums, unemployed, to make my juice for me.
Or would the irony of a Frenchman telling American citizens about obedient slaves and free men while harboring a virulent strain xenophobia ruin the taste?
And that won't stop people here from citing the ridiculously bad writeup as if it were fact.
"It's written on the internet somewhere - it must be true."
One time pads are unbreakable if used properly.
For that you need a good random noise generator (that has not been corrupted by someone), a way to distribute the key material and relatively trivial amount of code. (XOR may be good enough.)
I don't know what is being used recently for random noise. I might want the key generator to be a dedicated hardware box with a couple of storage devices plugged into it, though for a start, a program to run on PCs might be ok.
One problem is key management. You want to delete the used part of the key store, both so you don't reuse it and to keep it from falling into the wrong hands. The obvious way would be to make up USB sticks with files of key material and delete/overwrite the used file blocks. The problem is that secure erasing of files on a USB stick is hard to do.
http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/
http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
For casual use for unimportant matters, it might be ok. A more secure method would be to put the key files on a hard drive and use multiple overwrites to erase the used key material.
Eventually someone might make dedicated read once sticks with automatic erasure. Then you would only have to worry about physical security.
End MGM. Get prospective parents of boys to Google: Men do complain
It can be yourself or whoever. If none of the pre-printed choices on the ballot are satisfactory, then write someone in. That is the surest way to tarnish the establishment's democratic halo. Staying at home just tells the world you're lazy or apathetic.
And don't be fooled about the president's power. Why do you think Republicans have used their gerrymandered privilege to block him? They don't represent the people, and they want all the bad things the president wants and then some... under *their* banner and generating revenue and power for *their* lilly-white relatives and neighbors.
Gerrymandering needs to be abolished just about more than anything.
Sorry to hear that. I'm curious, how do you manage to keep track of replies to your AC comments?
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Sun Tzu
All warfare is based on deception. When able to attack, seem unable. When moving, appear inactive. When near, appear far away.
To know your Enemy, you must become your Enemy.
Be extremely subtle, even to the point of formlessness.
If your enemy is secure at all points, prepare for him. If superior, evade him. It temperamental, irritate him. Pretend weakness that he may grow arrogant. If at ease, give him no rest. If united, separate his forces. Put division between sovereign and subject. Appear where not expected.
Aaaaand wrong. Have you read the story? Apparently not. Also there is a bit of a difference between an expert opinion and a WAG.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Bookmarks.
A very patient man you are to keep checking for replies. Kind of like APK. (Kidding!)
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
I'd be surprised if it was that. I was mod-bombed by what I assumed was a bunch of Apple fanboys not so long ago. I contacted Slashdot and they investigated and turned out it was one guy with multiple accounts, all now banned from moderating.
I don't think it's a psyops operation, I think there are some people that are such zealous defenders of their unpopular opinions, that are so sick of being wrong that rather than evaluate their position go to the extreme of creating multiple accounts that they use to mod bomb people they disagree with.
I think some people really are just the extreme form of losers, they can't handle "defeat" and being wrong, I don't think it's any more complicated than that - just like the folks that use aimbots in online games and so forth. They just have to "win" at all costs because they have absolutely nothing else.
Did you not hear about the Verona intercepts? It turns out Mccarthy was right, the US Government at the time was full of Russian spies and had been since before WW2.
I agree that Gilmore's hypotheses aren't proof, per se. However, in light of recent revelations, I think the NSA is less credible than he is. His comments deserve serious consideration.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
"I think that the lesson here might be that if you're not on the very latest release of a Microsoft product, even if what you're running is still supported, you'll be low priority for security patches." - by cbiltcliffe (186293) on Saturday August 24, 2013 @11:09PM (#44667275) from http://tech.slashdot.org/comments.pl?sid=4117625&cid=44668899
26 vulnerabilities in Linux 2.6/3.0 core http://secunia.com/advisories/product/2719/ + here http://secunia.com/advisories/product/40714/ : Your tactics used against you were your undoing. You couldn't find bugs in Windows Server 2012 so you went after older XP. APK did the same to you with older Linux kernels only. He found way more problems in Linux you can't fix + he also then showed what to do with the old XP ones you noted, fixing them (or avoiding them by other means). You couldn't do the same for 26 security bugs in Linux. You fail. That's no rewrite of history, you moron: You're "history", since that's you failing on the grounds you yourself used. Hilarious. You're incredibly stupid.
"I think that the lesson here might be that if you're not on the very latest release of a Microsoft product, even if what you're running is still supported, you'll be low priority for security patches." - by cbiltcliffe (186293) on Saturday August 24, 2013 @11:09PM (#44667275) from http://tech.slashdot.org/comments.pl?sid=4117625&cid=44668899
26 vulnerabilities in Linux 2.6/3.0 core http://secunia.com/advisories/product/2719/ and here http://secunia.com/advisories/product/40714/ : Your tactics used against you were your undoing. You couldn't find bugs in Windows Server 2012 so you went after older XP. APK did the same to you with older Linux kernels only. He found way more problems in Linux you can't fix + he also showed what to do with the old XP ones you noted, fixing them (or avoiding them by other means). You couldn't do the same for 26 security bugs in Linux. You fail. Quit projecting your own issues of mental imbalance - You showed enough of that in this huge fail of yours, moron.
If I then use the none cipher I get 80-90 mb/s, which is closing in on the practical line speed for the network.
90 millibits/second is "closing in on the practical line speed" for a smoke signal network, not a gigabit network.