Slashdot Mirror

← Back to Stories (view on slashdot.org)

John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC

Posted by timothy on from the many-fingers-many-pots dept.

New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."

21 of 362 comments (clear)

  1. From Yesterday. by bmo · · Score: 5, Insightful

    This post needs repeating.

    +=+begin paste+=+

    The destruction of trust (Score:5, Insightful)
    by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)

    The worst part of the damage done by this isn't technical. It's human.

    The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.

    I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?

    Will anyone be asking themselves the same questions about me? (They probably should.)

    The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

    +=+end paste+=+

    --
    BMO

    1. Re:From Yesterday. by Anonymous Coward · · Score: 5, Insightful

      The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

      Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust. The NSA is only responsible for "enormous arrogance". There were a large number of hands involved over decades.

      It's a bloody shame that it took so long for even a single person to leak what was cooking here for so long. SS and Gestapo could not rely on a remotely comparable quota of people willing to drive the constitution into the ground.

      That gives a rather bland perspective for the hope to curb the Fourth Reich by democratic means and put a stop to the stellar rise of U.S. fascism. Neither congress nor president seem to have what it takes to bring the CIA, FBI and NSA back under democratic control.

      After Edgar Hoover established the FBI as the ultimate power of the U.S.A. by collecting files on everybody who could possibly endanger its autocratic rule over the U.S.A., congress decided that no FBI director might reign for longer than 10 years in future to avoid amassing that amount of power again.

      Incumbent Robert Mueller is Führer of the FBI for 12 years already. Looks like everybody was so infatuated with his efficiency that nobody wanted to be the one to tell him his terms were over and bear his disappointment.

      And nobody will want to tell the NSA that their funding will be restricted to constitutional activities and bear their disappointment.

    2. Re:From Yesterday. by geogob · · Score: 5, Insightful

      Its worse than worse.... The NSA was, from what I understand, widely active in the crypto and data security scene. They have their hand on every committee. Their research in every development.

      Up to now, I, and probably most of us, assumed good faith. That they were actively playing their role to reinforce security in data protocols an communications with critical application in mind (banking, national security, medical equipment, utilities, etc). Why else play such an active and visible role?

      Now it seems there was an ugly monster hidden under this veil. That they used this assumed role to incorporate weaknesses and back doors at every imaginable level of data security. Not only is it an impressive breach of thrust, it is also in increadibly dangerous behaviour. They are basically giving their enemies the perfect tools to infiltrate the systems and protocols every one thought they were protecting.

      If you ask me who's the traitor, Snowden is not the first that comes in mind...

    3. Re:From Yesterday. by 93+Escort+Wagon · · Score: 5, Insightful

      Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust.

      In the same sense that a person who gives evidence to a woman that her husband is a philandering axe murderer has destroyed that woman's trust in her husband.

      Snowden merely provided thorough documentation that the trust was erroneously given - the other party was completely untrustworthy.

      --
      #DeleteChrome
    4. Re:From Yesterday. by santosh.k83 · · Score: 5, Insightful

      Why should you give yourself a need to tap into the codes of others when militarily you are and economically you were, untouchable? Why not simply devote yourselves to building your country to greater and greater heights while acting only in defense against any aggressors (which you'd have had precious little off if you hadn't started so many wars in the first place)? The end of the Cold War and collapse of USSR could really have been used by the US to advance leaps and bounds in terms of science, tech and human standards, but instead, year after year it's shoving itself onto every piece of hell on earth, getting caught up in costly and messy quagmires, embarrassing itself...

      The NSA could have acted far more ethically had the policy of the USA been one of just defense when needed, but no, the policy happens to be one of offense at every turn, preemptive offense in fact, and hence the necessity to turn yourself slowly into one big military camp

  2. Re:Sounds like John Gilmore has called it accurate by bmo · · Score: 5, Insightful

    "In all seriousness, how should the technical and geek community deal with this sort of sabotage?"

    Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.

    --
    BMO

  3. What would Sun Tzu say about this situation by MRe_nl · · Score: 4, Insightful

    Read all (4 pages) of chapter 13 basically, but in this case perhaps specifically;

    "Spies cannot be usefully employed without a certain intuitive sagacity. Before using spies we must assure ourselves as to their integrity of character and the extent of their experience and skill."

    "Without subtle ingenuity of mind, one cannot make certain of the truth of their reports."

    --
    "Kill 'em all and let Root sort 'em out"
  4. Re:Sounds like John Gilmore has called it accurate by EnergyScholar · · Score: 4, Insightful

    This! Yes! I was hoping someone would say this. Yes, this is [part of] what needs to happen.

  5. Re:Sounds like John Gilmore has called it accurate by bmo · · Score: 5, Insightful

    The great thing about this is that you wind up kicking out the incompetents simultaneously.

    Someone who is shit at maintaining a security module? NSA hack or incompetent, doesn't matter. Find someone else to do it.

    --
    BMO

  6. Re:History of DES by Anonymous Coward · · Score: 2, Insightful

    It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

    From whose point of view?

  7. Re:Sounds like John Gilmore has called it accurate by Anonymous Coward · · Score: 1, Insightful

    NSA-directed sabotage ... the needlessly complicated IPSEC standards.

    First of all, this is a substantial claim that requires substantial evidence. You may think standards are "needlessly complicated", but each of those complexities had a use-case behind it and was discussed among experts who concluded it's a good idea to do it that way. I don't deny NSA can subtly influence the standardization process, but surely it can't be all a grand conspiracy to make standards useless, I much rather believe the issue they are dealing with is very complex and lacking sufficient geniuses the standardization group created a complex solution, with or without NSA's assistance.

    Secondly, this sounds too much of an 80's cipherpunk wet dream, "if only everything was encrypted... but the government won't let us". Practical encryption is a very hard problem. Key distribution is hard. Interoperable, secure and non-patented implementations are hard. It's not simply about flipping a switch, changing a standard and everything is all of a sudden encrypted with 1 gazillion bit encryption; secure communication requires significant changes up and including the user's level who must change his behavior. And IPSEC with all it's complexity does very little to address those far reaching problems.

  8. WE HAVE MET THE NME AND THEY ARE NSA by Jeremiah+Cornelius · · Score: 4, Insightful

    WE can cause them to completely fail. How? Make this like SETI, or the RC4 competition, in reverse!

    They find needles in haystacks. Our job is MORE, BIGGER HAYSTACKS!

    Create more crypto-garbage for them to sift. Expensive to crack and useless, when decrypted. Start by upgrading to Tor 2.4, and running a non-exit-node relay.

    Add your own ideas. We can chaff the net with more problems than they can manage, even with their stadiums full of Xeons!

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
    1. Re:WE HAVE MET THE NME AND THEY ARE NSA by BitZtream · · Score: 3, Insightful

      Instead of disrupting shit, why don't we just fix it?

      If people ACTUALLY cared, and I don't just mean you and I, 'the people' of this country ... if they actually cared, fixing this problem is literally only 4 years away, and you can do a MASSIVE amount of change in only 2 years.

      First off, stop voting for the president. He is REALLY NOT IMPORTANT. He isn't. The American ignorance of how our government works and too much red vs blue and only listening to campaign speeches and what the 'liberals' or 'conservatives' do is the problem.

      We can fix these issues by voting people OUT of congress. Destroy lifetime politicians for a start. Stop allowing congress to judge other congressmen when crimes are committed. Do we let the prisoners of Shawshank judge the prisoners of Shawshank ... everyone is innocent in here, remember? Sure, there was one innocent guy, and one guilty guy who admitted it, but the system as a whole is not fit to judge itself.

      OUR JOB is to judge these bastards and put them in their places.

      PLEASE PLEASE PLEASE PLEASE do not try to disrupt the government first. First we put some actual effort into fixing it.

      Unless someone shows me wide scale voting fraud (and I don't mean the silly bullshit like Bush had, that was crap to distract us from reality), then the way we fix our country is by using our country to fix itself.

      When we vote out every member of congress, and they don't go or have a coup ... THEN we disrupt the government in every possible way.

      We're not there yet. People won't even pay attention to who they vote for, theres no way they are going to do anything effective against this crap. Too much apathy.

      PLEASE VOTE! And don't for the Bloods or the Crips, I'm sorry, Republicans or Democrats (funny they share colors, don'tcha think?).

      Vote for people who you have bothered to look into their background. No normal US citizen should EVER cast a vote for EVERY position on the ballot. You don't have enough time in your life to be qualified to know enough to effectively vote on all those positions. Look at the histories of the people you're voting on. Look at their record in congress on issues you care about. If you don't know about a position DON'T VOTE ON IT.

      VOTE WITH YOUR HEAD AND KNOWLEDGE ... don't vote for 'CHANGE!' and retarded campaign slogans. Don't vote based on skin color. Crusty old black men, hispanics and whites are ALL THE SAME when they get to congress. So are the crusty old women. As the saying goes, we're ALL warm and pink on the inside (yes, I know thats not what the term is normally applied to, but it certainly fits)

      I vote for people I've looked into. My last ballot had votes for democrats, republicans and the less parties and even a couple local independents (who won!). PLEASE consider doing the same before we insight the beginnings of the revolution. We're not there, YET.

      Remember:

      Boxes in the defense of liberty: Soap box, ballot box, ammo box. In that order. We're at #2 right now.

      BitStream
      Your local gun tote'n ultra-not conserv-libral.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  9. Re:Sounds like John Gilmore has called it accurate by gweihir · · Score: 3, Insightful

    Indeed. IPsec is a terrible, terrible mess. I always wondered how the IETF could mess up so badly when doing reasonable work otherwise. Now I know, intentional sabotage of critical infrastructure by the NSA is to blame.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  10. Re:Sounds like John Gilmore has called it accurate by cbiltcliffe · · Score: 4, Insightful

    Seems like another witch hunt to me. Good ol' McCarthy would have been proud.
    Instead of searching for culprits, get the community to examine the compromised code and improve it.
    If you think the whole community is in the hands of the NSA then we've already lost.

    You/we need to do both. Fixing the compromised code without finding and removing the culprit(s) is a short term solution at best. The unknown culprit would be free to compromise other code repeatedly, unless they are outed to the community at large.

    For a permanent solution, the mole MUST be found.

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
  11. Re:OpenVPN by Alain+Williams · · Score: 3, Insightful

    The problem is, that openVPN is also backdoored.

    Please supply us with some evidence or a link to something to support your assertion.

  12. Re:USA! USA! USA! by h4rr4r · · Score: 3, Insightful

    Who wants an empire? I don't.
    Who are we at war with? No one that matters as far as I know. Farm animals kill more Americans than terrorists.

  13. Re:Colour me not surprised by Anonymous Coward · · Score: 0, Insightful

    Go watch more movies, jackass.

  14. Re:USA! USA! USA! by jcr · · Score: 5, Insightful

    Within the context of war and empire, I'm afraid it is the right thing to do.

    Then "war and empire" are the wrong things to pursue.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  15. Re:Sounds like John Gilmore has called it accurate by bmo · · Score: 4, Insightful

    Sabotage and incompetence look the same.

    Either should not be tolerated.

    "Any advanced incompetence is indistinguishable from malice."

    Me, butchering a quote from Arthur C. Clarke.

    --
    BMO

  16. Backdoor to one is a backdoor to all by giorgist · · Score: 4, Insightful

    If NSA has a backdoor to anything, it simply allows for a backdoor to everybody. It is not like the backdoor would be wired to an NSA IP address. Ultimately it creates a disservice for the country.