John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC

New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."

Colour me not surprised

[BeerCat]

Given the recent hoo-ha with the NSA listening in, and then also admitting that (along with GCHQ) they have "broken" most commonly used encryption, it looks as though the "don't use anything that we can't either backdoor or crack" is, if not NSA itself, certainly from one of their supporters.

Re:Colour me not surprised

"one kernel developer"

Names please? And was it really only one - or one do the actual blocking and the rest kept silent as they were instructed? Seriously we need more whistlblowers, it is an urgent social obligation at this point. People stepping forward with this kind of analysis and stories - have *you* been pressured or blocked when trying to imrpove security? Otherwise how are we the engineers ever "going to take back" the Internet?

Re:Colour me not surprised

[icebike]

Well with this guy all but naming nanes, perhaps it's time to name names.

There was a call recently for those who put back doors in critical code, to come forward and speak up.
While some may put themselves at seriously legal risk for doing so you wouldn't expect to see such risk in open source projects.

We could then review their work very carefully.

Should we look more closely at SELinux? Are we prepared to find which of our heros have been in the NSA's pocket?

Re:Colour me not surprised

[Artifakt]

Given the NSA budget, and how much additional they could be getting through Black Box projects we don't even know about, they can afford to recruit some really top notch people. Like, say, an Air Force Chief Warrant officer with an existing Top Secret clearance, a bunch of tech skills and a flawless 12 year history (we could go 20, but lets keep our hypothetical spy young enough to blend in with mid-level tech managment), pay for a couple of years full time training on just the things they want, pay them a salary competitive with a small corp CEOs, and put 10 existing people on falsifying a tremendous amount of background info for the few weeks hat would take. I'm not saying they did that here, but they have the resources if it's that high a priority to them.
            Seriously, the way to get a real life James Bond is to find somebody who looks fairly close in the Navy Seals or MI6, a Blackwater style contractor or whatever, somebody who seems highly motivated by the cause you want to employ them at, do additional background checks before you even approach the candidate, and if he or she checks out, then throw lots of money at retooling them into an Uber-agent. If you don't need combat skills, some of the best agents for business infiltration are prosecuting attorneys or accountants who have made a go at starting or running some business of their own. You can figure from this what sort would be attractive to the NSA for infiltrating a software business.
            The A.C. you responded to is admittedly not coming off as the sort of person who could spot even a basic mole (hint: there's never a bunch of other people instructed to keep silent, or even a few. At most, one person well above the spy in the civilian organization knows that it was strongly hinted he should hire this person and not ask too many questions.).
            If you mean that anybody competent to do software engineering should be able to put together a proper list of who has the physical access needed to put back doors in properly secured development code, then you may be correct. It's a reach, though, to think an engineering degree or even years of good work in the field qualifies a person to narrow that list down.
             

Re:Colour me not surprised

[Jeremiah+Cornelius]

Hans Reiser. ;-)

Re:Colour me not surprised

[fustakrakich]

Hans across the water (water)
Heads across the sky...

Re:Colour me not surprised

[K.+S.+Kyosuke]

Hans Reiser. ;-)

Hey, he was asking for name naming, not for name calling. ;-)

Re:Colour me not surprised

[wisnoskij]

I assume this guy is trying to toe the line between free speech and being branded a traitor and jailed for the rest of his life. If I were in his shoes, I do not think I would want to out an undercover NSA operative.

Re:Colour me not surprised

[killkillkill]

He refused to help them. See what happens when you do that?

Re:Colour me not surprised

[icebike]

He was just a package maintainer, not a kernel Dev. That problem never found its way into the kernel tree.

Re:Colour me not surprised

[moteyalpha]

Classic military blunder.
In all this discussion I have yet to see the real problem addressed. Like so many military adventures in the past, the people who create and operate the process assume that there are unlimited funds to operate and that somebody else is handling the finance of the process to make it profitable for the state. There are not unlimited funds to purchase and maintain computers and in fact they have already gone trillions of dollars in debt because somebody failed to do their job and say "It might be useful to have an omniscient avenging angel, but what is the cost and can we afford it or maintain it?" I think this is what happened to England's empire, WWII Germans in Russia, USSR in the 1980s, Napoleon... Adventurism has a price and the military is being myopic and self destructive, if they strip the economy and all good will to fit themselves with Iron Man armor, they will fail. It is a self correcting problem, when the cost exceeds resources. They are very clever idiots if they fail to realize that. The abuse of resources will have exactly the opposite effect from what they think they are doing. In the end they will be considering how to defend a nation that depends on them to be strong, with pocket knives and strategy planned on PostIt notes. The problem I see is that this will end and there will be a vacuum and collapse. Then we will be left to defend ourselves against nations who understand restraint.
Like a trusty guard dog given a very long chain, he may not realize in his forward rush to defend, that it has a finite length.
The more you taunt them , the faster they charge. It is the dog's owner that is the problem, not them.

Re:Colour me not surprised

[arth1]

Given the NSA budget, and how much additional they could be getting through Black Box projects we don't even know about, they can afford to recruit some really top notch people.

I'd like to believe that most top notch people either aren't American, or aren't for sale to the highest bidder. If you're top notch, you will make a decent living anyhow, so you have to be top notch and an asshole to sell your integrity for extra money.

Re:Colour me not surprised

[MrDoh!]

. If I were in his shoes, I do not think I would want to out an undercover NSA operative.

Get the pitchforks! Let the rampant speculation begin!

I think it's Stallman, no way could he be real. He's obviously a agent provocateur plant set out to gather info on anyone who'd actually listen to his ramblings. Rather cunning too, it's always the last you'd expect.

Re:Colour me not surprised

[1s44c]

Microsoft Research proves that top notch talent is for sale too. Top researchers are blinded by greed just like the rest of us.

Re:Colour me not surprised

[hlavac]

If you are top notch and making a decent living, you have so much to lose... It does not take much to threaten you into cooperation. Blackmail is cheap.

Re:Colour me not surprised

[Jeremiah+Cornelius]

Somebody's knockin' at the door.
Somebody's ringin' the bell.
Do me a favour...

Re:Colour me not surprised

[fuzzytv]

The question is who is Valgrind. Sounds like a code name of an NSA operative to me ...

Re:Colour me not surprised

[icebike]

What, they kill your wife and frame you, is that what you are claiming?

Re: Colour me not surprised

[tolkienfan]

Unfortunately, defense and the NSA budgets together are dwarfed by social security.
The NSA won't bankrupt the country for at least a couple of years, and certainly not until the social security problem has been solved.
Do we even really need an NSA?

Re:Colour me not surprised

[Xest]

No he's claiming you kill your wife and frame yourself.

Re: Colour me not surprised

[moteyalpha]

Unfortunately, defense and the NSA budgets together are dwarfed by social security. The NSA won't bankrupt the country for at least a couple of years, and certainly not until the social security problem has been solved. Do we even really need an NSA?

I was forced to pay social security as were my children and my children's children. They said we are to be trusted to take that money and save and grow it for our well being to make our lives comfortable in our declining years. They are about as trustworthy as the banks. It is merely one more symptom of problem that something that was to accrue value has become something that bleeds enough interest in a year to feed the entire population of a country. Let's see 16,000,000,000,000 * 0.04 = 640,000,000,000. If my math is correct, that is 640 billion dollars a year at 4%, but heck, they can just print more money.
It would seem to me that they would have to get nearly a trillion dollars every year just to pay the vig on our pawned country. If they were really worried about the ability of the nation to survive they wouldn't be monitoring how many Lol cat videos my daughter watches, but how the hell they are going to pay Vito when he comes to recover his principal. Which I think is a bit funny, that the name of a mafia boss is derived from vitus ( life giver ) and that is pretty much the opposite of their business engagement policy. :)
So, just the interest is about $100 for every person on the planet. This isn't comedic or even tragic, it is like some dystopian science fiction nightmare. I am ill suited to be an accountant, but even I can see the once proud eagle isn't going to strutting very long carrying that kind of weight.
Need the NSA?, Hell, at this point I am not sure we even need the government as they are the one creating the problem. Why are they still drawing a regular paycheck?

strong cryptography on mobile phones

[fustakrakich]

Shit, the FBI and NSA, et al put the kibosh on that before the damn things hit the streets. Instead they made a law that prohibits the sale of full spectrum scanners to the public, like was supposed to make them secure...

Re:strong cryptography on mobile phones

Instead they made a law that prohibits the sale of full spectrum scanners to the public

Is that to outlaw bug sweepers and counterintelligence in general?

Re: strong cryptography on mobile phones

[myowntrueself]

Nazi America is SO screwed. Third-world by 2016.

The U.S. is, by definition, a first-world nation.

Not really. Not the whole of the United States; in reality its a third world country with several first world city-states.

Re: strong cryptography on mobile phones

[BitZtream]

Really? I think you should spend a day in any actual third world country.

There is no where in the nation where you can't get medical care, food and shelter if you bother to look for it.

People travel thousands of miles through central america and mexico to LEAVE third world countries to get to the USA where they are then criminals and have to hide themselves in order to stay ... and they'd all do it multiple times, risking life repeatedly to do so.

You have absolutely no clue how spoiled you are. Ignorant fool.

Re: strong cryptography on mobile phones

[myowntrueself]

I live in a third world country. Have for years.

People from third world countries don't travel to the USA to live in its third world zone; they go to live in its first world city states.

Sounds like John Gilmore has called it accurately

[EnergyScholar]

It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.

Of the multiple examples John calls out, the most poignant is probably the needlessly complicated IPSEC standards. Overly complicated standards lead to bugs and flaws. He and Bruce Schneier describe a process that certainly sounds like NSA sabotage of security standards.

What should be the upshot of this? Perhaps people involved in security research should recognize that [b]anyone affiliated with NSA is a likely saboteur[/b]? Is such sabotage, which deliberately cripples the security of USA electronic infrastructure, a form of treason? Since this sort of deliberate sabotage of technology is the sort of thing terrorists might do, perhaps the NSA, and every person associated with that organization, should be placed on a Terrorist Watch List?

In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?

Here's a constructive idea

Encryption is one thing, but I suppose one of the principal spying techniques at the diverse intelligence agencies' disposal is the SSL MITM. We must assume the private signing keys of the CAs are also held by government authorities so they can spoof any website.

Here's the idea: have the web browser display the flag of the CA's jurisdiction. So if you can see, say, the Chinese flag next to the URL, you can be reasonably certain the NSA isn't listening in (although the Chinese authorities might).

Re: Here's a constructive idea

[cbiltcliffe]

(how many sites changes ca when issuing a new cert anyway).

Google's done it. Pretty sure there are plenty of Diginotar and Comodo customers who've done it, too.

Re: Here's a constructive idea

[fast+turtle]

Even better is to change the behaviour to a "No Trust" model as I have and add exceptions for those sites you actually need. Remember the Diginotar mess? Since then, I've changed the trust of all Certificates by marking all of the Root CA's as untrusted. Sometimes it does create a bit of an issue since Firefox tends to be resistent to adding the needed exceptions but considering that I only have a couple of dozen exceptions out of how many certificates? I don't feel it's as big of an problem as folks think to add them. The main advantage is, none of the god damn advertisers or other idiots forcing https connections can infect my system by default as I get a warning about an invalid certificate chain as soon as the connection is made and yes, I've seen that in regards to some of the advertisers and other folks that I don't need to connect to.

Re:Here's a constructive idea

[gl4ss]

well if the signing authority is from usa then they most certainly have them.. all they need is to ask the kangaroo court to give them a paper saying that the company must either give them or die. this wasn't news though.

Re: Here's a constructive idea

[BitZtream]

People still use Comodo? Do you just want to know up front that your CA has been compromised or just ignorant?

From Yesterday.

[bmo]

This post needs repeating.

+=+begin paste+=+

The destruction of trust (Score:5, Insightful)
by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)

The worst part of the damage done by this isn't technical. It's human.

The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.

I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?

Will anyone be asking themselves the same questions about me? (They probably should.)

The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

+=+end paste+=+

--
BMO

Re:From Yesterday.

[theNAM666]

Mod parent up. Please link to original if possible. Thanks.

Re:From Yesterday.

[bmo]

Just navigate to Arrogant-Bastard's profile.

http://slashdot.org/comments.pl?sid=4173525&cid=44773249

--
BMO

Re:From Yesterday.

The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust. The NSA is only responsible for "enormous arrogance". There were a large number of hands involved over decades.

It's a bloody shame that it took so long for even a single person to leak what was cooking here for so long. SS and Gestapo could not rely on a remotely comparable quota of people willing to drive the constitution into the ground.

That gives a rather bland perspective for the hope to curb the Fourth Reich by democratic means and put a stop to the stellar rise of U.S. fascism. Neither congress nor president seem to have what it takes to bring the CIA, FBI and NSA back under democratic control.

After Edgar Hoover established the FBI as the ultimate power of the U.S.A. by collecting files on everybody who could possibly endanger its autocratic rule over the U.S.A., congress decided that no FBI director might reign for longer than 10 years in future to avoid amassing that amount of power again.

Incumbent Robert Mueller is Führer of the FBI for 12 years already. Looks like everybody was so infatuated with his efficiency that nobody wanted to be the one to tell him his terms were over and bear his disappointment.

And nobody will want to tell the NSA that their funding will be restricted to constitutional activities and bear their disappointment.

Re:From Yesterday.

[Tom]

The Internet was built on, and runs on, trust.

And that's a fundamental flaw and a stupid mistake, as we learn again and again and again. Whether it's spam, the dominance and abuse of certain large players, the commercial takeover, or now the surveilance state.

Never built a relationship with parties you don't know personally on trust.

Never.

Ever.

Humans are inherently cooperative with peers, and competitive with everyone else. Your trust will be abused.

Bruce is right, but he misses the scope of the problem. If we want to take back the Internet, not just from the NSA, but also from Google, Facebook, the spammers, the scammers, the media industry and the corporate interest, we need to completely re-engineer it on a different fundamental concept.

One of self-interest.
One based on the assumption that the other side to a data exchange is hostile.
One assuming that intermediates can not be trusted.

90% of this Internets problems would be wiped out if we were to re-design it with an assumption of hostility.

That's hard to swallow for us geeks. Most of us have grown up in a hostile world we barely understand. With people bullying you at school, then exploiting you in the workplace, meanwhile egomanic idiots who are good at fooling people and nothing else take all the credit. So we have a deep desire for a more friendly world. Building that ourselves was a dream. It was incredibly cool while it lasted. Now it's time to wake up.

Re:From Yesterday.

[geogob]

Its worse than worse.... The NSA was, from what I understand, widely active in the crypto and data security scene. They have their hand on every committee. Their research in every development.

Up to now, I, and probably most of us, assumed good faith. That they were actively playing their role to reinforce security in data protocols an communications with critical application in mind (banking, national security, medical equipment, utilities, etc). Why else play such an active and visible role?

Now it seems there was an ugly monster hidden under this veil. That they used this assumed role to incorporate weaknesses and back doors at every imaginable level of data security. Not only is it an impressive breach of thrust, it is also in increadibly dangerous behaviour. They are basically giving their enemies the perfect tools to infiltrate the systems and protocols every one thought they were protecting.

If you ask me who's the traitor, Snowden is not the first that comes in mind...

Re:From Yesterday.

This irony oozing from comment "The Internet was built on, and runs on, trust" being made in a discussion about cryptography is delicious.

Re:From Yesterday.

[cpghost]

Now it seems there was an ugly monster hidden under this veil.

I'd rather say that the NSA is Dr. Jekyll and Mr. Hyde. They need strong codes for crucial US companies (and government agencies) to be widely adopted... and that's their good role. But they need to tap into the codes of the adversary, and that's their bad role. Due to the dual nature of their mission (to protect own codes, to crack foreign codes), and due to the fact that we've become a global village using the same codes, the NSA has developed some kind of dual-personality disorder, where it fights itself.

Re:From Yesterday.

[93+Escort+Wagon]

Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust.

In the same sense that a person who gives evidence to a woman that her husband is a philandering axe murderer has destroyed that woman's trust in her husband.

Snowden merely provided thorough documentation that the trust was erroneously given - the other party was completely untrustworthy.

Re:From Yesterday.

90% of this Internets problems would be wiped out if we were to re-design it with an assumption of hostility.

To do that we would need to use a Nash style "fuck you buddy" game theory. And to tell you the truth i dont think anything would actually get built if we did it that way. We would just end up with a lot of cellular walled gardens. That is not really an internet, in fact i believe they want us to wall ourselves up. Much easier to be controlled by the state. We really want it to be as open and trusting and chaotic as possible. Despite the risks of opening yourself to abuse, it can always be corrected, when abuse is detected. Wikipedia articles are a fine example of this. Bad eggs can be easier smelt in the open.

Re:From Yesterday.

[Luyseyal]

The Internet *was* built on trust. It also happens to be the case that not all people on the Internet are to be trusted and thus cryptography is necessary.

As you may know, many core pieces of the Internet are moving from the trust-all model to more secure models. Routing protocols, DNS, email, you name it. It used to be the case that when you plugged in your ethernet cable, you had a reasonable expectation that your computer would be safe.

That's not the case anymore and our infrastructure will evolve accordingly.

-l

Re:From Yesterday.

[Tom]

That is not really an internet,

In fact, that precisely is an Internet - a network of networks. All the Internet was meant to be is a connection between networks.

in fact i believe they want us to wall ourselves up. Much easier to be controlled by the state.

Never subscribe to a stupid, idiotic, brain-dead conspiracy theory when all you need is basic human psychology.

Frankly, the government is the very last people I would consider competent to run a conspiracy. They're the most incompetent, corrupt, stupid lot I've ever seen.

We really want it to be as open and trusting and chaotic as possible.

Not trusting. Chaotic and trusting don't mix. All it takes to spoil everything is one asshole who abuses you. See spam.

Despite the risks of opening yourself to abuse, it can always be corrected, when abuse is detected.

Which is why spam was a short-lived temporary issue, yes?

Re:From Yesterday.

[santosh.k83]

Why should you give yourself a need to tap into the codes of others when militarily you are and economically you were, untouchable? Why not simply devote yourselves to building your country to greater and greater heights while acting only in defense against any aggressors (which you'd have had precious little off if you hadn't started so many wars in the first place)? The end of the Cold War and collapse of USSR could really have been used by the US to advance leaps and bounds in terms of science, tech and human standards, but instead, year after year it's shoving itself onto every piece of hell on earth, getting caught up in costly and messy quagmires, embarrassing itself...

The NSA could have acted far more ethically had the policy of the USA been one of just defense when needed, but no, the policy happens to be one of offense at every turn, preemptive offense in fact, and hence the necessity to turn yourself slowly into one big military camp

Re:From Yesterday.

[currently_awake]

Then the NSA should be split into Offensive and Defensive, with separate chain of command.

Re:From Yesterday.

[Burz]

One of self-interest.
One based on the assumption that the other side to a data exchange is hostile.
One assuming that intermediates can not be trusted.

We have onion networks like I2P and (weak) Tor for that. But you left out an important component...

The assumption of hostility/mistrust should be the default stance, but you must be able to use the network to build trust. It must also have strong pseudonymity to allow you to maintain a presence while controlling how much about yourself you want to reveal.

Re:From Yesterday.

[gottabeme]

Never subscribe to a stupid, idiotic, brain-dead conspiracy theory when all you need is basic human psychology.

Frankly, the government is the very last people I would consider competent to run a conspiracy. They're the most incompetent, corrupt, stupid lot I've ever seen.

Appeal to ridicule and generalization. The government is like a network of networks; some subnets are wholly incompetent and/or corrupt; others are highly trained and able to accomplish much, whether for good or evil.

Re:From Yesterday.

[bytesex]

Good luck with running all those trans-atlantic cables man. Oh - you thought that they were free? Well, they're not. Telecommunications companies run them and want money for it, even if you want to 'take back the internet' from them.

Re:From Yesterday.

[purpledinoz]

It's time that security standards are developed outside of the USA, without any US involvement.

Re:From Yesterday.

[Tom]

Oh, I don't doubt that there are elements within the state that I wouldn't want to mess with.

But they are rarely the government.

Re:From Yesterday.

[Tom]

You completely missed the point. It's not about having anything for free-as-in-free-beer. I'm quite willing to pay for my Internet access. I'm just not ok with everyone who thinks he's a big honcho messing with it.

Re:From Yesterday.

[squiggleslash]

I see you're an expert in the use of the word "irony".

Re:From Yesterday.

[gottabeme]

What qualifies as government?

Re:USA! USA! USA!

[Sique]

Either the other countries don't (then the NSA is the big bully), or the other countries are much better at not getting caught (then the NSA is the idiot).

Your choice: big bully or idiot.

Re:Sounds like John Gilmore has called it accurate

[bmo]

"In all seriousness, how should the technical and geek community deal with this sort of sabotage?"

Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.

--
BMO

I don't feel insane anymore

[X.25]

For many years, I just felt that something was wrong, and would do "silly things" (I was an admin, whoops) like setup VPN tunnel, then require everyone to use SSL and client certs to access a service. So people would laugh at usage of VPN + SSL (and then certs on top of it) and ridicule it.

Spent more than a decade trying to explain to *technical* people why self-signed certs are much more secure than 'commercial' certs, and I could never understand why people couldn't understand what I am saying. Well now I know, they simply couldn't beleive any government would do things we're seeing done.

Been laughed at quite few times, but I can tell you that noone is laughing right now.

And now I finally know that I am not a fucking lunatic.

Thank you Edward Snowden.

Re:I don't feel insane anymore

[jeti]

Just that they're out to get you doesn't mean your not paranoid.

Re:I don't feel insane anymore

[ledow]

I always just assumed such things were good sense.

For years people fretted over WEP and then WPA being cracked. At no time was I affected. Sure, I bumped up my wireless to use the new systems, but all the time I was using OpenVPN and other software over the link anyway.

That thing broadcasts through the air - no way I'm trusting a single protocol, and once WEP was dead (and so badly), I certainly never trusted WPA that much either. When that was weakened, WPA2 looked shaky too. But I always had a second layer, and my usage of systems was never affected - there is basically zero overhead on a modern machine of having something like OpenVPN connect automatically over your wireless, even for gaming.

My servers run SSH2, sure, but the same again. I don't expose the ports and only certain things get access anyway. When you can get to an SSH port, you're looking at key-based authentication with passphrases (not made on the target machine). Bam, saved myself from a ton of port spam, plus all the Debian weak-key shite, plus the problem of my remote server being compromised someone and compromising keys that were generated on it.

It's a little paranoid, I have to admit, but when that slight paranoia - borne mainly of a desire to understand how these things work and then, when you have a working system, carrying it on throughout your use of that system - was justified, it becomes a reinforced habit.

And when you have things like VPN daemons running at lower privilege and the only escalation to root being through SSH2 keys over that VPN (and not any other way), then you have a double-protection against things.

Compromise of any one only gets you so far - a limited user account which can only SSH which a key you don't have, or authentication access to something which you can't VPN to anyway. It's not invincibility, but I assumed most of the Slashdot crowd would be doing similar things, just out of the same basic principle - experimentation, self-teaching, applying the same principles that we should to our work, and distrust (not of people like the NSA, but just that a protocol would eventually have a flaw discovered in it, and getting yourself twice the lifetime out of such systems).

It's also the reason I've never touched PPTP or IPSEC. Nothing to do with the NSA or GCHQ. I just never trusted their messes as one is now completely compromised and the other was always balancing on a knife-edge anyway.

Do people honestly NOT have this sort of double-layer protection? I mean, it won't stop GCHQ taking an interest in me, or asking my server host to butt in, but it stops things like simple compromises from ANY source walking straight into systems that they detect are running vulnerable software.

Re:I don't feel insane anymore

[bmo]

>Bam, saved myself from a ton of port spam,

Another simple way to keep ssh out of the bots is if you don't need to, just don't use port 22. If they have to scan the entire machine to find the ssh port, they're not gonna do it. Too slow. This won't deter the determined cracker at all, but it helps.

>key auth ssh

Not only is this more secure, but it's easier once it's set up.

> It's not invincibility,

Anyone with any real common sense with regards to this knows it. The problem with common sense is that it isn't.

--
BMO

Re:I don't feel insane anymore

[MyFirstNameIsPaul]

Total paranoia is perfect awareness.

Re:I don't feel insane anymore

[shentino]

Tell that to the NSA.

Re:I don't feel insane anymore

[whoever57]

It's also the reason I've never touched PPTP or IPSEC. Nothing to do with the NSA or GCHQ.

Microsoft's MS-CHAP (used with PPTP) has known vulnerabilities. Which of the following is true:
Microsoft is incompetent at secure software or:
Microsoft deliberately included vulnerabilities to make things easier for the NSA?

Re:I don't feel insane anymore

[gottabeme]

What about his not paranoid?

Re:I don't feel insane anymore

[gottabeme]

That's great, and I think there's some wisdom in doing those things. Just remember that bugs can result in getting around things like privsep. All it takes is one privilege escalation bug and your unprivileged daemon or shell account has compromised the whole system. And if you scan the Security page on LWN, you'll see that bugs like these are fixed all the time, which is both encouraging and discouraging--because it means there are always more of them out there.

Re:I don't feel insane anymore

[bill_mcgonigle]

It's a little paranoid, I have to admit, but when that slight paranoia

You know what's paranoid? When you build a roof, first you put down sheathing, then you put down water shield, then you put down tar paper, then you put down shingles. I mean, any of those, working properly, will keep the water from coming through, so why go to all the extra effort to use all of them?

Oh, right, because nothing ever works right and getting a leak into the house is worse than putting on those extra layers.

In construction, recognizing Murphy's Law is just called 'good practices'. In IT, for some reason, people think they're due magic bullets.

Re:I don't feel insane anymore

It's so funny to see this... you call him out because he doesn't have a clue, then you go on to demonstrate exactly where the cluelessness lies. Awesome!

The reduction in security with a commercial CA lies in the fact that someone with the right access to that CA can generate a new certificate for another server that allows them to impersonate yours, and your clients will trust them. When using your own self-signed CA to generate your server certificates, that's not nearly as likely.

What would Sun Tzu say about this situation

[MRe_nl]

Read all (4 pages) of chapter 13 basically, but in this case perhaps specifically;

"Spies cannot be usefully employed without a certain intuitive sagacity. Before using spies we must assure ourselves as to their integrity of character and the extent of their experience and skill."

"Without subtle ingenuity of mind, one cannot make certain of the truth of their reports."

Re:What would Sun Tzu say about this situation

[girlintraining]

As long as we're talking about Sun Tzu... the rule I find most relevant is Again, if the campaign is protracted, the resources of the State will not be equal to the strain. In other words, war better start fast and end fast, or it'll cost too damn much. The United States is constantly at war. We can't go more than a few months without CNN running another story: "US Thinking About Bombing Again, Film At 11" ... and that's ignoring all of our wars on intangible things like terrorism, drugs, poverty... and the growing notion that the government has declared war on itself as well... the zeal for attacking these intangible things has led to us eating away at ourselves like our law enforcement and judicial branches are having some kind of allergic reaction and bloating up all over the place like they've been stung by bees... attacking itself due to the allergic reaction.

Re:What would Sun Tzu say about this situation

[MRe_nl]

"Now, when your weapons are dulled, your ardor damped, your strength exhausted and your treasure spent, other chieftains will spring up to take advantage of your extremity. Then no man, however wise, will be able to avert the consequences that must ensue".

Machiavelli's "Discourses on the Ten Books of Titus Livy" has some nice current relevancy as well.

Wait, what, there's a "War on Poverty"? I missed that one apparently.

Re:What would Sun Tzu say about this situation

[Opyros]

Actually Johnson, as part of his Great Society policy.

Re:What would Sun Tzu say about this situation

[Burz]

Conflating a "war" on poverty with real police and military assault is despicable.

Re:What would Sun Tzu say about this situation

[1s44c]

There was also something about killing all spies when the war ends. It's dangerous to keep those kinds of people in your side.

Re:What would Sun Tzu say about this situation

[myowntrueself]

Conflating a "war" on poverty with real police and military assault is despicable.

'War on poverty' should mean going around burning slums and slaughtering the inhabitants?

Re:What would Sun Tzu say about this situation

[Burz]

Who are you talking about??

Re:Sounds like John Gilmore has called it accurate

[FriendlyLurker]

I do not know how we the geek community should respond, but NSA is defiantly is using the following Sun Tzu tactic to destroy any coherent and effective security standard - worldwide (which is the amazing part - how do all the non US security professionals and their respective countries sign themselves up to a NSA destroyed security standard?):

"Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent's fate."

Sun Tzu

Re:Sounds like John Gilmore has called it accurate

[EnergyScholar]

This! Yes! I was hoping someone would say this. Yes, this is [part of] what needs to happen.

Remember the allegations of OpenBSD IPsec stack...

[X.25]

..."backdoor":

bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack

Many people laughed at this at the time.

Guess they're not laughing now.

History of DES

https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html

When IBM submitted DES as a standard, no one outside the National Security Agency had any expertise to analyze it. The NSA made two changes to DES: It tweaked the algorithm, and it cut the key size by more than half.

The NSA's changes caused outcry among the few who paid attention, both regarding the "invisible hand" of the NSA--the tweaks were not made public, and no rationale was given for the final design--and the short key length.

It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

Re:History of DES

It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

From whose point of view?

Re: History of DES

It was more secure against a type of attack that was not publically known at that time, think it was differiental attacks but I'm not sure.

Re:History of DES

[CRCulver]

Just because the NSA toughened some standards in the 1970s doesn't mean they are good guys now. After all, many familiar with the inner workings of the agency have said that the mood there changed greatly after 9/11 to "privacy be damned", and the Snowden documents leaked the other day admit right now that the NSA has inserted backdoors into cryptosystems used by the general public.

Re:History of DES

[X.25]

Just because the NSA toughened some standards in the 1970s doesn't mean they are good guys now. After all, many familiar with the inner workings of the agency have said that the mood there changed greatly after 9/11 to "privacy be damned", and the Snowden documents leaked the other day admit right now that the NSA has inserted backdoors into cryptosystems used by the general public.

They were "good guys"? People have short memories. NSA have been involved in this type of shit for a long time (in physical world).

http://cryptome.org/jya/nsa-sun.htm

Re:History of DES

[amorsen]

It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

The S-box tweak made DES resistant (well, more resistant) to differential attacks. The shortened key length did not improve security, it reduced security.

Re:History of DES

[amorsen]

Look, you really don't know if the ultimate result of the S-box tweak was enhanced privacy or decreased. You only know about the effect on differential attacks. The problem with that are the "unknown unknowns."

DES has been attacked time and time again. It is completely certain that DES without the S-box tweak would have been useless as soon as differential attacks were discovered in the academic world. Outside NSA, DES has held up pretty well until the key length made it obsolete, with the best theoretical attacks somewhere in the region of 2^39 chosen plaintexts. This is pretty lousy by the standards of any modern cipher, but it is more effort in practice than just brute-forcing a 56-bit key.

So yes, I am completely confident that the S-box tweak enhanced privacy, simply because the cipher was so horribly broken without the tweak.

Who cares about IPSEC?

We live in an Open Source world now. So why don't the cryptographers who said IPSEC was too complicated not draft a simpler protocol that can be scrutinised by their peers? It won't matter if corporations don't rally round it, if you can get support from the open source community to implement it in things like the Linux kernel it will be adopted in preference to IPSEC anyway. Corporate users who have concerns about IPSEC might prefer it too.

After all, PGP didn't need a standards body behind it. The Blowfish encryption algorithm (developed by Bruce Schneier) is still more trusted than most variants of AES.

Re: Who cares about IPSEC?

[F.Ultra]

OpenVPN?

Re: Who cares about IPSEC?

[jaredm1]

Hmm, so a quick browse over to http://openvpn.net/index.php/open-source/faq/community-software-general/295-are-there-any-known-security-vulnerabilities-with-openvpn.html and we see: "Are there any known security vulnerabilities with OpenVPN? Not to our knowledge (as of 2004.12.08)" Not to be paranoid, but is it too much to ask for them to update their knowledge by about a decade? Am a bit surprised that there doesn't seem to be much published analysis of the protocol.

Re: Who cares about IPSEC?

[whoever57]

Hmm, so a quick browse over to http://openvpn.net/index.php/open-source/faq/community-software-general/295-are-there-any-known-security-vulnerabilities-with-openvpn.html and we see: "Are there any known security vulnerabilities with OpenVPN? Not to our knowledge (as of 2004.12.08)" Not to be paranoid, but is it too much to ask for them to update their knowledge by about a decade?

Perhaps the developers cannot make the same claim now and are unable to state that backdoors exist?

Re:Who cares about IPSEC?

[0123456]

Everyone who uses it?

IPSEC is an abomination, regardless of whether that's because it was sabotaged or the product of a commitee who wanted to throw the kitchen sink into the design. It's so insanely configurable that there are trillions more ways to configure it not to work than to configure it to work, and many of those are insanely insecure.

Re: Who cares about IPSEC?

[F.Ultra]

The code is only 58k LOC so it's quite easy to check for backdoors if you want to. At it's core though OpenVPN uses OpenSSL for encryption which is a much better place for a backdoor. However if OpenSSL contains a backdoor then quite a lot of "safe" software is compromised.

Re: Who cares about IPSEC?

[bytesex]

OpenVPN is not the same concept as IPsec at all - therein lies the rub. OpenVPN is a service maintaining a connection (as if it were a wire) and a virtual network device, IPsec sits in your kernel, next to your packet stack and does cryptography packet-for-packet. The differences are too great to really compare them.

Re: Who cares about IPSEC?

[jaredm1]

One of the big selling points of OSS is that software can be scrutinised for things like back doors. OpenSSL is indeed extremely popular as is OpenVPN - surprises me that the NSA and others have outwit the smart techies that should be able to spot weaknesses. Or perhaps we take OSS for granted so everyone assumes it has been scrutinised but no one actually bothers to analyse the code.

Re: Who cares about IPSEC?

[jaredm1]

before the Snowden revelations I would have believed that. Now it just seems like they're not able to maintain the same statement so they haven't updated it. Call me paranoid if you like but context has changed.

Re: Who cares about IPSEC?

[F.Ultra]

No once claims that neither OpenVPN or OpenSSL are compromised. In fact it's highly unlikely that it have happened so no the NSA and others have not outwit the smart techies at all, at least there is no evidence of that happening. The people involved with OpenSSL is a very tough crowd to sneak something pass, remember that the Debian problem with OpenSSL was never sent upstream and that it was caught due to OpenSSL beeing OSS. If it had been closed, then that particular problem would never have surfaced.

Re:Sounds like John Gilmore has called it accurate

[bmo]

The great thing about this is that you wind up kicking out the incompetents simultaneously.

Someone who is shit at maintaining a security module? NSA hack or incompetent, doesn't matter. Find someone else to do it.

--
BMO

Re:Sounds like John Gilmore has called it accurate

[Em+Adespoton]

Or, is John Gilmore actually doing exactly what the NSA wants? Are there a bunch of other "contributors" whose code was rejected, who actually work for the NSA and are trying to slip their own backdoor updates into the codebase?

I can easily see the NSA playing both sides of this. In fact, I can't NOT see them playing both sides of this.

Can't security be implemented in an application?

[apcullen]

PGP comes to mind. Cant an application developer just create a 1024-bit public key encrypted chat program?

Re:Sounds like John Gilmore has called it accurate

NSA-directed sabotage ... the needlessly complicated IPSEC standards.

First of all, this is a substantial claim that requires substantial evidence. You may think standards are "needlessly complicated", but each of those complexities had a use-case behind it and was discussed among experts who concluded it's a good idea to do it that way. I don't deny NSA can subtly influence the standardization process, but surely it can't be all a grand conspiracy to make standards useless, I much rather believe the issue they are dealing with is very complex and lacking sufficient geniuses the standardization group created a complex solution, with or without NSA's assistance.

Secondly, this sounds too much of an 80's cipherpunk wet dream, "if only everything was encrypted... but the government won't let us". Practical encryption is a very hard problem. Key distribution is hard. Interoperable, secure and non-patented implementations are hard. It's not simply about flipping a switch, changing a standard and everything is all of a sudden encrypted with 1 gazillion bit encryption; secure communication requires significant changes up and including the user's level who must change his behavior. And IPSEC with all it's complexity does very little to address those far reaching problems.

International standards.. 'nutf said

[jaredm1]

When it comes to international standards I should remind everyone that the NSA doesn't need to do much to make those complicated and unwieldily. Look at SOAP or UML. For some reason when you gather an international consortium together to make a standard it is natural for it to be a huge WTF by the time it eventually becomes finalised. People feel the need to cater for every conceivable use case even if they're unlikely to be practical or real-world and often those pushing for things have very little grasp of the implications. Crypto related standards are different though, because you actually need people who know what they're doing. So apply the same approach to security and the resulting standard is bound to contain weaknesses. I would bet money that the NSA probably saved the IPSEC standards committee from making it overly weak (much like they enhanced DES when it was first created). Is there an open source alternative to IPSEC that has been scrutinised by cryptographers?

Public Interest in Crypto; Why Email is Broken

[SerenelyHotPest]

Until recently, the public hasn't cared about cryptography's political/privacy ramifications, let alone about crypto itself. As a technical person, I concede that the learning curve is steep; to even make basic judgements on the safety of others' cryptosystems like, "well, does it use AES?" typically takes several months of training that don't always sink in. One of the better jinns to emerge from the NSA Spying Pandora's Box has been increased public interest in crypto/general information security. In my present personal opinion, a better project for the EFF et al. to engage in rather than continue to prop up the fairly vulnerable and incriminating Tor system (given the people intent on breaking it) is launch a policy to educate laymen on principles of encryption use (things like what a public-private cryptosystem is, what a digital signature is, general advice on what to use and what not to use--that sort of stuff).

Email was created around a time when it was used by a few thousand academicians and not expected to carry messages between business partners, political activists, and loved ones. Its lack of inherent security has driven the layering of security ameliorations on top of the basic protocol, most of which don't work terribly well (PGP is fractured, hard to use, doesn't support rich email, and is generally hard to use, for example). The same goes for HTTP. I agree that it's probably time for a new spec, but I don't know where or how to begin the creation of one, let alone how to get the public on board to transition, though again, the spying fiasco may generate the the impetus needed.

It's still interesting to me that mail, which I'd generally consider far less inherently secure than secured electronic communications and as having a far lower "reasonable expectation of privacy," receives all kinds of legal protections that, say, even email exchanged purely through Gmail (which has all kinds of security precautions like DMARC, SSL/TLS, and STARTTLS) doesn't. I think this reflects a long-term interest in western policy-making to incrementally convert "free societies" into police states, as others have observed. It looks like the governments of the US, UK and collaborators are simply waiting for mail to become completely obsolete so all communications are fair game for eavesdropping. It brings to mind what Ray Bradbury said in Farenheit 451: the government didn't have to outlaw books until most people were so fed up with them that no one noticed when the crackdown began.

Re:Public Interest in Crypto; Why Email is Broken

[Burz]

I2P-Bote is decentralized (unlike the now defunct Tormail) and doesn't expose metadata because it uses onion routing. Its end-to-end secure and anonymous.

The simple truth is: To avoid being caught up in mass surveillance, people need to specify to their associates to use such tools for contacting them.

Re:USA! USA! USA!

[Guy+Harris]

Either the other countries don't (then the NSA is the big bully), or the other countries are much better at not getting caught (then the NSA is the idiot).

Or other countries do, but not to the extent that the NSA does, so nobody's been as motivated as Edward Snowden to leak the information or look for ways in which those other countries' equivalents might have affected things (which amounts to "NSA is the big bully, some other countries have their own bullies but they're not as big as the NSA").

One person claims that the A5 encryption algorithm for GSM wasn't as strong as the Germans thought it should be; if true, it doesn't explicitly indicate which countries objected to the stronger encryption (it speaks of it being a French algorithm, but that doesn't ipso facto mean that the French spearheaded that).

Re:After reading TFA...

[gweihir]

BS. In line with ACs having nothing worthwhile to say...

Re:USA! USA! USA!

[Guy+Harris]

Or other countries do

E.g. the UK (GCHQ). Not as big a bully as the NSA, but....

WE HAVE MET THE NME AND THEY ARE NSA

[Jeremiah+Cornelius]

WE can cause them to completely fail. How? Make this like SETI, or the RC4 competition, in reverse!

They find needles in haystacks. Our job is MORE, BIGGER HAYSTACKS!

Create more crypto-garbage for them to sift. Expensive to crack and useless, when decrypted. Start by upgrading to Tor 2.4, and running a non-exit-node relay.

Add your own ideas. We can chaff the net with more problems than they can manage, even with their stadiums full of Xeons!

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Ziest]

Correct. Making bigger haystacks, poisoning the well is the key to, if not bring down the NSA, but at least bog them down. If what we have read is correct, that the NSA retains everyting that is encrypted, encrypt everything and generate tons of garbage email that is encrypted, If many set their mail servers to have a catchall address which silently gets tossed into the bit bucket. The idea here is that what ever is the cost to decrypt a message it is not zero.

The other point is that stuffing their databases with garbage will render their databases usless. I'm not sure at what percentage the DB is of no value. Its way more that 10% but under 75%. Where that point is I don't know but lets find out.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[spire3661]

The NSAs entire job is separating signal from noise. Bad plan.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Burz]

Tor is good for web pages and little else. I2P is designed to handle everything from P2P filesharing to voice to email; IOW, its a secure+anonymous (really pseudonymous) layer for IP. If people want to conduct their personal lives and business without the online spying, they need to start articulating what tools are necessary to continue communications. I believe I2P is just such a tool (indeed, the one that the other privacy enhancing tools are based). Tell people you know to contact you through your I2P address instead.

The other major problem to solve is the OS re: how open and robust it is against network exploits. Qubes OS is currently the best of breed for desktops. Its a unique combination of Xen and Fedora Linux that marshalls some newer hardware VM features to keep threats at bay.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[lightknight]

Yeah, no. Assume that the NSA has access to your machine, even if you're running a tight BSD install. So...why develop new software that they're just going to copy for themselves? Remember, these people have no souls.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Jeremiah+Cornelius]

We don't just want to conduct ourselves privately.

We want to actively disrupt the engine of oppression, by jamming a spanner in the works. Every "little man", with a private act of ambiguous disobedience is a small victory, which will ruin the plans of the arrogant and unprincipled "authority".

Don't just use Tor and I2P for meaningful data transfer. Send blocks of useless, misleading crap - that are expensive to examine. Frequently.

Name them things like "SCADA" and "VulnAssess". ;-)

Then? Include the text of "Alice's Restaurant" stegenographically embedded in the payload.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Jeremiah+Cornelius]

When you can use computers, to generate noise, and cryptographically obscure the noise/signal distinction, as well as the signal pattern - then you make this "entire job" the focus of your attack.

The BEST thing to happen to Tor, could be the Botnet they are trying to shut down. What a lot of traffic to hide in - and what a piss gulp to sift for sigint.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Jeremiah+Cornelius]

Don't believe they are infallible and omnipotent. Their arrogance and resource dominance are their weakness.

Also: remember they hired Snowden. They can be defeated in their illegal, unethical and immoral mission, if you yourself, are undefeated in your own moral and ethical standing.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[BitZtream]

Instead of disrupting shit, why don't we just fix it?

If people ACTUALLY cared, and I don't just mean you and I, 'the people' of this country ... if they actually cared, fixing this problem is literally only 4 years away, and you can do a MASSIVE amount of change in only 2 years.

First off, stop voting for the president. He is REALLY NOT IMPORTANT. He isn't. The American ignorance of how our government works and too much red vs blue and only listening to campaign speeches and what the 'liberals' or 'conservatives' do is the problem.

We can fix these issues by voting people OUT of congress. Destroy lifetime politicians for a start. Stop allowing congress to judge other congressmen when crimes are committed. Do we let the prisoners of Shawshank judge the prisoners of Shawshank ... everyone is innocent in here, remember? Sure, there was one innocent guy, and one guilty guy who admitted it, but the system as a whole is not fit to judge itself.

OUR JOB is to judge these bastards and put them in their places.

PLEASE PLEASE PLEASE PLEASE do not try to disrupt the government first. First we put some actual effort into fixing it.

Unless someone shows me wide scale voting fraud (and I don't mean the silly bullshit like Bush had, that was crap to distract us from reality), then the way we fix our country is by using our country to fix itself.

When we vote out every member of congress, and they don't go or have a coup ... THEN we disrupt the government in every possible way.

We're not there yet. People won't even pay attention to who they vote for, theres no way they are going to do anything effective against this crap. Too much apathy.

PLEASE VOTE! And don't for the Bloods or the Crips, I'm sorry, Republicans or Democrats (funny they share colors, don'tcha think?).

Vote for people who you have bothered to look into their background. No normal US citizen should EVER cast a vote for EVERY position on the ballot. You don't have enough time in your life to be qualified to know enough to effectively vote on all those positions. Look at the histories of the people you're voting on. Look at their record in congress on issues you care about. If you don't know about a position DON'T VOTE ON IT.

VOTE WITH YOUR HEAD AND KNOWLEDGE ... don't vote for 'CHANGE!' and retarded campaign slogans. Don't vote based on skin color. Crusty old black men, hispanics and whites are ALL THE SAME when they get to congress. So are the crusty old women. As the saying goes, we're ALL warm and pink on the inside (yes, I know thats not what the term is normally applied to, but it certainly fits)

I vote for people I've looked into. My last ballot had votes for democrats, republicans and the less parties and even a couple local independents (who won!). PLEASE consider doing the same before we insight the beginnings of the revolution. We're not there, YET.

Remember:

Boxes in the defense of liberty: Soap box, ballot box, ammo box. In that order. We're at #2 right now.

BitStream
Your local gun tote'n ultra-not conserv-libral.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Burz]

Don't just use Tor and I2P for meaningful data transfer.

A range of tools and approaches are needed to have a resilient movement against a police state.

FWIW, each I2P user does act as an onion router. That means lots of multiply-encrypted traffic from random people at different layers of the onion are flowing through your system alongside your own traffic.

Think about that.

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Jeremiah+Cornelius]

I like it.

And, I like your virtualization strategy for post-facto security. Wrap the devil in the Matrix. As long as you are sure that you own the Matrix. :-)

Re: WE HAVE MET THE NME AND THEY ARE NSA

[tolkienfan]

Just send each other truly random bits. Hopefully I don't need to explain...?

Re:WE HAVE MET THE NME AND THEY ARE NSA

[lightknight]

I'm not interested in a protracted 'battle' with the NSA...1.) it's not how I do things, and 2.) it takes time and energy away from core focuses.

If I wanted to register a complaint with the NSA, I'd do it by ensuring that anyone associated with it would suddenly consider the thought of continued work along those lines to be less than compatible with their long term goals in this life, namely peace and longevity. However, we live in a Democracy...and as such, we shall wait for the current set of leaders to fail...and they will....to reign in the NSA, before endeavoring to consider alternatives.

For the record, the NSA does constitute a sometimes valuable resource to the US; however, like the CIA, some of its, shall I say 'shenanigans' need to be reigned in, before we become the laughingstock of the nations, and we can't call ourselves the nation of the free / home of the brave without laughing. Finally, the military does need to be brought home; the military leaders have spoken...all of them...and while some people might want to test their loyalty to civilian authority by pushing for further war with Syria, I am reminded that the reason we have military leaders is that so we can have their advice on military matters. Ergo, if they are saying "let's give the military a rest,' then there's a chance that it needs one, on more than one level.

Re: WE HAVE MET THE NME AND THEY ARE NSA

[tolkienfan]

On the whole, I agree with this.

But... (there had to be a but)

1 Civil disobedience is a useful tool, and there really isn't any reason to wait.
2 I'd advise against voting for a republican or democrat candidate, even if they do appear to align with your values... they are lizards (hope you get the reference). They will almost always switch as soon as they get elected. Vote for a human.

Perhaps we can cook up some stats on things like how often a politician has flip flopped, and how often they have followed thru on their promises... if there exists a website with this info, I'd love to see it...

Re:WE HAVE MET THE NME AND THEY ARE NSA

[Jeremiah+Cornelius]

Well,
NSA is USGov, and USGov is property of highest bidder.

That's not ever going to be in YOUR interest.

Re:Sounds like John Gilmore has called it accurate

[gweihir]

Indeed. IPsec is a terrible, terrible mess. I always wondered how the IETF could mess up so badly when doing reasonable work otherwise. Now I know, intentional sabotage of critical infrastructure by the NSA is to blame.

Re:Sounds like John Gilmore has called it accurate

[__aaltlg1547]

I think most useful to the public would be a list of what security standards and methods are presently believed to be most secure and those known to be insecure and/or backdoored.

progress depends on the unreasonable man

[epine]

The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.

            — George Bernard Shaw, Man and Superman (1903)

What would the NSA do confronted with an individual so high-minded and abrasive as to be relatively immune to the bullying tactics of the second-largest bullhead in the room? They would plant and nurture the meme that Theo sucks as a human being and that one's choice of OS and security software deployed rests on social morality rather than logic.

Who's looking like the reasonable man in the room now?

It's almost tautological than anyone abrasive enough to successfully push back against covert and well-funded NSA assholerly is not going to be a poster child for harmonious cooperation.

I've followed this little soap opera avidly (but with a relatively small corner of my mind) since Bamford's Puzzle Palace in 1982. I was then enrolled in an undergraduate mathematics program at a university famous for its cryptographers and I heard a few stories directly. I suspect I've read twenty books on the origins of these agencies before, during, and after WWII, ranging from espionage to black budgets to the ITAR fiasco.

I'm surprised by exactly none of this. I just didn't know the specifics of how it was done. The peculiar part was that the NSA seemed to have a very low appetite for taking this fight to the courts in the Clipper chip era. Now we know that they had a giant Plan B, much more to their taste than entering into a public process where things get written down.

Re:progress depends on the unreasonable man

[myowntrueself]

The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.

            — George Bernard Shaw, Man and Superman (1903)

I just want to point out; GBS 'Man and Superman' was intended to parody Nietzsche, who GBS hated, and to discredit his ideas. That sentence was *intended* to make the reader laugh at how absurd Nietzsche is. Doesn't seem so absurd now, does it.

The thing is, that in the modern world, the sentence seems more plausible as a genuine statement than as a parody. In fact a lot of Nietzsche makes more sense now and in the current context Nietzsches question at the start of "Beyond Good and Evil" is one worth thinking about, just to clarify ones mind on the idea and to force a re-evaluation of ones deepest held ideas.

And that is: "Why should we prefer truth over falsehood?"

(a question which, Nietzsche claims, had never been asked by any philosopher before him all of whom just took it for granted. Its the 'taking it for granted' that Nietzsche is challenging, also the idea that there are some things that exist at a 'meta-level' outside of consideration of good and evil eg reproduction, survival. Again, relevant to the current context.)

Re:Sounds like John Gilmore has called it accurate

[cbiltcliffe]

Seems like another witch hunt to me. Good ol' McCarthy would have been proud.
Instead of searching for culprits, get the community to examine the compromised code and improve it.
If you think the whole community is in the hands of the NSA then we've already lost.

You/we need to do both. Fixing the compromised code without finding and removing the culprit(s) is a short term solution at best. The unknown culprit would be free to compromise other code repeatedly, unless they are outed to the community at large.

For a permanent solution, the mole MUST be found.

Re:USA! USA! USA!

I know it's difficult sometimes, but if you had read the comment before you tried to justify the USA's wrongdoing by pointing out other nations' potential wrongdoing, you would have recognized that my indignation wasn't so much about the spying but about the fucking sabotage. We're without a practical ubiquitous network encryption solution because the NSA would have had to work harder, so they made sure it wasn't created. The USA intentionally and actively made the internet less safe to make their spying easier. If you can come up with information that other countries have actively sabotaged standards committees to make the job easier for their spying operations, do come forward, but it's still not right for the USA to have done this.

Re:OpenVPN

[93+Escort+Wagon]

Yeah, I was wondering about this. It's SSL-based, which might be an issue if the NSA can actually break the encryption; but it is in line with Schneier's advice to use standard, interoperable protocols. And the source code is available, so one would assume any attempts to back door the actual code base would get caught.

OpenVPN available cross platform - there's even a free iOS app (which works well if you have the know-how to configure .ovpn packages). And setting up a server is straightforward.

Re:USA! USA! USA!

[Guy+Harris]

Maybe we in the USA are the only ones conscious of these egregious violations of the American ideal and tradition of open and accountable government?

Or maybe we're not. (Perhaps, in that case, more like the German ideal of open and accountable government, due to somewhat recent memories of other traditions.)

How to crack RSA

[Okian+Warrior]

In response to the current situation, I've been researching random number generators - especially the builtin one in Intel processors.

It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.

If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.

With a very large number of keys, you don't need to try N*(N-1) pairs of keys: partition the keys into two sets, multiply all the keys in the first set together, multiply all the keys in the second set together, then calculate GCD(Set1,Set2). In one calculation, you've determined whether any single key in the first set has factors in common with the any key from the second set.

Bruce Schneier believes that the algorithms are robust, and that the NSA is using other methods to break the encryption. Here's one likely way that they are doing it - they weaken the random number generator on a class of devices, harvest all the encryption keys they can find, then look for common factors.

From this article talking about the study: "[Researchers from the linked paper found] “vulnerable devices from 27 manufacturers. These include enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; VPN devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products [1]."

The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.

Re:How to crack RSA

[Dan+East]

The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.

Then don't use the hardware random number generator. Do it all in software.

Re:How to crack RSA

"Then don't use the hardware random number generator. Do it all in software."

Sorry, wrong answer. Doing it in software is worst answer, see von Neuman etc. Don't trust other's hardware. Use YOUR OWN local bit of hardware, eg local geiger counter with USB device interface. I'm sure someone will post details on hardware maker site somewhere soon.

Re:How to crack RSA

[c0lo]

Use your mic to record some secs (the shittier/noisier the mic, the better) of your computer's power supply fan. Take an SHA512 of the recorded noise. Use it to seed your RNG.

Re:How to crack RSA

[dcollins]

"Anyone who considers arithmetical methods of producing random digits is, of course, in the state of sin."
— John von Neumann (1951)

Re:How to crack RSA

[PPH]

Chip? This is a software PRNG method. Software can be inspected.

Re:How to crack RSA

[c0lo]

And hope the chip doesn't test for randomness (in any and all data, files, etc. on the device), and if the data is seemingly random enough, removes some of that and introduces a subtle non-randomness...

My apologies. I meant software Pseudo RNG seeded by SHA512-ing an input recorded from your power supply fan with a low quality mic.

Re:How to crack RSA

[swillden]

If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.

That would be a very compelling argument, except that nearly all of the keys with common factors were from embedded devices, and the root cause was that they didn't have a hardware RNG or any other good entropy source.

It would be interesting to see the common factor percentage with embedded devices excluded.

Re:How to crack RSA

This is one of the best overviews of random number generators, and provides adequate information to build your own: http://www.phy.ornl.gov/csep/CSEP/RN/RN.html

Re:How to crack RSA

I always seed with "4".

What? I threw a dice to get that number. 100% random, baby!

Re:How to crack RSA

[shentino]

Who wants to bet that Trusted Computing will be co-opted to trust the NSA?

Re:How to crack RSA

[shentino]

+1 Funny

Re:How to crack RSA

[rastoboy29]

I've been thinking this about this, and it may be that open source hardware's time has really come.

Re:How to crack RSA

[DMUTPeregrine]

The sound card could be compromised. The CPU could be compromised. All software needs some hardware to run on, and the trust in that hardware has just been degraded.

Re:How to crack RSA

[bytesex]

I seem to remember that a discussion on whether to use the Intel RNG or not in the Linux kernel (/dev/random being horribly slow) was recently won in favor in Intel. Might this be something?

Re:How to crack RSA

[gottabeme]

Actually, if the mic or audio hardware is noisier, it might mean it's picking up more electrical noise from the rest of the system, which might make it less random. And since the PSU fan is also part of the system, I'm not sure it would qualify as random either. Don't you need a source of data that's outside the system, independent of it?

Re:How to crack RSA

[bytesex]

Any *good* RNG will rely on machine transactions that are made on hardware (disk accesses, network packet timings, etc) that are ordinarily unpredictable but also *very* un-inspectable.

Re:How to crack RSA

[c0lo]

Actually, if the mic or audio hardware is noisier, it might mean it's picking up more electrical noise from the rest of the system, which might make it less random.

1. Noise is random (this is why it is caled "noise" and not "signal"). Granted, different noise colours will have different degree of randomness, with pure white noise being 100% random.
2. Since even if the noise(s) produced by the fan (or other sources) has randomness but are not pure white one(s), I suggested recording for a "longhish time" (some seconds) foillowed by taking a SHA512 hash (with 2^-512 collision probability) on it. Then, use that hash as a seed for a Pseudo RNG - a "secure RNG" will generate a high quality "white noise".

Granted, the generated sequence for a pseudo RNG is deterministic, but since you start from one-in-2^512 initial point, I think this is good enough.

And since the PSU fan is also part of the system, I'm not sure it would qualify as random either. Don't you need a source of data that's outside the system, independent of it?

You'll need to note that I did not suggest using the recorded noise directly as a RNG, but only to generate the nonce/seed for a Software PseudoRNG which you trust (is recommended by unbiased experts, have source code, have the message digest for it, you compile with a compiler you trust, etc).

Re:How to crack RSA

[DMUTPeregrine]

There's a third, easier choice: betting.
The probability that the NSA has compromised something from Intel is probably rather high. Especially something to recognize common Windows encryption systems. I think it's high because that would be a good target, the Intel CPUs are complex enough to hide malicious blocks in,. and the NSA has the technical ability and money to do so.
The probability that the NSA has compromised Creative and some of the other major sound-card makers to have their cards give reduced-entropy output is rather high, for the same reasons as above. They have the money and expertise, sound card noise is a common way to seed RNGs, they'd be silly not to damage that entropy pool if they could (unless they actually cared about the security of US citizens. Tip your server, I'll be here all night.)
The probability that the NSA has compromised every input system of most computers is much lower. The types of inputs that can be safely meddled with without the user noticing are quite low. If they were messing with data input over USB people would have noticed by now. So it's probably safe to trust such things.
The probability that the NSA has compromised Atmel's AtMegaxx8 series of chips is rather low. There's less there to compromise, and they're not used as much for anything the NSA cares about. The same goes for most other microcontroller and FPGA manufacturers.
So it should be possible to make a USB-based system, preferably as a kit, that can do various encryption operations with a low probability of having been compromised in hardware by the NSA. Similar things apply to many other systems. And if using FPGAs one could potentially even accelerate crypto on some systems.

Re:How to crack RSA

[PPH]

Yes. But there's nothing buried in a chip which cannot be inspected. The hardware parameters being read are well understood and the software can be analyzed. Not so for a (possibly NSA spec'd) chip.

Re:How to crack RSA

[TechyImmigrant]

>HW RNG is of limited use in crypto anyway.

How else do you propose to get entropy out of a deterministic system?

Re:How to crack RSA

[TechyImmigrant]

And you need a hardware RNG to get you that 128 bits. It absobloodylutely essential. Not "of limited use". It is the enabling technology.

Re:How to crack RSA

[TechyImmigrant]

>a _specialized_ rng device that is easy to hack to give nonrandom numbers

Can you demonstrate this?

Using accidentally entropic sources in favor of the thing designed for the job with a comprehensive security model is demonstrating a lack of clarity of thought.

Re:Sounds like John Gilmore has called it accurate

Honestly, after having dealt with these standards committees. I wouldn't say these acts of "sabotage" are the NSA trying to weaken security.

Null algorithms help alot with validating security protocols and should be disabled in actual use. TLS supports NULL crypto, but it should never be allowed in production systems.

Weaker algorithms have been used in committees for many reasons. Usually it is either a vendor has low end equipment and they want to claim support of a protocol, or to encourage adoption of a protocol or use case earlier.

I've seen big name companies not related with the NSA do more to damage security or add complexity to problems more than an official from any government agency(US or foreign). I had a protocol I was working on explode in complexity because Microsoft, IBM and Cisco wanted to minimize the differences between their home brewed implementations and the standard I was working on creating. This made the protocol go from something reasonable to something that took me months to develop a reference implementation since there were soo many edge cases now.

Reference: I worked with the IETF for years.

Re:Can't security be implemented in an application

Yeah, I'd use some obscure USSR crypto (GOST), crypted by some obscure India crypto (Trinetra), crypted by some obscure chinese crypto (you tell me).... That way they'd need the UN Security Council to approve the eavesdropping of my communication. Simple, really.

My sig

[wjcofkc]

becomes more relevant with every passing day.

Re:Sounds like John Gilmore has called it accurate

[symbolset]

You might want to click the wikipedia link in the fine summary.

Re:OpenVPN

[Alain+Williams]

The problem is, that openVPN is also backdoored.

Please supply us with some evidence or a link to something to support your assertion.

Re:Sounds like John Gilmore has called it accurate

(which is the amazing part - how do all the non US security professionals and their respective countries sign themselves up to a NSA destroyed security standard?):

Because (a part of) the standards comittee meetings are kept in the USA. And even EU citizens need a de-facto visa (issued under the highly irocnically named "visa vaiver" programme) to enter the USA. If you read recent NSA statements about whom they may and may not spy on, a "foreinger" has a bit less rights than a "human". Add this all up, and traveling in and out of USA might not be the nicest experience after you vocally accuse some delegates of being agent saboteurs.

Re:Sounds like John Gilmore has called it accurate

[EnergyScholar]

Parent post was also modded down [by NSA sockpuppets]. It went up to a 5, then down, then up again. Then it was stable at a 5 for while. Just now, about an hour after the story was first posted (when traffic to this thread is dropping, and a forum slide has been initiated on the front page) it was quietly modded back down. Who besides NSA sockpuppets would do that? Here's an exercise: how much would it cost to station paid sockpuppet moderators at every popular online watering hole? Is this number more or less than the available budget?

Re:USA! USA! USA!

[h4rr4r]

Who wants an empire? I don't.
Who are we at war with? No one that matters as far as I know. Farm animals kill more Americans than terrorists.

Re:Sounds like John Gilmore has called it accurate

[Zero__Kelvin]

No. You misunderstood what Em Adespoton wrote. He wasn't stating or implying that Gilmore is somehow connected to the NSA; only that he may be doing what they were hoping someone with enough clout would do. OTOH, Em Adespoton.might be NSA ;-)

Re:Sounds like John Gilmore has called it accurate

[wisnoskij]

Probably with the abolition of committees. One genius can come up with a spec and even make a program that uses it all by themselves, they do not need committees that invite NSA operatives and corporate representatives in. One person, can come up with the best way to do something, and then just do it. Creating software is not that hard.

Re:Sounds like John Gilmore has called it accurate

[gnasher719]

Parent post was also modded down [by NSA sockpuppets].

Would the NSA need sockpuppets? Wouldn't they have some backdoor that allows directly rating every single post?

Re:Remember the allegations of OpenBSD IPsec stack

[ArchieBunker]

Why would they choose to backdoor such an obscure OS?

Re:USA! USA! USA!

[jcr]

Within the context of war and empire, I'm afraid it is the right thing to do.

Then "war and empire" are the wrong things to pursue.

-jcr

Re: OpenVPN

Seems unlikely since you can be your own CA for the OpenVPN certs. You don't have to trust anyone. It's funny, though, I started using it myself for all my mobile gear (IoS and Android), with the openvpn server under my control on a colocated box. But not because I am paranoid about U.S. telcos. I did it because I mistrust public Wifi, hotel wifi, and foreign telcos when I'm not in country. But my habit now is to just leave the VPN on all the time.

-Matt

Re:USA! USA! USA!

[Ziest]

Other countries did and do spy on their citizens, mostly the Soviet Union and it's allies. North Korea also comes to mind.

Re:OpenVPN

[F.Ultra]

OpenVPN consists of: xx@yy:~/openvpn-2.2.1$ cat *.c | wc
58973 179450 1502171

Quite easy to validate a mere 58k lines of code actually, especially since many of them are blank lines and comments.

Re:USA! USA! USA!

[Ziest]

The Soviet Union did and where is it now? In the graveyard of empires, the same place this country heading at full speed. In my mind it's not will the American Empire will break up, its when.

Re:Sounds like John Gilmore has called it accurate

[black3d]

No, it doesn't really. Do you speak any of them? If not, the answer is no.

Re:Sounds like John Gilmore has called it accurate

[bmo]

Sabotage and incompetence look the same.

Either should not be tolerated.

"Any advanced incompetence is indistinguishable from malice."

Me, butchering a quote from Arthur C. Clarke.

--
BMO

unless the NIST evaluation tools are broken...

[SuperBanana]

It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.

Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are. Also, few intel processors have built-in RNGs, at least not ones the Linux kernel can use. None of the machines we've bought in the last 5 years have them. When was the last major intel x86 processor to have one? P2/P3 based systems?

I always wondered why; now I think I know *exactly* why. Hardware RNGs increase crypto security; by removing them, the NSA can influence/corrupt OS-level pseudo-RNG routines.

I wonder how many of the software RNG projects like haveged are compromised...

Re:unless the NIST evaluation tools are broken...

[JesseMcDonald]

Also, few intel processors have built-in RNGs, at least not ones the Linux kernel can use. None of the machines we've bought in the last 5 years have them. When was the last major intel x86 processor to have one? P2/P3 based systems?

How about all the latest Ivy Bridge-based processors, like the Core I3/i5/i7, via the RdRand opcode?

There is no longer a separate HW RNG, but that's only because it was moved into the core. And yes, the RdRand opcode is based on NSA-influenced NIST standards and may well be compromised.

Re:unless the NIST evaluation tools are broken...

[swillden]

Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are.

Nonsense. There is no way to validate that an RNG produces unpredictable numbers. At most you can verify that the method you're using can't detect predictability.

Re:unless the NIST evaluation tools are broken...

[TechyImmigrant]

Oh FFS.

The 'NSA influenced' PRNG in SP800-90A is the Dual EC DRBG.
RdRand uses the AES-CTR DRBG.
 

Re:unless the NIST evaluation tools are broken...

[TechyImmigrant]

Are you talking about SP800-22 when you talk about 'NIST tools'?

SP800-22 is a bad spec. The Lempel Ziv test is randomness is actually broken. But we have better tools than SP800-22. TestU01, Dieharder, etc.

If you want to check for an undermined RNG you need to look for correlation between outputs across multiple devices.

Backdoor to one is a backdoor to all

[giorgist]

If NSA has a backdoor to anything, it simply allows for a backdoor to everybody. It is not like the backdoor would be wired to an NSA IP address. Ultimately it creates a disservice for the country.

Re:Backdoor to one is a backdoor to all

[gottabeme]

Look up kleptography. Seems that not all backdoors are created equal.

Re:Sounds like John Gilmore has called it accurate

[Lisias]

For a permanent solution, the mole MUST be found.

Found *AND* exposed.

Re:Sounds like John Gilmore has called it accurate

[Electricity+Likes+Me]

NULL algorithms are also handy when you just want to do secure authentication but nothing else. I have an SSH implementation with the none cipher enabled because it means I get packet verification and secure authentication without the overhead of AES when I'm just moving a bunch of non-secure log files (or don't want to install a totally different daemon on a machine on a local network).

How to know when the NSA is telling truth/lies

[Aristos+Mazer]

If only we had two the NSA and a meta-NSA... the meta-NSA's job is to spy on the NSA. Then we could listen to the NSA and accept advice from them only when the meta-NSA tried to undermine it -- because then we would know that it was a suggestion that actually made the meta-NSA's job harder. We could set it up such that however many files the NSA has in its possession, the meta-NSA's job is to copy as many as possible, and the more documents that the meta-NSA does copy, their pay goes up and the NSA's pay goes down. That way we maintain enmity between them.

Re: Remember the allegations of OpenBSD IPsec stac

[shentino]

Maybe the comber was an informant?

Re:Sounds like John Gilmore has called it accurate

[mysidia]

It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.

Does he have prove that it's intentional sabotage and not overengineering?

Seth Vidal, creator of “yum”, killed i

[Max_W]

Seth Vidal, creator of “yum” open source software, killed in bike accident: http://www.businessinsider.com/36-year-old-seth-vidal-tragically-killed-2013-7

His last words were: "don't track things. Just ride," Vidal

Re:USA! USA! USA!

[fustakrakich]

Who wants an empire?

An emperor, or a wannabe. As long as anybody can draw up a big enough army they will have one.

I don't.

Doesn't matter. You will either live in an empire or its colony. Choose the most benevolent one you can. That's just the way things will stay for the foreseeable future.

Who are we at war with?

Cold or hot, competing empires have been at war throughout all of history, each one replaced by or morphed into another. The natural desire for domination is not going anywhere, and war is its natural state.

Re:USA! USA! USA!

[fustakrakich]

Then "war and empire" are the wrong things to pursue.

Right and wrong are irrelevant. Somebody is always pursuing them. Choose your weapon to defend yourself.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

..."Off-topic"?

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

So you're basically saying, "TRUST NO ONE!"

I guess there might be some wisdom in that, but if you truly trusted no one, it'd be impossible to get anything done.

Maybe we need to be more careful to not put all our eggs in one basket. Standards are great, but what if AES-n turns out to be backdoored or intentionally weak someday? Maybe the runners-up should continue being developed and used as well.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

I read it as, rather than have a useful, usable, implementable standard, they kept tacking things on for corner cases until it was an unruly behemoth that no one could even comprehend. It would have been better to have something that supported fewer use cases but did a few of them well, and was actually widely used. And that seems believable to me.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

Interesting. Is it actually noticably faster when SCPing files?

+1 Insightful

[gottabeme]

Mod parent up.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

You're talking about Gilmore? I was under the impression that he was actually involved in the processes he is talking about, and therefore that he ought to know what he's talking about. If you read some more of the thread under his message, you'll find responses from people who were indeed involved in the processes he mentioned. I don't think these folks are journalists who are in over their heads.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

I think his point is that it was sabotage in the form of overengineering. You know, hiding in plain sight, subtle, etc.

Incredible

[Arancaytar]

that basically XOR'd each voice packet with the same bit string!

What a genius idea; it must have been thought up by a true vigenèry.

Re:Incredible

[Arancaytar]

(come on! Vigenèry! Anyone? ...I'll see myself out.)

Re:Incredible

[CaseCrash]

Oh! visionary?

False dichotomy.

[gottabeme]

False dichotomy.

Where is the statement from Linus

Calming the fears of the masses that we have nothing to worry about with backdoor in RNG, IPSEC or SeLinux?

Re:Sounds like John Gilmore has called it accurate

[profplump]

Depends on whether your bottleneck is the network or the CPU. If you've got more than about 100 MB/sec between the hosts (and don't have hardware-accelerated encryption) the crypto speed could be a limiting factor. But for most over-the-Internet applications the network tops out well before the CPU.

Re:Sounds like John Gilmore has called it accurate

[1s44c]

In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?

Replace IPsec with an open and non-pathological standard.

I'm sure you have used OpenSSH and/or OpenVPN, they are simple, elegant, cross platform, and come with mountains of features. IPsec is a confused nightmare in comparison.

Re:Sounds like John Gilmore has called it accurate

[1s44c]

I heard the same discussion on reddit. Their conclusion was that some kind of psyops operation is going on to game reddit's moderation but it's only partially successful due to the number of genuine viewers.

Re:Remember the allegations of OpenBSD IPsec stack

[gottabeme]

Wrong question. The question is, why wouldn't they?

Besides, you're begging the question: is OpenBSD obscure? I'd suggest that since it is reputed to be so secure, it's more likely to be used for installations that want or need high security, and so a backdoor in it could be quite valuable.

Re:Sounds like John Gilmore has called it accurate

[bytesex]

Indeed. OpenVPN has 'null encryption'. Just authentication network traffic, or even just tunneling, serves its own purposes.

Re:Remember the allegations of OpenBSD IPsec stack

[bytesex]

I'm sure it was not your intention, but right now you're leaving the impression that their (the FBI's, assumed) plan actually worked. For the record: it didn't, it was discovered before it could do any damage, they made a big stink about it, and it was never tried again.

Easy to spot

[dutchwhizzman]

Paying someone an insane amount of money to do this would make this person easy to spot. How much kernel developers do you know have three houses, a private plane and a collection of racing cars? You can't pay them money without them being able to spend it.

A way more likely scenario would be to set them up for something criminal and then make them "an offer they can't refuse". It would be way cheaper and they would hold control over this person for the rest of their lives, not until they spent all the money.

Re:Names please...

[rvw]

...says the Anonymous Coward.

Yeah right - says the NSA...

Re:Sounds like John Gilmore has called it accurate

[Electricity+Likes+Me]

On my LAN it is a lot faster - it's part of HPN-SSH which speeds up SSH over a gigabit network enormously for me (2 mb/s -> 30 mb/s with parallel AES ciphers). If I then use the none cipher I get 80-90 mb/s, which is closing in on the practical line speed for the network.

Re:Sounds like John Gilmore has called it accurate

[santosh.k83]

No because enough people with the necessary level of mathematical expertise are not available here. Any such are busy now working for the US govt and companies in return for fat paycheck, and that happened because the government is made up of people who never even completed high school and are rouges, and don't know or care about the wider implications of science and technology for humanity, and are in general content with milking money of lucrative deals, securing their office and living their decadent lives. Not saying things couldn't improve, but I can't see who are what can kickstart this ground-up sea change that needs to happen.

Re:Sounds like John Gilmore has called it accurate

'Code' isn't even really the crux of the issue here. The entire standard is flawed and hopeless because the committee process required to create it was itself exploitable by the NSA, which they did with little restraint. So you have to critically examine ANY human process involved in creating software security standards as if the process ITSELF is code, and improve upon that process to eliminate 'exploits' within it. One of those steps must be to expose anyone who would try to exploit the process and shun them professionally, which will marginalize their ability to do it in the future. Improving the process to eliminate them in the first place would be helpful, but unfortunately to do that 100% effectively would require becoming the very thing you're trying to prevent. More attention needs to be given to John's analysis by the software security community at large, so they can recognize future attempts to sabotage standards efforts like IPsec and prevent them, much like we already do with security software itself (at least in the open source world).

Re:Can't security be implemented in an application

[bill_mcgonigle]

Yep, there is an XMPP spec for using PGP with it. It works quite well if the client does it right too. A friend and I used it very frequently.

You might prefer to use OTR instead. OTR offers perfect forward secrecy, and it's constantly re-keying. It's also widely available.

Re:NSA has been obstructing security...

[bill_mcgonigle]

AES is not secure because of NSA (Rijndael supports up to 2048 bit keys but in AES it is limited to 256 bit)

eh? Rijndael supports block and key sizes of any multiple of 32 bits between 128 and 256. AES selected three cycle counts for standardization (10,12,14) to meet the arbitrary military concept of three levels of security.

There's even some cryptanalytical evidence that the extra rounds weaken the security and the 128-bit 10-round variant might be the best option at this point.

Back in '98 was the first time I went to a conference panel on elliptic curve crypto, and even then there was concern about which group to use. The current problem seems to be that everybody has settled on groups that the NSA helped to select because they thought that the NSA had some insights into which would be the best groups to use.

<cartman>goddammit</cartman>

Re:What of our trust in SeLinux?

[bill_mcgonigle]

At this point, Redhat pretty much needs to fork SELinux, call it Enterprise Linux Security, or some such (permission granted) and let the NSA go their own way. I think we trust Dan more than we trust the NSA guys on the list. If they want to quit the NSA then maybe we'd trust their commits again, after Dan reviews them.

Actually, I'd trust a guy who does *not* have clearance more than somebody who does at this point.

Re:Sounds like John Gilmore has called it accurate

[BitZtream]

And so you think that hasn't already happened ... in the OSS world ... but suddenly now we can do so?

So basically the leading tenet of OSS 'that many eyes can catch the bad guys' is completely false and has failed to catch said bad guys in the most important bits that have the most eyes looking at them?

If you haven't caught them by now, you aren't going to.

Re:Sounds like John Gilmore has called it accurate

[BitZtream]

Because slashdot is such an important part of the world to bother with them trolling it? Seriously?

I'm sorry, but any down voting is just that, normal '-1 disagree' on slashdot from someone who ... disagrees. Go figure.

Slashdot, while popular among a limited selection of minor geeks, is hardly important in the grand scheme of things. Very few high level geeks have anything to do with slashdot, its mostly people wanting to pretend they are more than they are so the vote swings are nothing more than your typical 'I agree/I disagree' crap.

You of course inject some silly statement and everyones drooling to bitch about the NSA and you get voted up ... then down ... oh look, same thing.

Silly conspiracy theories you have. slashdot isn't worth their time.

Re:Sounds like John Gilmore has called it accurate

[BitZtream]

No, you don't. You only think you know.

You're making assumptions as if they are fact. Until you find actual proof, 'knowing' based on assumptions is a good way to waste a bunch of time.

Re:Sounds like John Gilmore has called it accurate

[BitZtream]

I was under the impression that he was actually involved in the processes he is talking about

That would be the emotional blind spot he was mentioning.

What you need is proof. Some one saying 'I helped fuck it up' (which is not what gilmore said) but not showing how is just as unbelievable as the NSA saying 'no we didn't!'

Re:OpenVPN

[BitZtream]

He has as much evidence as anyone else for any other software.

Funny how you pick and choose who you believe and who you don't.

Re:Sounds like John Gilmore has called it accurate

[Keith+Henson]

One time pads are unbreakable if used properly.

For that you need a good random noise generator (that has not been corrupted by someone), a way to distribute the key material and relatively trivial amount of code. (XOR may be good enough.)

I don't know what is being used recently for random noise. I might want the key generator to be a dedicated hardware box with a couple of storage devices plugged into it, though for a start, a program to run on PCs might be ok.

One problem is key management. You want to delete the used part of the key store, both so you don't reuse it and to keep it from falling into the wrong hands. The obvious way would be to make up USB sticks with files of key material and delete/overwrite the used file blocks. The problem is that secure erasing of files on a USB stick is hard to do.

http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/
http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf

For casual use for unimportant matters, it might be ok. A more secure method would be to put the key files on a hard drive and use multiple overwrites to erase the used key material.

Eventually someone might make dedicated read once sticks with automatic erasure. Then you would only have to worry about physical security.

DO Vote For SOMEONE

[Burz]

It can be yourself or whoever. If none of the pre-printed choices on the ballot are satisfactory, then write someone in. That is the surest way to tarnish the establishment's democratic halo. Staying at home just tells the world you're lazy or apathetic.

And don't be fooled about the president's power. Why do you think Republicans have used their gerrymandered privilege to block him? They don't represent the people, and they want all the bad things the president wants and then some... under *their* banner and generating revenue and power for *their* lilly-white relatives and neighbors.

Gerrymandering needs to be abolished just about more than anything.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

Sorry to hear that. I'm curious, how do you manage to keep track of replies to your AC comments?

Re:Sounds like John Gilmore has called it accurate

[gweihir]

Aaaaand wrong. Have you read the story? Apparently not. Also there is a bit of a difference between an expert opinion and a WAG.

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

A very patient man you are to keep checking for replies. Kind of like APK. (Kidding!)

Re:Sounds like John Gilmore has called it accurate

[Xest]

I'd be surprised if it was that. I was mod-bombed by what I assumed was a bunch of Apple fanboys not so long ago. I contacted Slashdot and they investigated and turned out it was one guy with multiple accounts, all now banned from moderating.

I don't think it's a psyops operation, I think there are some people that are such zealous defenders of their unpopular opinions, that are so sick of being wrong that rather than evaluate their position go to the extreme of creating multiple accounts that they use to mod bomb people they disagree with.

I think some people really are just the extreme form of losers, they can't handle "defeat" and being wrong, I don't think it's any more complicated than that - just like the folks that use aimbots in online games and so forth. They just have to "win" at all costs because they have absolutely nothing else.

Re:Sounds like John Gilmore has called it accurate

[DarkAce911]

Did you not hear about the Verona intercepts? It turns out Mccarthy was right, the US Government at the time was full of Russian spies and had been since before WW2.

Re:Dose of yer own medicine

[cbiltcliffe]

Hey, APK. Haven't seen you for a while.

How are your mental imbalances holding up?

Re:A dose of your own medicine

[cbiltcliffe]

I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..
I'm APK..I kicked your ass, fool!...zzzzt..

You're starting...no...not starting...continuing to sound like a broken record.

Do you really get any satisfaction from stalking people who've beaten you in arguments, and trying to rewrite the debate to make it seem like you won? How much effort does that take, compared to what it would take to just learn the subject you're bullshitting about? You'd probably win many more arguments if you had a clue, and I'm betting it would be less effort than the amount you must put in doing all this following and trolling bullshit that you currently do.

Tell me one more thing: How much caffeine do you consume in a day?

Re:Sounds like John Gilmore has called it accurate

[gottabeme]

I agree that Gilmore's hypotheses aren't proof, per se. However, in light of recent revelations, I think the NSA is less credible than he is. His comments deserve serious consideration.

Re:OpenVPN

[F.Ultra]

The rest of us knows that -l is the first column above anyways...