Slashdot Mirror
John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore
has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
"one kernel developer"
Names please? And was it really only one - or one do the actual blocking and the rest kept silent as they were instructed? Seriously we need more whistlblowers, it is an urgent social obligation at this point. People stepping forward with this kind of analysis and stories - have *you* been pressured or blocked when trying to imrpove security? Otherwise how are we the engineers ever "going to take back" the Internet?
It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.
Of the multiple examples John calls out, the most poignant is probably the needlessly complicated IPSEC standards. Overly complicated standards lead to bugs and flaws. He and Bruce Schneier describe a process that certainly sounds like NSA sabotage of security standards.
What should be the upshot of this? Perhaps people involved in security research should recognize that [b]anyone affiliated with NSA is a likely saboteur[/b]? Is such sabotage, which deliberately cripples the security of USA electronic infrastructure, a form of treason? Since this sort of deliberate sabotage of technology is the sort of thing terrorists might do, perhaps the NSA, and every person associated with that organization, should be placed on a Terrorist Watch List?
In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?
Well with this guy all but naming nanes, perhaps it's time to name names.
There was a call recently for those who put back doors in critical code, to come forward and speak up.
While some may put themselves at seriously legal risk for doing so you wouldn't expect to see such risk in open source projects.
We could then review their work very carefully.
Should we look more closely at SELinux? Are we prepared to find which of our heros have been in the NSA's pocket?
Sig Battery depleted. Reverting to safe mode.
This post needs repeating.
+=+begin paste+=+
The destruction of trust (Score:5, Insightful)
by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)
The worst part of the damage done by this isn't technical. It's human.
The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.
I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?
Will anyone be asking themselves the same questions about me? (They probably should.)
The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.
+=+end paste+=+
--
BMO
Your choice: big bully or idiot.
"In all seriousness, how should the technical and geek community deal with this sort of sabotage?"
Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.
--
BMO
For many years, I just felt that something was wrong, and would do "silly things" (I was an admin, whoops) like setup VPN tunnel, then require everyone to use SSL and client certs to access a service. So people would laugh at usage of VPN + SSL (and then certs on top of it) and ridicule it.
Spent more than a decade trying to explain to *technical* people why self-signed certs are much more secure than 'commercial' certs, and I could never understand why people couldn't understand what I am saying. Well now I know, they simply couldn't beleive any government would do things we're seeing done.
Been laughed at quite few times, but I can tell you that noone is laughing right now.
And now I finally know that I am not a fucking lunatic.
Thank you Edward Snowden.
Read all (4 pages) of chapter 13 basically, but in this case perhaps specifically;
"Spies cannot be usefully employed without a certain intuitive sagacity. Before using spies we must assure ourselves as to their integrity of character and the extent of their experience and skill."
"Without subtle ingenuity of mind, one cannot make certain of the truth of their reports."
"Kill 'em all and let Root sort 'em out"
"Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent's fate."
Sun Tzu
This! Yes! I was hoping someone would say this. Yes, this is [part of] what needs to happen.
..."backdoor":
bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack
Many people laughed at this at the time.
Guess they're not laughing now.
https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html
When IBM submitted DES as a standard, no one outside the National Security Agency had any expertise to analyze it. The NSA made two changes to DES: It tweaked the algorithm, and it cut the key size by more than half.
The NSA's changes caused outcry among the few who paid attention, both regarding the "invisible hand" of the NSA--the tweaks were not made public, and no rationale was given for the final design--and the short key length.
It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.
We live in an Open Source world now. So why don't the cryptographers who said IPSEC was too complicated not draft a simpler protocol that can be scrutinised by their peers? It won't matter if corporations don't rally round it, if you can get support from the open source community to implement it in things like the Linux kernel it will be adopted in preference to IPSEC anyway. Corporate users who have concerns about IPSEC might prefer it too.
After all, PGP didn't need a standards body behind it. The Blowfish encryption algorithm (developed by Bruce Schneier) is still more trusted than most variants of AES.
The great thing about this is that you wind up kicking out the incompetents simultaneously.
Someone who is shit at maintaining a security module? NSA hack or incompetent, doesn't matter. Find someone else to do it.
--
BMO
PGP comes to mind. Cant an application developer just create a 1024-bit public key encrypted chat program?
Given the NSA budget, and how much additional they could be getting through Black Box projects we don't even know about, they can afford to recruit some really top notch people. Like, say, an Air Force Chief Warrant officer with an existing Top Secret clearance, a bunch of tech skills and a flawless 12 year history (we could go 20, but lets keep our hypothetical spy young enough to blend in with mid-level tech managment), pay for a couple of years full time training on just the things they want, pay them a salary competitive with a small corp CEOs, and put 10 existing people on falsifying a tremendous amount of background info for the few weeks hat would take. I'm not saying they did that here, but they have the resources if it's that high a priority to them.
Seriously, the way to get a real life James Bond is to find somebody who looks fairly close in the Navy Seals or MI6, a Blackwater style contractor or whatever, somebody who seems highly motivated by the cause you want to employ them at, do additional background checks before you even approach the candidate, and if he or she checks out, then throw lots of money at retooling them into an Uber-agent. If you don't need combat skills, some of the best agents for business infiltration are prosecuting attorneys or accountants who have made a go at starting or running some business of their own. You can figure from this what sort would be attractive to the NSA for infiltrating a software business.
The A.C. you responded to is admittedly not coming off as the sort of person who could spot even a basic mole (hint: there's never a bunch of other people instructed to keep silent, or even a few. At most, one person well above the spy in the civilian organization knows that it was strongly hinted he should hire this person and not ask too many questions.).
If you mean that anybody competent to do software engineering should be able to put together a proper list of who has the physical access needed to put back doors in properly secured development code, then you may be correct. It's a reach, though, to think an engineering degree or even years of good work in the field qualifies a person to narrow that list down.
Who is John Cabal?
Until recently, the public hasn't cared about cryptography's political/privacy ramifications, let alone about crypto itself. As a technical person, I concede that the learning curve is steep; to even make basic judgements on the safety of others' cryptosystems like, "well, does it use AES?" typically takes several months of training that don't always sink in. One of the better jinns to emerge from the NSA Spying Pandora's Box has been increased public interest in crypto/general information security. In my present personal opinion, a better project for the EFF et al. to engage in rather than continue to prop up the fairly vulnerable and incriminating Tor system (given the people intent on breaking it) is launch a policy to educate laymen on principles of encryption use (things like what a public-private cryptosystem is, what a digital signature is, general advice on what to use and what not to use--that sort of stuff).
Email was created around a time when it was used by a few thousand academicians and not expected to carry messages between business partners, political activists, and loved ones. Its lack of inherent security has driven the layering of security ameliorations on top of the basic protocol, most of which don't work terribly well (PGP is fractured, hard to use, doesn't support rich email, and is generally hard to use, for example). The same goes for HTTP. I agree that it's probably time for a new spec, but I don't know where or how to begin the creation of one, let alone how to get the public on board to transition, though again, the spying fiasco may generate the the impetus needed.
It's still interesting to me that mail, which I'd generally consider far less inherently secure than secured electronic communications and as having a far lower "reasonable expectation of privacy," receives all kinds of legal protections that, say, even email exchanged purely through Gmail (which has all kinds of security precautions like DMARC, SSL/TLS, and STARTTLS) doesn't. I think this reflects a long-term interest in western policy-making to incrementally convert "free societies" into police states, as others have observed. It looks like the governments of the US, UK and collaborators are simply waiting for mail to become completely obsolete so all communications are fair game for eavesdropping. It brings to mind what Ray Bradbury said in Farenheit 451: the government didn't have to outlaw books until most people were so fed up with them that no one noticed when the crackdown began.
Or other countries do
E.g. the UK (GCHQ). Not as big a bully as the NSA, but....
WE can cause them to completely fail. How? Make this like SETI, or the RC4 competition, in reverse!
They find needles in haystacks. Our job is MORE, BIGGER HAYSTACKS!
Create more crypto-garbage for them to sift. Expensive to crack and useless, when decrypted. Start by upgrading to Tor 2.4, and running a non-exit-node relay.
Add your own ideas. We can chaff the net with more problems than they can manage, even with their stadiums full of Xeons!
"Flyin' in just a sweet place,
Never been known to fail..."
Hans Reiser. ;-)
"Flyin' in just a sweet place,
Never been known to fail..."
Indeed. IPsec is a terrible, terrible mess. I always wondered how the IETF could mess up so badly when doing reasonable work otherwise. Now I know, intentional sabotage of critical infrastructure by the NSA is to blame.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
— George Bernard Shaw, Man and Superman (1903)
What would the NSA do confronted with an individual so high-minded and abrasive as to be relatively immune to the bullying tactics of the second-largest bullhead in the room? They would plant and nurture the meme that Theo sucks as a human being and that one's choice of OS and security software deployed rests on social morality rather than logic.
Who's looking like the reasonable man in the room now?
It's almost tautological than anyone abrasive enough to successfully push back against covert and well-funded NSA assholerly is not going to be a poster child for harmonious cooperation.
I've followed this little soap opera avidly (but with a relatively small corner of my mind) since Bamford's Puzzle Palace in 1982. I was then enrolled in an undergraduate mathematics program at a university famous for its cryptographers and I heard a few stories directly. I suspect I've read twenty books on the origins of these agencies before, during, and after WWII, ranging from espionage to black budgets to the ITAR fiasco.
I'm surprised by exactly none of this. I just didn't know the specifics of how it was done. The peculiar part was that the NSA seemed to have a very low appetite for taking this fight to the courts in the Clipper chip era. Now we know that they had a giant Plan B, much more to their taste than entering into a public process where things get written down.
Seems like another witch hunt to me. Good ol' McCarthy would have been proud.
Instead of searching for culprits, get the community to examine the compromised code and improve it.
If you think the whole community is in the hands of the NSA then we've already lost.
You/we need to do both. Fixing the compromised code without finding and removing the culprit(s) is a short term solution at best. The unknown culprit would be free to compromise other code repeatedly, unless they are outed to the community at large.
For a permanent solution, the mole MUST be found.
"City hall" in German is "Rathaus" Kinda explains a few things......
I know it's difficult sometimes, but if you had read the comment before you tried to justify the USA's wrongdoing by pointing out other nations' potential wrongdoing, you would have recognized that my indignation wasn't so much about the spying but about the fucking sabotage. We're without a practical ubiquitous network encryption solution because the NSA would have had to work harder, so they made sure it wasn't created. The USA intentionally and actively made the internet less safe to make their spying easier. If you can come up with information that other countries have actively sabotaged standards committees to make the job easier for their spying operations, do come forward, but it's still not right for the USA to have done this.
(how many sites changes ca when issuing a new cert anyway).
Google's done it. Pretty sure there are plenty of Diginotar and Comodo customers who've done it, too.
"City hall" in German is "Rathaus" Kinda explains a few things......
Yeah, I was wondering about this. It's SSL-based, which might be an issue if the NSA can actually break the encryption; but it is in line with Schneier's advice to use standard, interoperable protocols. And the source code is available, so one would assume any attempts to back door the actual code base would get caught.
OpenVPN available cross platform - there's even a free iOS app (which works well if you have the know-how to configure .ovpn packages). And setting up a server is straightforward.
#DeleteChrome
Hans Reiser. ;-)
Hey, he was asking for name naming, not for name calling. ;-)
Ezekiel 23:20
Maybe we in the USA are the only ones conscious of these egregious violations of the American ideal and tradition of open and accountable government?
Or maybe we're not. (Perhaps, in that case, more like the German ideal of open and accountable government, due to somewhat recent memories of other traditions.)
Even better is to change the behaviour to a "No Trust" model as I have and add exceptions for those sites you actually need. Remember the Diginotar mess? Since then, I've changed the trust of all Certificates by marking all of the Root CA's as untrusted. Sometimes it does create a bit of an issue since Firefox tends to be resistent to adding the needed exceptions but considering that I only have a couple of dozen exceptions out of how many certificates? I don't feel it's as big of an problem as folks think to add them. The main advantage is, none of the god damn advertisers or other idiots forcing https connections can infect my system by default as I get a warning about an invalid certificate chain as soon as the connection is made and yes, I've seen that in regards to some of the advertisers and other folks that I don't need to connect to.
Mod me up/Mod me down: I wont frown as I've no crown
In response to the current situation, I've been researching random number generators - especially the builtin one in Intel processors.
It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.
If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.
With a very large number of keys, you don't need to try N*(N-1) pairs of keys: partition the keys into two sets, multiply all the keys in the first set together, multiply all the keys in the second set together, then calculate GCD(Set1,Set2). In one calculation, you've determined whether any single key in the first set has factors in common with the any key from the second set.
Bruce Schneier believes that the algorithms are robust, and that the NSA is using other methods to break the encryption. Here's one likely way that they are doing it - they weaken the random number generator on a class of devices, harvest all the encryption keys they can find, then look for common factors.
From this article talking about the study: "[Researchers from the linked paper found] “vulnerable devices from 27 manufacturers. These include enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; VPN devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products [1]."
The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.
You might want to click the wikipedia link in the fine summary.
Help stamp out iliturcy.
The problem is, that openVPN is also backdoored.
Please supply us with some evidence or a link to something to support your assertion.
Who wants an empire? I don't.
Who are we at war with? No one that matters as far as I know. Farm animals kill more Americans than terrorists.
Parent post was also modded down [by NSA sockpuppets].
Would the NSA need sockpuppets? Wouldn't they have some backdoor that allows directly rating every single post?
Within the context of war and empire, I'm afraid it is the right thing to do.
Then "war and empire" are the wrong things to pursue.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Other countries did and do spy on their citizens, mostly the Soviet Union and it's allies. North Korea also comes to mind.
Another day closer to redwood heaven
OpenVPN consists of: xx@yy:~/openvpn-2.2.1$ cat *.c | wc
58973 179450 1502171
Quite easy to validate a mere 58k lines of code actually, especially since many of them are blank lines and comments.
The Soviet Union did and where is it now? In the graveyard of empires, the same place this country heading at full speed. In my mind it's not will the American Empire will break up, its when.
Another day closer to redwood heaven
Sabotage and incompetence look the same.
Either should not be tolerated.
"Any advanced incompetence is indistinguishable from malice."
Me, butchering a quote from Arthur C. Clarke.
--
BMO
It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.
Unless the NIST tools are compromised as well, then yes, it's completely possible to verify how good hardware RNGs are. Also, few intel processors have built-in RNGs, at least not ones the Linux kernel can use. None of the machines we've bought in the last 5 years have them. When was the last major intel x86 processor to have one? P2/P3 based systems?
I always wondered why; now I think I know *exactly* why. Hardware RNGs increase crypto security; by removing them, the NSA can influence/corrupt OS-level pseudo-RNG routines.
I wonder how many of the software RNG projects like haveged are compromised...
Please help metamoderate.
He refused to help them. See what happens when you do that?
If NSA has a backdoor to anything, it simply allows for a backdoor to everybody. It is not like the backdoor would be wired to an NSA IP address. Ultimately it creates a disservice for the country.
Classic military blunder.
In all this discussion I have yet to see the real problem addressed. Like so many military adventures in the past, the people who create and operate the process assume that there are unlimited funds to operate and that somebody else is handling the finance of the process to make it profitable for the state. There are not unlimited funds to purchase and maintain computers and in fact they have already gone trillions of dollars in debt because somebody failed to do their job and say "It might be useful to have an omniscient avenging angel, but what is the cost and can we afford it or maintain it?" I think this is what happened to England's empire, WWII Germans in Russia, USSR in the 1980s, Napoleon... Adventurism has a price and the military is being myopic and self destructive, if they strip the economy and all good will to fit themselves with Iron Man armor, they will fail. It is a self correcting problem, when the cost exceeds resources. They are very clever idiots if they fail to realize that. The abuse of resources will have exactly the opposite effect from what they think they are doing. In the end they will be considering how to defend a nation that depends on them to be strong, with pocket knives and strategy planned on PostIt notes. The problem I see is that this will end and there will be a vacuum and collapse. Then we will be left to defend ourselves against nations who understand restraint.
Like a trusty guard dog given a very long chain, he may not realize in his forward rush to defend, that it has a finite length.
The more you taunt them , the faster they charge. It is the dog's owner that is the problem, not them.
. If I were in his shoes, I do not think I would want to out an undercover NSA operative.
Get the pitchforks! Let the rampant speculation begin!
I think it's Stallman, no way could he be real. He's obviously a agent provocateur plant set out to gather info on anyone who'd actually listen to his ramblings. Rather cunning too, it's always the last you'd expect.
Waiting for an amusing sig.
In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?
Replace IPsec with an open and non-pathological standard.
I'm sure you have used OpenSSH and/or OpenVPN, they are simple, elegant, cross platform, and come with mountains of features. IPsec is a confused nightmare in comparison.
...says the Anonymous Coward.
Yeah right - says the NSA...
Yep, there is an XMPP spec for using PGP with it. It works quite well if the client does it right too. A friend and I used it very frequently.
You might prefer to use OTR instead. OTR offers perfect forward secrecy, and it's constantly re-keying. It's also widely available.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)