John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC

New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."

Re:Colour me not surprised

"one kernel developer"

Names please? And was it really only one - or one do the actual blocking and the rest kept silent as they were instructed? Seriously we need more whistlblowers, it is an urgent social obligation at this point. People stepping forward with this kind of analysis and stories - have *you* been pressured or blocked when trying to imrpove security? Otherwise how are we the engineers ever "going to take back" the Internet?

Sounds like John Gilmore has called it accurately

[EnergyScholar]

It seems pretty clear that John Gilmore has clearly identified what's going on. He spotted many instances of NSA-directed sabotage,and has called it out.

Of the multiple examples John calls out, the most poignant is probably the needlessly complicated IPSEC standards. Overly complicated standards lead to bugs and flaws. He and Bruce Schneier describe a process that certainly sounds like NSA sabotage of security standards.

What should be the upshot of this? Perhaps people involved in security research should recognize that [b]anyone affiliated with NSA is a likely saboteur[/b]? Is such sabotage, which deliberately cripples the security of USA electronic infrastructure, a form of treason? Since this sort of deliberate sabotage of technology is the sort of thing terrorists might do, perhaps the NSA, and every person associated with that organization, should be placed on a Terrorist Watch List?

In all seriousness, how should the technical and geek community deal with this sort of sabotage? Is it sufficient to respond,or is proactive behavior called for? What would Sun Tzu have to say about this situation?

Re:Colour me not surprised

[icebike]

Well with this guy all but naming nanes, perhaps it's time to name names.

There was a call recently for those who put back doors in critical code, to come forward and speak up.
While some may put themselves at seriously legal risk for doing so you wouldn't expect to see such risk in open source projects.

We could then review their work very carefully.

Should we look more closely at SELinux? Are we prepared to find which of our heros have been in the NSA's pocket?

From Yesterday.

[bmo]

This post needs repeating.

+=+begin paste+=+

The destruction of trust (Score:5, Insightful)
by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)

The worst part of the damage done by this isn't technical. It's human.

The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.

I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?

Will anyone be asking themselves the same questions about me? (They probably should.)

The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

+=+end paste+=+

--
BMO

Re:From Yesterday.

The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust. The NSA is only responsible for "enormous arrogance". There were a large number of hands involved over decades.

It's a bloody shame that it took so long for even a single person to leak what was cooking here for so long. SS and Gestapo could not rely on a remotely comparable quota of people willing to drive the constitution into the ground.

That gives a rather bland perspective for the hope to curb the Fourth Reich by democratic means and put a stop to the stellar rise of U.S. fascism. Neither congress nor president seem to have what it takes to bring the CIA, FBI and NSA back under democratic control.

After Edgar Hoover established the FBI as the ultimate power of the U.S.A. by collecting files on everybody who could possibly endanger its autocratic rule over the U.S.A., congress decided that no FBI director might reign for longer than 10 years in future to avoid amassing that amount of power again.

Incumbent Robert Mueller is Führer of the FBI for 12 years already. Looks like everybody was so infatuated with his efficiency that nobody wanted to be the one to tell him his terms were over and bear his disappointment.

And nobody will want to tell the NSA that their funding will be restricted to constitutional activities and bear their disappointment.

Re:From Yesterday.

[Tom]

The Internet was built on, and runs on, trust.

And that's a fundamental flaw and a stupid mistake, as we learn again and again and again. Whether it's spam, the dominance and abuse of certain large players, the commercial takeover, or now the surveilance state.

Never built a relationship with parties you don't know personally on trust.

Never.

Ever.

Humans are inherently cooperative with peers, and competitive with everyone else. Your trust will be abused.

Bruce is right, but he misses the scope of the problem. If we want to take back the Internet, not just from the NSA, but also from Google, Facebook, the spammers, the scammers, the media industry and the corporate interest, we need to completely re-engineer it on a different fundamental concept.

One of self-interest.
One based on the assumption that the other side to a data exchange is hostile.
One assuming that intermediates can not be trusted.

90% of this Internets problems would be wiped out if we were to re-design it with an assumption of hostility.

That's hard to swallow for us geeks. Most of us have grown up in a hostile world we barely understand. With people bullying you at school, then exploiting you in the workplace, meanwhile egomanic idiots who are good at fooling people and nothing else take all the credit. So we have a deep desire for a more friendly world. Building that ourselves was a dream. It was incredibly cool while it lasted. Now it's time to wake up.

Re:From Yesterday.

[geogob]

Its worse than worse.... The NSA was, from what I understand, widely active in the crypto and data security scene. They have their hand on every committee. Their research in every development.

Up to now, I, and probably most of us, assumed good faith. That they were actively playing their role to reinforce security in data protocols an communications with critical application in mind (banking, national security, medical equipment, utilities, etc). Why else play such an active and visible role?

Now it seems there was an ugly monster hidden under this veil. That they used this assumed role to incorporate weaknesses and back doors at every imaginable level of data security. Not only is it an impressive breach of thrust, it is also in increadibly dangerous behaviour. They are basically giving their enemies the perfect tools to infiltrate the systems and protocols every one thought they were protecting.

If you ask me who's the traitor, Snowden is not the first that comes in mind...

Re:From Yesterday.

[93+Escort+Wagon]

Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust.

In the same sense that a person who gives evidence to a woman that her husband is a philandering axe murderer has destroyed that woman's trust in her husband.

Snowden merely provided thorough documentation that the trust was erroneously given - the other party was completely untrustworthy.

Re:From Yesterday.

[santosh.k83]

Why should you give yourself a need to tap into the codes of others when militarily you are and economically you were, untouchable? Why not simply devote yourselves to building your country to greater and greater heights while acting only in defense against any aggressors (which you'd have had precious little off if you hadn't started so many wars in the first place)? The end of the Cold War and collapse of USSR could really have been used by the US to advance leaps and bounds in terms of science, tech and human standards, but instead, year after year it's shoving itself onto every piece of hell on earth, getting caught up in costly and messy quagmires, embarrassing itself...

The NSA could have acted far more ethically had the policy of the USA been one of just defense when needed, but no, the policy happens to be one of offense at every turn, preemptive offense in fact, and hence the necessity to turn yourself slowly into one big military camp

Re:Sounds like John Gilmore has called it accurate

[bmo]

"In all seriousness, how should the technical and geek community deal with this sort of sabotage?"

Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.

--
BMO

I don't feel insane anymore

[X.25]

For many years, I just felt that something was wrong, and would do "silly things" (I was an admin, whoops) like setup VPN tunnel, then require everyone to use SSL and client certs to access a service. So people would laugh at usage of VPN + SSL (and then certs on top of it) and ridicule it.

Spent more than a decade trying to explain to *technical* people why self-signed certs are much more secure than 'commercial' certs, and I could never understand why people couldn't understand what I am saying. Well now I know, they simply couldn't beleive any government would do things we're seeing done.

Been laughed at quite few times, but I can tell you that noone is laughing right now.

And now I finally know that I am not a fucking lunatic.

Thank you Edward Snowden.

Remember the allegations of OpenBSD IPsec stack...

[X.25]

..."backdoor":

bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack

Many people laughed at this at the time.

Guess they're not laughing now.

Re:Sounds like John Gilmore has called it accurate

[bmo]

The great thing about this is that you wind up kicking out the incompetents simultaneously.

Someone who is shit at maintaining a security module? NSA hack or incompetent, doesn't matter. Find someone else to do it.

--
BMO

progress depends on the unreasonable man

[epine]

The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.

            — George Bernard Shaw, Man and Superman (1903)

What would the NSA do confronted with an individual so high-minded and abrasive as to be relatively immune to the bullying tactics of the second-largest bullhead in the room? They would plant and nurture the meme that Theo sucks as a human being and that one's choice of OS and security software deployed rests on social morality rather than logic.

Who's looking like the reasonable man in the room now?

It's almost tautological than anyone abrasive enough to successfully push back against covert and well-funded NSA assholerly is not going to be a poster child for harmonious cooperation.

I've followed this little soap opera avidly (but with a relatively small corner of my mind) since Bamford's Puzzle Palace in 1982. I was then enrolled in an undergraduate mathematics program at a university famous for its cryptographers and I heard a few stories directly. I suspect I've read twenty books on the origins of these agencies before, during, and after WWII, ranging from espionage to black budgets to the ITAR fiasco.

I'm surprised by exactly none of this. I just didn't know the specifics of how it was done. The peculiar part was that the NSA seemed to have a very low appetite for taking this fight to the courts in the Clipper chip era. Now we know that they had a giant Plan B, much more to their taste than entering into a public process where things get written down.

Re: Here's a constructive idea

[fast+turtle]

Even better is to change the behaviour to a "No Trust" model as I have and add exceptions for those sites you actually need. Remember the Diginotar mess? Since then, I've changed the trust of all Certificates by marking all of the Root CA's as untrusted. Sometimes it does create a bit of an issue since Firefox tends to be resistent to adding the needed exceptions but considering that I only have a couple of dozen exceptions out of how many certificates? I don't feel it's as big of an problem as folks think to add them. The main advantage is, none of the god damn advertisers or other idiots forcing https connections can infect my system by default as I get a warning about an invalid certificate chain as soon as the connection is made and yes, I've seen that in regards to some of the advertisers and other folks that I don't need to connect to.

How to crack RSA

[Okian+Warrior]

In response to the current situation, I've been researching random number generators - especially the builtin one in Intel processors.

It's impossible to tell in general whether there's a vulnerability in a random number generator. It's a "computationally infeasible" problem, the best we can do is check for known deviations from randomness. If you know how it deviates, it's easy to check but beyond that there's no way to tell.

If the NSA has modified devices to reduce the entropy of random keys, then eventually two keys will have the same factors. This is easy to determine: The GCD algorithm will very quickly tell you what factors two keys have in common. ...and this is exactly what is seen in practice! Some 0.3% of keys tested had common factors: statistically, a *huge* percentage.

With a very large number of keys, you don't need to try N*(N-1) pairs of keys: partition the keys into two sets, multiply all the keys in the first set together, multiply all the keys in the second set together, then calculate GCD(Set1,Set2). In one calculation, you've determined whether any single key in the first set has factors in common with the any key from the second set.

Bruce Schneier believes that the algorithms are robust, and that the NSA is using other methods to break the encryption. Here's one likely way that they are doing it - they weaken the random number generator on a class of devices, harvest all the encryption keys they can find, then look for common factors.

From this article talking about the study: "[Researchers from the linked paper found] “vulnerable devices from 27 manufacturers. These include enterprise-grade routers from Cisco; server management cards from Dell, Hewlett-Packard, and IBM; VPN devices; building security systems; network attached storage devices; and several kinds of consumer routers and VoIP products [1]."

The upshot is this: even locally-generated RSA keys are not guaranteed to be safe, nor will they ever be. When you can't trust the hardware, all bets are off.

Re:History of DES

[amorsen]

It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES.

The S-box tweak made DES resistant (well, more resistant) to differential attacks. The shortened key length did not improve security, it reduced security.

Re:USA! USA! USA!

[jcr]

Within the context of war and empire, I'm afraid it is the right thing to do.

Then "war and empire" are the wrong things to pursue.

-jcr

Re:Colour me not surprised

[MrDoh!]

. If I were in his shoes, I do not think I would want to out an undercover NSA operative.

Get the pitchforks! Let the rampant speculation begin!

I think it's Stallman, no way could he be real. He's obviously a agent provocateur plant set out to gather info on anyone who'd actually listen to his ramblings. Rather cunning too, it's always the last you'd expect.