Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can We Still Trust FIPS?

Posted by timothy on from the just-slide-it-under-my-door dept.

First time accepted submitter someSnarkyBastard writes "It has already been widely reported that the NSA has subverted several major encryption standards but I have not seen any mention of how this affects the FIPS 140-2 standard. Can we still trust these cyphers? They have been cleared for use by the US Government for Top-Secret clearance documents; surely the government wouldn't backdoor itself right?...Right?"

16 of 138 comments (clear)

  1. How can anyone trust by i+kan+reed · · Score: 4, Interesting

    How could anyone trust an encryption algorithm provided by an organization whose purpose is decryption and interception? That will always be the craziest part.

    1. Re:How can anyone trust by Entropius · · Score: 5, Funny

      That's not their only purpose. The NSA is supposed to:

      1) Make sure the bad guys don't snoop on Americans;
      2) Snoop on the bad guys.

      I use "bad guys" here with intentional irony, since nobody quite knows how to resolve the dichotomy that happens when the NSA's suspected of being bad guys.

    2. Re:How can anyone trust by Anonymous Coward · · Score: 3, Insightful

      That's sort of like asking why anybody would ask the Army for tips on self-defense, given that their role is blowing stuff up and killing people.

      Well, the Army's role is also defense. The NSA has dual-roles, just like the Army.

      The problem is, they've been turned on us. It's effectively like the Army going house-to-house searching for terrorists. All of a sudden that don't want to teach you self-defense practices, because it makes breaking down your door harder.

      But you can imagine that, for a long time, people assumed the best of intentions about NSA, more-or-less.

    3. Re:How can anyone trust by gl4ss · · Score: 3, Insightful

      you forgot 3) make sure that they can snoop on the "bad guys". ...where do you think export restrictions on cryptos came from?

      do you know what's super silly? some companies selling crypto products internationally proudly tout around their NSA certification.. certification from the same organisation that has a role in making sure that they don't export too good products.

      --
      world was created 5 seconds before this post as it is.
    4. Re:How can anyone trust by bill_mcgonigle · · Score: 3, Interesting

      If there are "good guys" at the NSA, they need to be moved to NIST instead. Nobody will ever trust the NSA to do good work again.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    5. Re:How can anyone trust by Lank · · Score: 3, Insightful

      If by good you mean "for the common good" then yes, I'd agree. I would say they do great work with a terrible purpose.

      --
      Gotta get me one of these!
  2. suite b by Anonymous Coward · · Score: 5, Informative

    http://www.nsa.gov/ia/programs/suiteb_cryptography/

      AES with 128-bit keys provides adequate protection for classified information up to the SECRET level. Similarly, ECDH and ECDSA using the 256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-256 provide adequate protection for classified information up to the SECRET level. Until the conclusion of the transition period defined in CNSSP-15, DH, DSA and RSA can be used with a 2048-bit modulus to protect classified information up to the SECRET level.

    AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the 384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-384 are required to protect classified information at the TOP SECRET level. Since some products approved to protect classified information up to the TOP SECRET level will only contain algorithms with these parameters, algorithm interoperability between various products can only be guaranteed by having these parameters as options.

    NSA also defined another algorithm suite, Suite A, which contains both classified and unclassified algorithms. Suite A will be used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI).

  3. No. by Narcocide · · Score: 3, Interesting

    No, and you never actually should have trusted it. None of us did, we all stopped using it the moment the NSA advocated it, just like we stopped trusting every single crypto standard and favorite security tool they promoted, merely because they promoted it so suspiciously, long long before it was public knowledge the agency had gone rouge.

    It still makes me chuckle when I hear people worryingly speculate whether SELinux has backdoors. SELinux doesn't have backdoors, SELinux IS A BACK DOOR!!! *Actually read the instructions* for configuration of this tool and you'll see what I mean. Its security-through-obscurity at its worst. At best you can increase the illusion of security to untrained staff members. Anyone who has read the manual though knows there's one command anyone can use to gain root access more easily than if SELinux had not enabled or installed.

  4. Yes, but... by sinij · · Score: 4, Informative

    FIPS is a financial and government-facing certification. FIPS guarantees correct implementation of cryptographic protocols according to a set of standards. It does not guarantee that there are no undiscovered (or backdoored) weaknesses in your implementation. This is still useful function to entities that require this certification. Corporate liability and loss due to getting hacked because of incorrect cryptographic implementation is orders of magnitude greater than liability and loss due to getting exposed NSA backdoors. It is all about risk management, and it says FIPS is still good idea.
     
      Now, if you want personal security this equation changes a bit - possibility of personal harm due to hypothetical NSA backdoors goes slightly up and your likelihood of getting targeted to get pwned goes drastically down. FIPS is still likely net benefit, but diminished.
     
      Keep in mind that there is no such thing as perfect security. You have to ask, how likely that this specific implementation was backdoored by NSA and what the worst possible outcome of such occurrence?

  5. TS is not SCI by Anonymous Coward · · Score: 5, Interesting

    "Up to Top Secret" does not include Sensitive Compartmented Information (SCI). The ciphers under discussion, backdoored or not, are not suitable for use on SCI.

  6. FIPS is not for Top Secret by Anonymous Coward · · Score: 4, Interesting

    The FIPS 140-2 standard is for "protecting sensitive but unclassified information". It is not for top secret. Also the body of the FIPS 140-2 standard is algorithm agnostic. The part that mandates specific algorithms is Annex A and can be updated to add and remove algorithms without changing the standard.

    In terms of how bad the situation actually is.... I refer to Bruce:
    The math is good, but math has no agency. Code has agency, and the code has been subverted.

  7. History cuts both ways on that by Beryllium+Sphere(tm) · · Score: 4, Informative

    For example, they strengthened DES against differential cryptanalysis when they were the only ones who knew about the technique.

  8. Re: a much better question by chill · · Score: 4, Informative

    Bzzzt! Wrong! OpenSSL jumped thru the hoops and has a FIPS 140-2 version.

    --
    Learning HOW to think is more important than learning WHAT to think.
  9. ASCII probably contains a NSA backdoor as well. by Anonymous Coward · · Score: 5, Funny

    ASCII stands for "American Standard Code for Information Interchange". Since this is an American standard, then the whole encoding scheme probably contains a backdoor that allows the NSA to read all information encoded in it. We can't trust EBDIC either as IBM is a contractor for the NSA, they would insert a backdoor as well. I think for maximum online privacy we should be using Unicode which shouldn't contain an NSA backdoor because it is an international standard. The American government has no interest in following or creating international standards.

    Unfortunately Slashdot does not support Unicode, so one should now safely assume that Slashdot is an NSA honeypot .

  10. Re:The question is... by BitZtream · · Score: 3, Interesting

    As someone who writes cryptography software (I'm not a cryptologist, I just implement known algorithms, and verify they produce was I'm told they should produce), the solution for us is to provide software with multiple algorithms and let the user pick. Our core library supports DES, Blowfish, Twofish, and two separate implementations of AES, one of which is from outside the US. We also support a handful of lesser known algorithms, such as variants of the different Russian GOST standards.

    Unless everyone is collaborating, some part of the software is secure. I don't think Russia, the USA, Germany ... and Bruce Schiener are all in cahoots with each other. Maybe one or two of them, but not all of them.

    I don't know that, but thats my theory.

    Slashvertisement: http://www.rtsz.com/products/cryptolock/

    Its years old now and I haven't updated in in at least 5, so its a bit out of date compared to current UIs and updated cryptography features and such, but functionally, it works. When used with properly long keys, you aren't going to crack its AES implementation, I'm confident of that.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  11. Re:surely the government wouldn't backdoor itself. by cheater512 · · Score: 3, Interesting

    Yeah but they wouldn't shoot themselves in the foot by giving out unbreakable encryption to the people they are trying to spy upon.

    If they got a very secure algorithm, weakened it in a hard to detect way which makes it easier for the NSA and nobody else then that would be perfectly fine to both use for government documents and to give out to other nations.