Slashdot Mirror
Reuters: RSA Weakened Encryption For $10M From NSA
Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
The NSA sold its own customers out to the US government for the price of an NYC apartment.
Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.
RSA is publicly traded, is it not? Reuters is giving them a full weekend to come up with a PR response before the markets open on Monday.
-Also, that wasn't my initial reaction. My initial reaction was to pick my jaw up off the floor. And I thought it couldn't get much worse. Edward Snowden for man of the year.
"... We are now merely haggling over the price."
Oh, no, wait, it's $10M.
(apologies to George Bernard Shaw)
P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
No, you are completely wrong because the issues are unrelated. The NIST curves which are used in SSL and TLS for key establishment via EC Diffie-Hellman are not suggested to be broken, but a PRNG based on elliptic curves which is not used by most TLS implementations at all.
So why doesn't the NSA help us out by cracking cryptolocker?
Hardly anyone uses FIPS-186-3, and its use isn't mandated by RFC 2246 or any later standard that describes SSL or TLS. While Dual_EC_DRBG can be used by TLS/SSL, almost no one does. TLS/SSL has its problems, sure, but this isn't one of them.
"If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
No. SSL doesn't specify the method to produce random numbers. Why would it? The NIST method is very very slow, so I'd be surprised if any browsers or servers used it as the random number source.
AccountKiller
This incident and their 100% CRAP one-time-password generator technology (use by the Chinese to get into Lockheed Martin), means they are simply a FRAUD.
This company is like shiny choclate-paper wrapped around a nice brown stink.
Just a printout of random numbers would be way much more secure than their otp generator electronic crapola. As I wrote even before Snowden: RSA epitomizes the corruption of the western world.
..do I need an "EC PRNG",if any symmetric cipher and a simple couter is sufficient to generate PR numbers ?
I seriously would like to know !
I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught. We have a Constitution, which includes protections against unreasonable search. And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. They are so FUCKING PARANOID that EVERYTHING is on the table, including the privacy and liberty of the citizens. I lower my head in FUCKING SHAME as to what has become of this country.
Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.
No RSA product can ever be trusted again.
TLS's current big problems are: /") by a Nation State Adversary in real time; NSA secretly control PCI DSS standard and used the excuse of the BEAST attack (CVE-2011-3389) to push RC4 as solution for PCI compliance, instead of TLS 1.2
- RC4, which is actually crackable given a few bytes of known-plaintext prefix (like "GET
- The CA PKI letting any CA impersonate any and every site; we need at minimum certificate transparency, DANE, and maybe something more
- The unencrypted ClientHello, which is what makes the FLYING PIG metadata trawling possible (nothing you couldn't do with Snort, in fact, it IS done with Snort)
All of these are going to be addressed by the TLS WG going forward: most urgently, RC4, which will be replaced with djb's ChaCha20_Poly1305 ciphersuite, courtesy of agl (live on Google servers and with Chrome dev and canary builds right now). More secure than AES-128-GCM or AES-256-GCM, I think - certainly has a higher security margin against both confidentiality and integrity.
The problem of the curves is a big problem, but what makes those curves (specifically Jerry Solinas @ NSA generated the SHA-1 hash seeds for Certicom) bad is mostly implementation choices: bad random numbers for DSA & ECDSA (hello Sony attack), which this subversion massively helps with, and non-constant-time addition ladders and lack of curve point validation, which can result in practical timing attacks and partial key disclosure leaks. djb & Lange already have a group of Safecurves which avoid all of these attacks and which are incidentally incredibly fast, and EdDSA's nonces are deterministic so no entropy needed during signatures, only keygen.
Oh, and - in similar news, which in other circumstance, I would have submitted, and might if for some crazy reason this gets ignored by the IETF chair, but I doubt it - there have been strong calls for the head of the co-chair of the crypto advisory board at the IRTF. He (openly) works for the NSA, which is now clearly a conflict of interest, and we caught him pushing a similarly-backdoored PAKE standard, which the TLS WG resoundingly rejected.
http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html
They're owned by EMC now, all that data held on EMC kit and in EMC 'clouds' secured by RSA software. Or rather *not* secured by *NSA* software so the NSA can break in easier.
Wow, that is trillions in damage even before we get to the criminal law book.
I'm more surprised that civilization has lasted this long considering the greedy nature of man. It only takes one wealthy wackjob to buy a chemical or nuclear weapon and use it to kill millions of people.
"amirite?"
This wouldn't have been posted 10, or even 5, years ago. I don't want to see it. Please don't lower your standards.
Courtesy of Gizmodo http://gizmodo.com/the-scariest-part-of-the-latest-nsa-revelation-is-this-1455050775
RSA and EMC declined to answer questions for this story, but RSA said in a statement: "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."
That is one of the biggest loads of horse shit I have ever heard. If any part of that statement from the RSA were true then the NSA deal would never have happened and the NSA Formula would never even have been an option, much less the default...
I'm assuming for the moment that this evidence is, in fact, legitimate. Given how heinous the NSA's actions have been lately, it seems completely in character, which makes that likely a safe assumption. However, just to give them the benefit of the doubt, everyone involved should receive a fair trial. With that said, everyone involved should be tried for high crimes against the United States and its allies. These are accusations of very serious crimes.
Deliberately compromising the secure communications of hundreds of millions of computers all around the world just so a bunch of pencil-dicked asshats can play their little spy games goes so far beyond unconscionability that it borders on a crime against humanity. Such ends-justify-means thinking is fundamentally incompatible with any form of liberty or justice. Our data is fundamentally easier to crack not just by our own government, but also by organized crime syndicates, foreign governments, and even terrorist groups. In all likelihood, even military communications gear is less secure, which means our troops are at elevated risk during a time of war as a direct result of their actions. That's treason, even by the absolute strictest definition thereof. Further, such deliberate weakening of crypto endangers the lives of dissidents in countries with oppressive regimes, many of which are considered our enemies—an act that could also be considered treason.
Their actions, if true, clearly constitute providing material support to terrorists and treason by means of providing material aid to our enemies in a time of war. Therefore, according to U.S. law, everyone involved should be immediately treated as enemy combatants, deported to an appropriate holding facility outside our borders—preferably the one affectionately known as "Gitmo"—and tried before a military tribunal.
In addition to prosecution of individuals, there should be consequences for the groups involved. RSA should be immediately dissolved and all its assets destroyed. Further, at this point, it should be abundantly clear to anyone with even the slightest understanding of crypto that nothing short of the complete and total elimination of the NSA and a constitutional amendment clearly and plainly banning any similar organization from ever existing in the future can even begin to restore trust in cryptography and computers. That organization is fundamentally malevolent, and its very existence is inherently incompatible with the very concepts of security and privacy. No matter what successes they may have had, nothing can possibly even come close to justifying such a heinous breach of the public's trust.
Check out my sci-fi/humor trilogy at PatriotsBooks.
..sure as hell I trust Google as much as I trust the NSA to do crypto properly for me. And that "djb" guy, is he also on the payroll of the N.S.C. ???
From the article:
RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.
"The labs group had played a very intricate role at BSafe, and they were basically gone," said labs veteran Michael Wenocur, who left in 1999.
Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door."
The revealed information only proves that NSA wanted elliptic curve to spread, not necessarily why. It could be because they were certain that it was the best technical road for the future, or it could be because they knew something special about it that was useful to them. There isn't really any way of knowing. Even Schneier is overstepping. The weakness has been suspected, but never proven as far as I've seen. It is suggestive, but not definitive. People have had similar doubts about the NSA before, such as when they changed the DES S-boxes before approving the DES as a standard that was developed by IBM. People though they had inserted a weakness and spent countless amounts of time in analysis and testing to try to prove that. Eventually it was demonstrated that it DES was immune to differential cryptanalysis which broke many other ciphers but which NSA knew about 20 years before anyone else, and strengthened DES against. It could be similar scenario playing out here. There is no way to tell. One thing I'll note is that I believe I've seen that Schneier has said that there is nothing in the Snowden leaks to prove that NSA has actually weakened the ciphers although that bit of news is a challenge to find.
now thats funny
They advertised and sold a product promising to secure customers' data yet they intentionally put an algorithmic backdoor inside that could be used not only by the US government but also discovered and used by hackers to compromise customers' security.
Let's get together and make tons of new cryptographic systems. We'll keep selling out and weakening them until the NSA hits budget limits. We get rich; the NSA won't have money to continue spying. Win; win.
..General Alexander.
What if the NSA had gone to RSA in the past to get them to do what this Reuters article claims, and RSA did indeed say no?
And what if, since many things about the NSA are coming out anyway, the NSA went to Reuters (or used some in-between person or persons) to plant the false story that RSA is in NSAs pocket -- in order to punish them for their earlier refusal? Because they know that you, and most others reading this, will believe that RSA products are infected by NSA backdoors, and not use RSA products... whether the backdoors, or weaknesses, or whatever, are there or not. I mean, it's not like Reuters fact-checks their shit anymore, and the press can get a "deal they can't refuse" just as easily as any other company.
In that kind of scenario, RSA could be telling the absolute truth... and no one will believe them.
That should be the big news.
"They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption."
Right, the NSA, known to be codebreakers, paid them $10M to include their "special" algorithm, and no one had any idea that it could be compromised. Right. Why else would they pay them to use it?
No, it also takes a seller of such weapons. And there aren't any, or we'd have been sweeping up the remains of some city, political center, or major chunk of infrastructure by now. The whole "terrorists and nuclear weapons" is a total mind job done on you and yours by your government. One thing to to keep in mind: Nukes are very difficult and expensive to manufacture, and pretty damned difficult to lose track of.
Civilization isn't likely to die due to nuclear weapons. We've set off well over a thousand of them already, and there's no particular notable effects other than the low hum of hysteria at the intersection of the set of the ill-informed and the paranoid.
Also, Chemical weapons are a lot less "mass" than nukes are, barring very sophisticated delivery systems, which again, aren't available to religious tools. Bacterial weapons are vaguely possible (although still very, very technical), but incorporate the downside of most likely eventually killing everyone everywhere instead of just the target(s), and so not even your average superstition-addled dingbat seriously considers them.
If you are a US citizen, If you want to worry about civilization, you should be worrying about the decay of our government from one authorized by the constitution into a form exclusively controlled by corporate and political groups. Because unlike the "nuclear threat", said decay is real and ongoing and has already screwed things up immensely: almost 100% loss of manufacturing capacity and so also jobs, crippling inflation, loss of citizen's rights, usurpation of article five powers by the judiciary, illegal legislation that spans almost the entire bill of rights to ex post facto laws to the complete inversion of the commerce clause, promulgation of multiple very expensive, ultimately useless wars... the problem isn't terrorists. The problem is our federal government. The whole terrorist thing is to keep the citizens looking the wrong way.
I've fallen off your lawn, and I can't get up.
https - your NSA is sniffing your buying habbits
I remember a while ago that all the little RSA doodads had to be replaced because they had been breached.
I bet you 10 to 1, it was related to this.
Since there are only about three people in the world that could actually tell you whether one set of elliptic curve constants are inherently more secure than another set, I'd say they deserve the $10M, probably a lot more. (Whether or not what they did is ethical is a totally different issue. It clearly was not ethical to betray the whole world's trust like that, especially for a company where half their core business is verifying trust.)
http://scherbius2014.de/BitMischer.cpp
A SPN network,unlike all the popular Feistel networks around.
No-one has to buy out Microsoft- Microsoft inserts back-doors into every one of its products as part of Bill Gates' pact to work in every way to give 'the elite' more perfect control of the 'sheeple'.
Did you know that Bill Gates partnered with Rupert "Fox News" Murdoch to create a massive database that is intended to gather information about every aspect of every child in the USA? Did you know that Gates' foundation pays teachers extra money if they use 'information' they have overheard during class or noted during meetings with parents, to 'enhance' the records of individual children? Did you know that Gates specifically mandated that every aspect of a child's sexual development must be noted in his database system? Did you know that Gates uses a specific pedophile term that labels potential victims, inBloom, for the company he and Murdoch created?
Yahoo, Google, Twitter, Microsoft, Oracle, all of your main telecom companies- ALL the biggest players WILLINGLY implement NSA projects for the greater glory of what they think of as their exclusive team. Use an encryption product from ANY of these companies, and you only protect your data from casual attackers, NEVER from anyone with any links to the US government.
But the encryption scandals pale into insignificance compared to Bill Gates' work pushing Common Core, inBloom surveillance of your children, and Xbox One Kinect 2 surveillance of your own homes (including giving a legion of pedophiles within government circles access to your children's bedrooms).
How often have you read the comments from vile shills here saying it is a GOOD thing that Gates is persuading millions of Americans to install NSA cameras and microphones in their homes, monitoring the living room (or bedroom) 24/7, with a military grade time-of-flight sensor that can even trigger recording based on patterns of Human movement, including sexual activity?
Only complete cretins did NOT know RSA was in bed with the NSA. Only complete cretins did not know official encryption standards were utterly compromised by the NSA.
But Gates putting NSA cameras and microphones into millions of homes, and attempting to monitor the most intimate details of the lives of every US child, should make you sick and terrified to your core. Gates targets the most vulnerable in society, and attempts to use them as a trojan horse to get the most depraved policies of social engineering forcibly applied to the whole population. And Gates spends almost all his time, just like Tony Blair, travelling the world, hooking up with the most evil, most powerful, most influential individuals they can find in every possible nation. The solution Gates sells on his travels has ***US***, the people, as the problem.
Don't like the fake NSA crippled encryption in mainstream products- no problem, you can use any one of a number of excellent free solutions. But what happens when you seek to protect your children from inBloom, Common Core, or the Microsoft NSA cameras and microphones that monitor you when you and your family visit neighbours and friends? You can say "keep the Xbox One out of my home", but you will encounter Kinect 2 spy hardware once you leave your home.
Ask any person who lived in a Soviet state during the bad times, and they'll explain the REAL purpose of full surveillance projects, and exactly why the state wants you to know there can be no protecting members of your family from the most sickening abuses against their privacy and dignity. You wear people down. You break them body and spirit. And then you rebuild them any way you wish, as scared, unquestioning drones whose passive support is ALWAYS guaranteed even when 'active' support may not be.
The old Soviet Stalinist model worked, but was infinitely flawed, and non-sustainable in a modern society. Tony Blair's 21st Century version, promoted at every turn by people like Gates, is redesigned from the ground up to offer perfect control to the 'elite' layer of society. The sheeple are perfectly controlled to never question th
TYPO: you mean RSA sold out its customers
I've followed the Snowden releases, curious as anyone else as to the ways and means of the NSA. Until now, the only real 'news' for me was the incredible scope of the NSA's reach and their staggering, seemingly unlimited budget. But this crosses the line. This little stunt has mammoth, wide reaching and enduring ramifications. This is beyond just storing "metadata", hooking in to Google's pipes or recording German heads of state. This action by the NSA is egregiously unethical on so many levels. There is no legitimate justification for intentionally weakening security of this nature. They might as well have gone to Schlage and told them that, from now on, they may only build deadbolts out of cheap low-grade plastic with a faux metal finish.
The actions of the NSA carry immense potential risks for millions of people. Exploitation of the RSA weakness could lead to completely unnecessary breaches of privacy, political manipulation, loss of safety or financial loss. All in the name of protecting the country. The burden of risk created by weakening RSA is ultimately placed largely on the public. What benefit do we gain from this?
This is not how I want my country to be governed
They sold out for so little.
The land of freedom and liberty. That's what I was always taught.
It is, but you have to vote for people that want to keep it that way. You have to complain when people tell you that this or that part of the constitution doesn't mean anything anymore. You have to complain when government grows, for the larger a government is the farther it is from control even of elected officials.
Anything worthwhile requires care and upkeep, and a nation is no different.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Having worked with pre-2000 versions of RSA BSAFE, the thing that the NSA paid RSA to do was to change the default selection of the random number generator with a weaker one. Nobody had to use the default version--it was just picked if you didn't specify one (or a callback to your own RNG). We had our own multi-threaded rendezvous noise generator thing since this was back before hardware entropy engines.
Oh, and before that, the NSA had unsuccessfully tried to get RSA to tell people that 512-bit keys were safe enough. It wasn't successful mostly because the old guard was still running the company then.
Kriston
This looks like a pretty straightforward commercial transaction If this agreement was with a non-governmental entity, wouldn't it be fraud to sell security software with a deliberately created flaw in exchange for money?
Oddly (right), a few hours before the Reuters story, two FreeCode rngs were updated...
It seems Chinese hardware, algorithms and security systems are becoming more and more desirable.
Not because they are less bugged or not used for spying, but because we must take more precautions using them from the outset. USA equipment now only gives false assurances of security, and that by nature, lowers one's care-factor.
Sorry RSA, you just caused yourself a major harm.
If you have purchasing authority, make sure you let the RSA know why you won't buy from them.
Dollars to doughnuts this is going to turn out to be that they were paid to *implement* the algorithm in their products. The NSA will have been touting a new "better" algorithm, and claiming they want to popularize it because it's more "secure" (or better, faster, pinker, whatever) than the other alternatives. By paying RSA to implement it in their software, and even more so by making it the default, they will achieve that.
RSA likely didn't know it was flawed (after all, nobody else did at the time).
Remember, this was a different time - no sane company would do something like this today if the NSA asked, but we're talking close to 10 years ago based on the Reuters article.
The sum of money does seem low, but when an agency like the NSA
comes calling, I have a feeling that it they make you a proposal you
cannot refuse.
(Or you can do what Lavabit did, and just shut it down)
As others have said above, this is not a lot of money, and how they got asked may have had a lot to do with it but surely someone said 'This will eventually come out'? I guess the people approving it were hoping to be long gone by then.
---- The above post was generated by the Turing Institute. Maybe.
Does anyone have a link to the document? I don't doubt the reuters story, I'm just interested in reading the original document...
Wire Fraud.
Wire Theft.
Consumer Fraud.
Product Fraud.
WIllful Collusion To Commit Fraud.
The Gate Of Hell Open Wide.
A Choras of Angels Sing.
This blows the news to date out to Andromeda; No Prisoners, All Will Die.
Blood in the streets and body parts on the lawn.
RSA is fucked, White Hat practice is to allow time to patch or fix vulnerabilities, before full disclosure.
I'm guessing, sometime in the future we will see the proof of concept release that allows ANYONE to feasibly brute force RSA using the shortened PRN list.
I'd expect major financial institutions to move ASAP due PCI compliance requirements forcing them to.
Christopher Hitchens, in his inimitable style, tried to get across what makes states like North Korea, Iran, and Iraq (under the Ba'ath party) so... well... indescribably unpleasant to live in. One of the cornerstones of such states is that they eradicate privacy and private life (a core theme of Orwell's 1984). Here's Hitch's attempt to describe it on Fora.tv: https://www.youtube.com/watch?v=Z-rTT8TPcck (Running time 1:00:52). The USA is assembling the infrastructure for the mother of all totalitarian states. They can do it better than anyone else in history, ...ever.
How many more companies have these contracts?
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221
For those of us who aren't au courant with this area but are trying to educate ourselves, can you explain a little further what you've said and why it might be significant? Tnx.
Well, when you use Windows, it probably really doesn't matter what kind of security policies you have since you are using proven insecure systems in the first place!
You are being MICROattacked, from various angles, in a SOFT manner.
> Dude ... does what the fuck he wants, and is a great example why such things can sometimes be brilliant for science.
> (There are plenty of people who don't like him because of his personality and penchant for
> unusual decisions, but these decisions are often for very sound reasons.
Having had the honor and the curse of working with him, I whole-heartedly agree.
Daniel J Berstein can be counted on to never do what anyone tells him to do.
It's rather annoying. It makes him hard to deal with, and it means if NSA asked him to do something he'd almost surely do the opposite - loudly.
After posting that I realized this is the second time recently I mentioned something about dealing with DJB. I don't want to overstate my own work. I was just one of many people part of IETF.
Selling dysfunctional encryption as functional encryption looks a lot like fraud to me.
Predictable, irritating but understandable.
When the crypto genie really got going was when home computers became fast enough to generate useful enough prime numbers in times that did not upset domestic home users.
Once this occurred the volume of encrypted "I want to lover you [sic]" traffic would start to drown out potentially useful-to-know-about encrypted traffic.
I am not surprised,
Start with this complete sentence:
This wouldn't have been posted 10 years ago.
That's the independent clause, it stands alone.
If we interject an dependent clause we set it off with commas. In this case, the dependent clause "or even 10" is set off with commas. This is the same as the more common explanatory pattern:
Google Incorporated, the leading search company, offers many services.
The part delimited by commas could be removed without changing the meaning of the sentence.
English majors feel free to correct any errors in the above.
I am appalled.
RSA had, for a long time, an antagonistic relationship with the NSA; we wanted to push good crypto to the world, and the USG felt otherwise.
I knew the people involved, and I don't think any of the original RSA Labs (which was what the RSA Data Security Inc people became) would have compromised their integrity in this manner. What's more, BSAFE (the SW library compromised), became more or less a dead duck after 2000, when the patent on the RSA algorithm expired; free libraries such as BouncyCastle became much more viable.
After RSADSI was bought by Security Dynamics (which later renamed itself RSA Security), there was a gradual Borgification of RSA Labs, with it being assimilated more and more into the mother company (SecurID was always the main source of revenue, not RSA encryption).
I haven't been able to find the date at which the bribe took place, but 10 million seems very low. If Coviello approved this, I hope he's sued by stockholders.
ce
Ps if the above isn't clear, replace the commas with parentheses and you'll see why balanced delimiters make sense.
I generally agree with your indignation. However, I believe you are mistaken about a technical fact that is central to your position. The following is NOT true, based on the current state of the art in cryptography:
> Our data is fundamentally easier to crack not just by our own government, but also by organized
> crime syndicates, foreign governments, and even terrorist groups.
What the NSA may have done is made it so your encrypted communications have two keys: yours and the NSA's. There is no evidence that it weakens the algorithm in any way, provided of course that NSA doesn't publish their private key.
We can't PROVE for certain that the algorithm is secure with or without the NSA constants, but the consensus probability is that it can only be read by someone who has a key. Keys are held only by the intended recipient and the NSA, so it does NOT weaken it, noone can read it, except maybe the NSA because they could have the key. It's like if I sold you a car and kept a copy of the car key. That doesn't make it any easier for car thieves. It only makes it easier for me to repo the car.
None of what I wrote above means we shouldn't be pissed at the US government. We should just be clear about exactly what we are pissed off about. We're mad that the NSA and RSA made it so NSA can decrypt our stuff. Noone else can.
A while back Ron Rivest (the R in RSA) announced the Three Ballot cryptography for voting systems which was touted a system that would let voters check if their ballot was counted without jeopardizing the anonymity of the secret ballot. The really cool thing about it was that the crypto was a one-way system without any key at all. So it seemed to be uncrackable since there was no trusted key-keeper.
Shortly before the publication was accepted, Andrew Appel at Princeton University and Charles Strauss at Los Alamos National Laboratory published articles showing it was invertable and not anonymous in practical election situations.
http://www.cs.princeton.edu/~appel/papers/DefeatingThreeBallot.pdf
http://www.cs.princeton.edu/~appel/voting/Strauss-ThreeBallotCritique2v1.5.pdf
Imagine if that had been adopted... Sort of makes you wonder about everything RSA has touched including SSL.
Before Snowden.
I don't see much changing because of that, except to make it worse?
Bugger of a boner there dudes. I'm guessing the upper echelon of this company consumes a lot of Rx drugs. Wow
Because i voted for the guy. But I think we may need to start talking impeachment.
We the people need to send a VERY blunt message to those who wish to serve in our government.
Do NOT break the laws, and if you do you WILL be punished.
And if you discover that one of the agencies is breaking the law, (or the spirit)
then TAKE action.
NSA has customers? Surely not the voters
The other intelligence agencies within the government are considered "customers" of NSA products.
You guys have missed one important aspect of the RSA operation.
NSA gave RSA 10 million to weaken/broken the RSA encryption that they sold to US. The "US" here means the non-NSA non-GCHQ based customers.
And spook agencies such as NSA themselves do need to encrypt their OWN secret files too, and surely they are not that stupid to use the same weaken and/or broken encryption algo on their own files.
In other words, NSA and GCHQ (and some of the "trustworthy" spooks from the other 3 countries in the "five eyes" pact) do employ RSA in their day to day encryption, but THEIR version of RSA is the unbroken/unweaken one - unlike the broken version that the RSA sold to the rest of the world.
Muchas Gracias, Señor Edward Snowden !
for all intensive purposes, i could care less
We changed our minds on god and the bible in this country, why not change our minds on the constitution?
If you think that the Constitution is obsolete, and you want to replace it with something else, pray tell, what you want to replace it with ?
Fanatic Islamic Theocracy ?
Fascism ?
Communist hegemony ?
Or a combination of all the above ?
Muchas Gracias, Señor Edward Snowden !
Well said. History is just the cognitive version of those hagiographic paintings rulers like to put up in the palace.
And as far as "Land of the Free," there's free as in speech, free as in beer, and free as in range. Americans are "free" in that final sense: "Land of the Free Range."
Hey, at least we're waking up.
"When we said 'We the People,' we didn't mean you."
You are not the only one who is sad.
I too, as an American, am very sad.
I did not vote for Obama because I could see what he is (even before he became the President on 2008 I could already see through his lies) but then the other side (actually there's no other side ) the Republicans, fronted an even lousier asshole as their candidate.
That is why I voted for the 3rd party, TWICE
Muchas Gracias, Señor Edward Snowden !
You see, the easiest slave to control is one who doesn't realize he's a slave.
"Totalitarian" governments control their populations physically, with chains, clubs, physical restriction. "Democracies" control their populations mentally, with imagery, thoughts, mental restriction.
They're both the same process - one implemented in hardware, the other in software.
Some of the employees have/had a lot in stock too with restrictions on trading it. Someone I knew in RSA thought he was getting cash a while back for bringing in some of his IP from before he joined the company but it was all in stock he had to sit on all through the tech crash. When he started he was facing a "join or we sue you" situation as well.
They have/had some pretty nasty lawyers and execs in that place.
http://www.youtube.com/watch?v=l91ISfcuzDw
What the NSA may have done is made it so your encrypted communications have two keys: yours and the NSA's.
Replace "NSA's" with "NSA's and whomever NSA insiders gave copies of the NSA key to".
Potentially Meaning:
1. Other governments that the NSA needs assistance from and thereby supplies them with copies of their keys.
2. Other governments that manage to buy NSA keys from NSA turncoats.
3. Criminal organizations that buy/extort NSA keys from NSA employees or confidants.
4. Anonymous and/or other groups who penetrate the NSA.
How sweet a victory would it have been if RSA had "accidentally" swapped said weakened & hardened encryptions, resulting in the NSA using the compromised method while the rest of the world continued to humm along as usual?
Following this. This headline is not exactly true. 1) RSA was paid 10M to make the NSA algo the default in their bSecure product. We have no direct evidence that RSA (now owned by EMC) KNEW the RNG (random number generator) in the NSA compromised algo had been compromised. This is 20/20 hindsight.
2) at the time, *some* people were suspiious generally of work done by NSA cryptographers for a variety of reason- the NSA had fought for the Clippe r Chip in the 90s ; the NSA was generally hsotile to strong encryption for civiliians etc. However, those opinions were countered by the majority of people who plausibly considered that the NSA had a real interest in seeing real encryption be used by US corporations etc. We now know who was right, the skeptics, but we didn't know that at the time that deal went down.
This is what's called "plausible deniability" or "cover" in intelligence circles and everywhere else now but that's the point- it IS plausible, entirely, that RSA was taking money (and not a lot to RSA) to make it the default because they believed the NSA.
Overall, at the time, the people who believed the NSA participated in encryption with the public out of a concern to see it done right were the majority.
Just keeping the story as straight as possible because what we're interested in is the truth as far as we can discern it, right?
You're right, that was wonderful to see. Thank you for posting the link!
Quoting JFK on honesty and openness in government. Maybe you should study some history.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Remember the Windows "NSA Key" flip a few years ago. You think Microsoft DIDN'T add a key for the NSA now?
What a vacuous truth! All societies inculcate their values to the next generation. The only ones who take issue with this are deluded individualists. I would strongly encourage any one who so believes to break from the herd, to live as an island of selfdom -- to have the courage of their convictions.
The individual person is as much a meaningless abstraction as a single atom. I rest serene in the confidence that, in the absurdly chance that there is a true individualist, they will have no effect on humanity.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
They're accused of sabotaging the random number generator that is used for generating keys. The net result is that what should be a random key is less random than it otherwise would be. That's not saying that it doesn't also somehow introduce some secondary key that can partially or completely decrypt the data, but whether it does or not, weakening key generation means all attackers (once they discover the flaw) benefit from the reduced entropy by being able to deduce things about the generated keys.
Check out my sci-fi/humor trilogy at PatriotsBooks.
They are suspected of weakening it in a very specific way. Their supposed backdoor uses essentially the SAME algorithm that it's advertised to use. In order for an attacker to "be able to deduce things about the generated keys" they'd need to crack the NSA key. They can break the encryption function, but to do so they first have to break the encryption function.
What NSA did was evil, but they were smart about how they did evil .
No matter what any government agency or official says about new limits regarding establishing back doors or weakened encryption in algorithms or hardware, interception of communications, analysis of meta data of US citizens communications, secretly installing root kits, etc. One must now, and forevermore, assume that they are lying. It will be outright lies (kind of hard now because they supposedly don't know all of what Snowden has passed on), partial lies, and misdirection.
It's all being done or our own good, of course.
Nate
I will simply GOST(TruePhysicalRandomSeed1,Counter) XOR 3DES(TruePhysicalRandomSeed2,Counter) XOR AES(TruePhysicalRandomSeed3,Counter) XOR Blowfish (TruePhysicalRandomSeed4,Counter)
and BE DONE WITH IT ?
It is always funny to see that supposedly "smart" people are actually incredibly complicated and less than rational.
It turns out that a coding error in SSL may have inadvertently(?) disabled the NIST/NSA recommended RNG.
http://www.theregister.co.uk/2013/12/20/openssl_crypto_bug_beneficial_sorta/
Have gnu, will travel.
"Totalitarian" governments control their populations physically, with chains, clubs, physical restriction. "Democracies" control their populations mentally, with imagery, thoughts, mental restriction.
They're both the same process - one implemented in hardware, the other in software.
Not only are you wrong (both types of government routinely use both types of control) but the American government uses lots of both types of control. Look at how much of our population is in prison or take a look at the reaction to a WTO protest sometime if there is any doubt.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'm just not following your logic here. You say above you worked with IETF and Daniel J Berstein, so I have good reasons to suspect you're closer and more familiar with the details of this subject, but it seems to me that fundamentally the random number generator is an important part of the encryption math, so your statement that:
What the NSA may have done is made it so your encrypted communications have two keys: yours and the NSA's. There is no evidence that it weakens the algorithm in any way, provided of course that NSA doesn't publish their private key.
While the cipher may be more or less exactly as advertised, the weakening of the RNG is still an important factor. If "the algorithm is not weakened in any way" is true, it's only in the strictest technical sense, and not how most people will define it. You then go on to say that NSA has simply made themselves another key in the generation process. This strikes me as being exactly backwards. Care to elaborate?
Goddammit just when I get my first +5 the Beta rolls out and kills everything
The theory is that NSA has a partial private key to the RNG.
If you can crack the NSA's key, you may be able to crack the RNG.
HOWEVER, if you can crack keys, you can crack the encryption anyway.
In order to crack a key, you have to crack the RNG.
In order to crack the RNG, you have to crack the (NSA) key.
So in the end you can crack a key only if you can crack a key. Evil genius.
It DOES theoretically weaken it in one way. NSA's partial key is universal. If you crack MY key, you can read MY stuff. If you crack the NSA key, you can (maybe more easily) read EVERYONE'S stuff.
Still, you have to crack the NSA's key to get anywhere, and if you can crack keys that'd be game over anyway.
I wouldn't call myself an encryption expert . I've been doing information security for sixteen years. I can name a dozen people who understand this better than I do and I'd bet there are hundreds of people more knowledgeable than I on this subject.
Will you *please* vote for another party next time? Like, the majority of you need to do it. I'm starting to get pissed off.
I can confirm that the version of RSA used in my government agency is the same one you plebs are using.
Who at ROSA knows the algorithm? That would be worth I ite a bit to hackers and malware writers. Not to mention CHICANO research and development thieves of USA tech as well as military data.
Obvious solution : every part of your tool chain has got to be open-source, and you've got to employ a multi-nationality team who group-review everything security-related in depth.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"