Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Official: Supporting Backdoored Random Number Generator Was "Regrettable"

Posted by samzenpus on from the if-we-had-to-do-it-over-again dept.

Trailrunner7 writes In a new article in an academic math journal, the NSA's director of research says that the agency's decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a "regrettable" choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. "With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable," Wertheimer wrote in a piece in Notices' February issue.

15 of 106 comments (clear)

  1. Wait, which part is he sorry about now? by Narcocide · · Score: 5, Insightful

    Is he sorry that they created a monster or is he just sorry that they got caught and now their credibility is in the trash can?

    1. Re:Wait, which part is he sorry about now? by Anonymous Coward · · Score: 4, Insightful

      The later, obviously. And "I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable" What about "criminal"?

    2. Re:Wait, which part is he sorry about now? by penguinoid · · Score: 5, Insightful

      "Words cannot express how sorry we are. Next time, we will make sure the backdoor is much less obvious."

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    3. Re:Wait, which part is he sorry about now? by davester666 · · Score: 5, Insightful

      "Words cannot express how sorry we are. The next time, we made sure the backdoor was much less obvious"

      FTFY

      --
      Sleep your way to a whiter smile...date a dentist!
    4. Re:Wait, which part is he sorry about now? by AmiMoJo · · Score: 4, Informative

      It's worse than that. The NSA is demonstrating how incredibly arrogant it is. The apology is for not dropping support once the flaws become public knowledge. The implicit assumption is that it was secure before the flaw was made public, which shows how little the NSA thinks of foreign intelligence agencies. Clearly there was no way one of them could have found it and been exploiting it for years.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Wait, which part is he sorry about now? by Required+Snark · · Score: 4, Informative
      Treason is not the correct term. It refers to betrayal of country.

      In law, treason is the crime that covers some of the more extreme acts against one's sovereign or nation. Historically, treason also covered the murder of specific social superiors, such as the murder of a husband by his wife or that of a master by his servant.

      The correct term is Sedition.

      In law, sedition is overt conduct, such as speech and organization, that is deemed by the legal authority to tend toward insurrection against the established order. Sedition often includes subversion of a constitution and incitement of discontent (or resistance) to lawful authority. Sedition may include any commotion, though not aimed at direct and open violence against the laws. Seditious words in writing are seditious libel. A seditionist is one who engages in or promotes the interests of sedition.

      Note the boldface. In this case the "established order" is the rule of law enshrined in the constitution. The NSA has subverted the constitution with warrantless mass surveillance. The Department of Homeland Security (aka Department of Homeland Pork) has ignored the constitutional right to due process with the "no fly list": there is no official way to find out if you are on it or to be removed from the list.

      These actions, along with many current policies, are absolutely unconstitutional. In short, sedition. They betray the constitutional rule of law. Treason typically is the betrayal of one's country to another sovereign entity.

      --
      Why is Snark Required?
  2. Re:other descriptions... by Anonymous Coward · · Score: 5, Insightful

    how about "works as intended"

  3. Why is it regrettable? by DoofusOfDeath · · Score: 5, Insightful

    I'd like to hear him explain his regret in a little more detail. Was it morally wrong? Was it against civil ethics? Was it anti-democratic? Was it illegal? Or was it that they got caught?

    Also, "is regrettable" is basically the passive tense. Does he regret it? Does he thing that the congressional oversight committees are morally culpable for not having stopped it?

  4. No admission of guilt by Anonymous Coward · · Score: 5, Informative

    Parse his words carefully. He never admits that the NSA actually engineered the backdoor into the algorithm, he only states that he regrets supporting the algorithm after other people pointed out it was backdoored.

    This is basically equivalent to the mealy-mouthed apologies you hear from young children after they've done something wrong but absolutely refuse to fess up about it.

  5. Re:he SAID "after it was discovered" by msauve · · Score: 5, Interesting

    IOW, he wants the perception to be that they wouldn't do the same again. Because, it's lowered their credibility. That doesn't mean they wouldn't do the same thing again, they just want you to think they wouldn't.

    ("Please don't look for more holes in stuff we support. Ignore the man behind the curtain. We're from the government, and we're here to help.")

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  6. That's not an apology. by steelfood · · Score: 4, Insightful

    That's no apology, it's that's just expressing regret.

    If they really wanted to apologize, they should be apologizing for subverting the standards process in the first place. Both RSA's and NIST's credibility are in the crapper thanks to them, though it's admittedly RSA's own fault for taking the $10 million.

    But there's no point in apologizing to the crypto community or even to any subset of it. This behavior by the NSA was almost expected, and it would be stupid to not believe it given all the pre-Snowden evidence. In fact, it validates a lot of people's conclusion that funny-looking and funny-smelling things should generally be avoided.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  7. Re:That's why we gave EMC money by Smallpond · · Score: 5, Informative

    To ensure it's inclusion as default in RSA products.

    Yup. $10M to use it as the default encryption mode. They also tried to require it for FIPS certification so pardon my gasps of disbelief.

  8. Fuck you, Mike! by Anonymous Coward · · Score: 4, Insightful

    It was "regrettable" that, after the whole community cast aspersions at your intentionally-broken algorithm, you didn't drop your own support for it? Go eat a fucking dick.

    What you should have done, instead of "dropping your support", was come clean and say "sorry guys, that was a shitty thing to do and we should not have done it. This algorithm was in fact sabotaged by us and it should never be used for anything other than a case study for cryptographers learning to detect shitty things like this being done to algorithms in plain sight. We ought to using better tools to catch bad guys rather than intentionally breaking encryption for everyone."

    Asshole. Dual-use technologies work both ways, smarty-pants: if you break the algorithm, it's broken for the good guys, too, and the bad guys pwn everyone who thinks they are safe.

    Seriously, fuck you.

  9. As a mathematician... by wickerprints · · Score: 5, Insightful

    I find Werthiemer's characterization of this gross oversight to be..."regrettable."

    Let's remind the reader and put the role of NSA mathematicians in context: In the world of mathematical research, what the NSA knows is by construction a superset of what the academic community knows. That is to say, NSA researchers have at their disposal the body of all published mathematical literature, in addition to any discoveries they have made internally, whereas non-NSA mathematicians do not have access to the latter. If a flaw in a commonly used cryptographic scheme is discovered by the NSA but is unknown in the public arena, this immediately leads to an exploitable situation.

    Thus, when outside researchers discover an issue, this tells us NOTHING about if or when the NSA knew about the same flaw. It also means nothing for NSA mathematicians to apologize or write in public correspondence what their version of events was. Their lack of credibility does not stem from the existence of such flaws; no. Neither does it necessarily follow from the lies they have told in other respects. On this point I must be completely clear. Their lack of credibility stems from the aforementioned and inherent information asymmetry. To attempt to infer the sincerity of the message based on indirect evidence, past behavior, and allusions to glorious historical efforts is to be misled from the fundamental reality, which is that the NSA and its mathematicians are under no obligation to tell the truth because they undoubtedly possess mathematical secrets that the public does not.

    That said, I am gratified that many preeminent mathematicians working in the fields of number theory, cryptography, algebra, combinatorial analysis, and cryptanalysis do not choose to work for the NSA and instead remain in the academic community, on the premise that the advancement of humankind necessitates the openness of the process of discovery and the unrestricted dissemination of mathematical research.

  10. Re:That's why we gave EMC money by Anonymous Coward · · Score: 5, Insightful

    The reason this back door was acceptable to them was they essentially convinced the world to use their public key as the standard seed for the algorithm. It's like putting your account information on random deposit slips at the bank. It's not the sort of "hack" that compromises your own security as long as your "private key" remains secret.

    Contrast this with DES/AES, where they have fought to make the algorithms more secure. Not because they want what's best for everyone, but because those vulnerabilities were something that an adverse nation state could potentially independently discover where they didn't have an exclusive ability to exploit the weakness.

    Now their intentions are clear: they aren't enlightened good guys. They're just pragmatic attackers. An exploit that is just as likely to benefit China or Russia is worse than no exploit at all. An exploit that only they can benefit from is golden. At least now we know where to look when doing our code audits.