Slashdot Mirror

← Back to Stories (view on slashdot.org)

How 1990s Encryption Backdoors Put Today's Internet In Jeopardy

Posted by samzenpus on from the grunge-net dept.

An anonymous reader writes: While debate swirls in Washington D.C. about new encryption laws, the consequences of the last crypto war is still being felt. Logjam vulnerabilities making headlines today is "a direct result of weakening cryptography legislation in the 1990s," researcher J. Alex Halderman said. "Thanks to Moore's law and improvements in cryptanalysis, the ability to break that crypto is something really anyone can do with open-source software. The backdoor might have seemed like a good idea at the time. Maybe the arguments 20 years ago convinced people this was going to be safe. History has shown otherwise. This is the second time in two months we've seen 90s era crypto blow up and put the safety of everyone on the internet in jeopardy."

42 comments

  1. Backdoors for truth and justice! by Anonymous Coward · · Score: 1

    But don't worry guys! Only the GOOD GUYS can use this backdoor...

    1. Re:Backdoors for truth and justice! by Dunbal · · Score: 4, Insightful

      Anyone using a back door is not a good guy in my book. Even if law enforcement thought this was a good idea - there are already established procedures and methods of putting someone in jail. Cops aren't allowed to break into your house when you're not home and search your stuff. Why should they be allowed to use a back door? Unless of course they have something to hide...

      --
      Seven puppies were harmed during the making of this post.
    2. Re:Backdoors for truth and justice! by Anonymous Coward · · Score: 0

      Sounds like you have something to hide. You CONservatives always rant on and on about "freedom" and some "constitution," but your kind just does that because you people are criminals. You make sure we get beaten and arrested for BWI while your kind never even gets stopped. Your kind constantly breaks the law, but you never go to prison. Also, your lie about not searching is a lie. Cops constantly search. Constantly. I hope you and the rest of your Republican kind wake-up not white one day.

    3. Re:Backdoors for truth and justice! by Anonymous Coward · · Score: 0

      Sounds like you have something to hide. You CONservatives always rant on and on about "freedom" and some "constitution," but your kind just does that because you people are criminals. You make sure we get beaten and arrested for BWI while your kind never even gets stopped. Your kind constantly breaks the law, but you never go to prison. Also, your lie about not searching is a lie. Cops constantly search. Constantly. I hope you and the rest of your Republican kind wake-up not white one day.

    4. Re:Backdoors for truth and justice! by Chaos+Incarnate · · Score: 1

      They are allowed to break into your hours when you're not home and search your stuff. They just have to get a judge to rubber-stamp a piece of paper first, which doesn't take any great amount of effort.

      --
      Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
    5. Re:Backdoors for truth and justice! by Anonymous Coward · · Score: 0

      The story makes great effort to blame the 1990 era cryptography rules of the US. The reality is not so simple. No website is required to honor those weaker encryption technologies at all.

      AES encryption was implemented in OpenSSL in 2002. Apache 2.2. was released in December of 2005. It defaults to using low strength encryption. Red Hat Enterprise Linux 6 was released in 2010 and ships with Apache 2.2. Apache 2.2 does not support AES. Apache 2.4 (released 2012) does support it and offers slightly more secure defaults, but you will need RHEL 7 (released 2014) for that. In other words, it has taken 12 years to release a web server that can viably be configured to be immune from Logjam and, even then, it is not secure by default.

    6. Re:Backdoors for truth and justice! by Anonymous Coward · · Score: 0

      So you implictly trust NSA's changes to Rijndael, to turn it into AES?

    7. Re:Backdoors for truth and justice! by slew · · Score: 1

      So you implictly trust NSA's changes to Rijndael, to turn it into AES?

      Unless you think there was a pre-submission conspiracy (e.g, a manchurian candidate), AFAIK there were only 2 changes made to Rijndael during the AES competition:

      1. Restrict the officially supported block size to 128 bits (rather than support any block size a multiple of 32-bits)
      2. Restrict the officially standardized key sizes to 128, 192 and 256 bits and the number rounds associated with them.

      No algorithmic modification were made to Rijndael during the AES competition (unlike the DES where the NSA tweaked the S-tables to strengthen IBM's submission against differential cryptanalysis.

      I'm not sure how to argue that restricting the block size to 128-bits is an NSA conspiracy (that was a NIST requirement). Also as it turns out that it's more than likely that greater than 256 bit keys aren't going to be that great in Rijndael (even 256 bit keys are suspect to have fewer than 256-bits of security)

      Of course it might be reasonable to argue that the NSA lobbied hard to pick Rijndael for AES because it was potentially easier to break (lowest security margin) than Serpent, but it wasn't because of imaginary *changes* made to Rijndael by the NSA...

  2. It was the mullet. by Anonymous Coward · · Score: 0

    Too much party in back... door?

  3. Anyone?!? by SpankiMonki · · Score: 4, Funny

    ...the ability to break that crypto is something really anyone can do with open-source software.

    I asked my mom to to break crypto with open-source software...her eyes glazed over and I had to perform CPR.

    1. Re:Anyone?!? by R3d+M3rcury · · Score: 1

      Your Mom isn't much of a "Cyber Criminal" then. I guess she should stick with baking cookies.

      Of course, the obvious solution to this is to ban open-source software.

    2. Re:Anyone?!? by idontgno · · Score: 2

      Your Mom isn't much of a "Cyber Criminal" then. I guess she should stick with baking cookies.

      True. I've heard her baking is criminal enough.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    3. Re:Anyone?!? by Fire_Wraith · · Score: 2

      He's clearly not part of the Roberts family, then:

      https://xkcd.com/341/

    4. Re:Anyone?!? by mi · · Score: 1

      I asked my mom to to break crypto with open-source software...

      She'd also have to be in a position to intercept the traffic to begin with. The article's problem-description is rather silly, indeed.

      I also do not see, who would still be allowing weak ciphers on their servers — after all the earlier SSL-vulnerabilities we went through in the last 6 months, that is... But the report on the matter estimates 8.4% of the top million web-sites and 3.4% of all HTTPS-using sites as still vulnerable. Shrug...

      --
      In Soviet Washington the swamp drains you.
    5. Re:Anyone?!? by Lennie · · Score: 1

      People just fix the things that have been reported, they don't actually look at what they mean. Because most people don't really know what all the crypto really means.

      --
      New things are always on the horizon
  4. Re:"Logjam"? Seriously? by rickb928 · · Score: 1, Troll

    It's not all about the gays. Your objection is noted, and filed under 'why should I care' or 'irrelevant' for the overwhelming majority of us.

    More proof San Francisco is culturally irrelevant.

    The SJWs had their day with systemd. Go away. Now. And stay anonymous.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  5. Anyone remember AOL? by Anonymous Coward · · Score: 0

    Don't worry guys I'm from the World Wide Web period internets period dot com enter click.

  6. You had me at Secret Backdoor by countSudoku() · · Score: 1

    What's all this then? I heard it from a different guy that all modern computer security krazy-krypto-keys are divisible by 69, so just keep it under your hat, guy

    --
    This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
  7. Logjam by phantomfive · · Score: 5, Interesting

    AFAICT it doesn't put 'the internet' in jeopardy, reports are only a small percentage of websites are even vulnerable to this (link).

    Here's the weird thing about this to me (in bullet points):
    * A couple years ago, the only people who cared about vulns were people who knew how to use metasploit or ethereal or something.
    * Last year, with Heartbleed, the news organization found out it could generate page views if the vulnerability had a pretty logo.
    * Now with this story, the non-techy articles are so numerous it's hard to figure out what the actual exploit even is. But if you want to find an 'personal interest' story blaming Bush or Clinton (or whatever president), they're all over the place.

    I wonder what will happen if the mainstream media learns to read Apple's or Microsoft's security bulletins and finds out how common security exploits actually are......

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Logjam by Anonymous Coward · · Score: 1

      Adding to this is that a lot of these 'new vulnerabilites' are long known things. It's been long known you should be generating unique dhparam. It's been long known that export grade 90s ciphers were weak (that's the whole point).

      Of course, on the flip side, awareness obviously wasn't that high in the general wider world, so dressing up old news as something novel and exciting has its merits.

    2. Re:Logjam by bzipitidoo · · Score: 1

      Yeah, I thought "Internet in jeopardy" was over the top. It's some serious hindsight to complain that decisions made 20 years ago are screwing up software today. There are so many decisions from the early days we're stuck with now, why are these so special? Because it's security?

      The PC has tons of cruft, such as the hard drive partitioning scheme, boot code, the layers and layers of hardware discovery, and memory organization. The platform has been updated repeatedly, with many hard limits raised repeatedly. Hard drive partitions were limited to 10M, then 16M, 33M, 134M, 528M, 2G, 3.2G, 4G, and more, and the source of these limitations were things maximum allowed sector counts, MS-DOS limits, BIOS limits. One of the trickier ones was a 8G limit on the location of the kernel. The boot partition could be larger, so long as the kernel ended up in the first 8G, as the boot code in the BIOS could not seek deeper into the hard drive than that.

      For another stellar example of shortsighted programming, there was the Y2K problem. Many programs made in the 90s failed that test. One program I fixed went from 1999 to 1910. What did they do to make it roll over to 1910? I would have thought 1900 the obvious erroneous year to compute. What they did was convert (current year - 1900) to a string, then take the first two characters, and stick a "19" in front of them. So, 2000-1900 = 100, and the first 2 characters are "10". I didn't have the source code, but I was able to modify the binary to do mod 100 instead, then found the "19" and change that to a "20". It'll break again in 2100, rolling over to 2000, but I very much doubt that software will still be in use then.

      --
      Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
    3. Re:Logjam by Trogre · · Score: 2

      It'll break again in 2100, rolling over to 2000, but I very much doubt that software will still be in use then.

      That's exactly how we got into the Y2K mess in the first place :p

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    4. Re:Logjam by johanw · · Score: 1

      "There are so many decisions from the early days we're stuck with now, why are these so special?"

      This one is special because some organizations (those that didn't learn those lessons in the 90's) are pushing to make the same mistakes again. Only this time the results could be different: people not buying US-made software anymore. And with open source crypto generaly available now this won't work anyway.

  8. Re:"Logjam"? Seriously? by hawguy · · Score: 2

    The name "Logjam" is not a good one, especially for those of us working in Silicon Valley.

    Due to our proximity to San Francisco and its demographic (read: lots of homosexual males), that term has a very different meaning here than it does in most places.

    "Logjam" refers to fecal compaction: that is, when a penis thrusting into an anus repeatedly compacts the feces in a way that causes severe constipation.

    All day I had to listen to the dev/QA/ops team cackling about "logjams".

    It was a not a pleasant day.

    As someone who lives in San Francisco and has many openly gay friends and coworkers, I can honestly say that I've never heard that definition of "logjam", and I wonder if anyone out of middle school uses the term.

  9. All because by Anonymous Coward · · Score: 0

    the lady loved milk tray - sorry 'Murica wanted it !

  10. Thanks Al! by Anonymous Coward · · Score: 0

    Gore/Clinton and their fascist clipper chip...

  11. Meanwhile, in Australia by GigaplexNZ · · Score: 2

    The cycle is repeating

    1. Re:Meanwhile, in Australia by Whiteox · · Score: 1

      There has already been enough discussion about this in IT circles and more in the future. I bet that there will be a bill passed to clarify this.
      Encryption/cryptography are not the sole property of the good good guys anyway. If someone builds a bigger wall, there's always someone else that can pull it down.

      --
      Don't be apathetic. Procrastinate!
  12. Re:"Logjam"? Seriously? by Antique+Geekmeister · · Score: 1

    I'm afraid "log jam" typically means getting a penis stuck during anal sex. Feces do not "compact" from anal sex: unless you've already got other problems. they're not that solid, and intestinal walls are somewhat elastic. They _squish_.

  13. This illustrates the folly of giving backdoors... by sydbarrett74 · · Score: 2

    ...to three-letter agencies. If we allow them in, we also allow the 'baddies' in -- and the NSA has proven to be at least as bad as the terrorists and criminals they're ostensibly monitoring. At least the criminals don't maintain the polite fiction that they're following the law.

    --
    'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
  14. Re:"Logjam"? Seriously? by dbIII · · Score: 1

    If that's remotely possible it would mean a very poor diet.

  15. Flawed Comparison by jaa101 · · Score: 0

    I don't think this is a good comparison to make. As I understand it, the restrictions of the 1990s did not require a back door to be inserted; they just limited the strength of the cryptography, presumably to a level breakable by the NSA even then. The old Clipper-chip back door fiasco was not responsible for logjam et al. and the new proposals are not intending to limit key length.

    N.B.: I still definitely think that the current noises about mandating back doors is very worrying. My hope is that it won't happen due to the major privacy and security issues it presents. Perhaps our saviour will be the inability of different governments to trust each other.

  16. Y2K problem resurfaces and will again by dbIII · · Score: 3, Informative

    In 2008 the Macromedia flexlm program (an annoying thing with the role of sporadically preventing you from using the software you have actually paid for - thus punishing people who didn't pirate it) had a bug where permanent licences, given a date of "00", were mapped onto the date of 1st January 2000 and thus had expired. Annoying. Even more annoying was the "expert" I dealt with on the issue said "what's a Y2K bug?".
    Such stupidity took a full two weeks to fix.

  17. Jeopardy by Anonymous Coward · · Score: 0

    I'll take NSA Spying for $400, Alex.

    AC

  18. Re:This illustrates the folly of giving backdoors. by chaoscustard · · Score: 1, Insightful

    "...to three-letter agencies. If we allow them in, we also allow the 'baddies' in -- and the NSA has proven to be at least as bad as the terrorists and criminals they're ostensibly monitoring."

    Can you draw me a ven diagram for three letter agencies, baddies, criminals and terrorists, I'm getting confused.

    Must be be a millennium thing, I don't remember it being so difficult 15 years ago...

  19. PRNG by Anonymous Coward · · Score: 0

    I'm amazed how nobody ever notices the back door that's right in your face, in the most obvious place to put it. Go look at how the Linux kernel, or GPG, or TLS, generate random numbers. All that crazy voodoo in there isn't making the random better for *you*, it's making it easier for the guys who inserted that voodoo to recreate your keys.

    Here, for example, is where SSL session keys come from:

    Randomly Generated Data. ServerRandom[32], the Random Value, is a 4-byte number of the server’s date and time plus a 28-byte randomly generated number that will be ultimately used with the client random value to generate a master secret from which the encryption keys will be derived.

    Um, guys? "date and time" is not random - pretty much the exact opposite as you can get. It is, however, a really useful thing to know if it's your job to re-generate the rest of those 28 bytes from your backdoored PRNG...

    And, since there's inevitably still a skeptic shaking their head at this - remind me what RSA got paid $10M for, and by whom, and how they did it?

  20. Re:This illustrates the folly of giving backdoors. by Anonymous Coward · · Score: 0

    Venn diagram is simple:

    1. Draw a circle
    2. Inside circle, write:
        TLA
        Baddies
        Criminals
        Terrorists

  21. you're telling them about our backdoors??!! by rightwingLeftist · · Score: 1

    I can't believe it, slashdot. That girl's standing over there listening and you're telling everyone about our back doors?

    --
    posting at http://leftistconservative.blogspot.com