Slashdot Mirror

← Back to Stories (view on slashdot.org)

How 1990s Encryption Backdoors Put Today's Internet In Jeopardy

Posted by samzenpus on from the grunge-net dept.

An anonymous reader writes: While debate swirls in Washington D.C. about new encryption laws, the consequences of the last crypto war is still being felt. Logjam vulnerabilities making headlines today is "a direct result of weakening cryptography legislation in the 1990s," researcher J. Alex Halderman said. "Thanks to Moore's law and improvements in cryptanalysis, the ability to break that crypto is something really anyone can do with open-source software. The backdoor might have seemed like a good idea at the time. Maybe the arguments 20 years ago convinced people this was going to be safe. History has shown otherwise. This is the second time in two months we've seen 90s era crypto blow up and put the safety of everyone on the internet in jeopardy."

10 of 42 comments (clear)

  1. Anyone?!? by SpankiMonki · · Score: 4, Funny

    ...the ability to break that crypto is something really anyone can do with open-source software.

    I asked my mom to to break crypto with open-source software...her eyes glazed over and I had to perform CPR.

    1. Re:Anyone?!? by idontgno · · Score: 2

      Your Mom isn't much of a "Cyber Criminal" then. I guess she should stick with baking cookies.

      True. I've heard her baking is criminal enough.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    2. Re:Anyone?!? by Fire_Wraith · · Score: 2

      He's clearly not part of the Roberts family, then:

      https://xkcd.com/341/

  2. Re:Backdoors for truth and justice! by Dunbal · · Score: 4, Insightful

    Anyone using a back door is not a good guy in my book. Even if law enforcement thought this was a good idea - there are already established procedures and methods of putting someone in jail. Cops aren't allowed to break into your house when you're not home and search your stuff. Why should they be allowed to use a back door? Unless of course they have something to hide...

    --
    Seven puppies were harmed during the making of this post.
  3. Logjam by phantomfive · · Score: 5, Interesting

    AFAICT it doesn't put 'the internet' in jeopardy, reports are only a small percentage of websites are even vulnerable to this (link).

    Here's the weird thing about this to me (in bullet points):
    * A couple years ago, the only people who cared about vulns were people who knew how to use metasploit or ethereal or something.
    * Last year, with Heartbleed, the news organization found out it could generate page views if the vulnerability had a pretty logo.
    * Now with this story, the non-techy articles are so numerous it's hard to figure out what the actual exploit even is. But if you want to find an 'personal interest' story blaming Bush or Clinton (or whatever president), they're all over the place.

    I wonder what will happen if the mainstream media learns to read Apple's or Microsoft's security bulletins and finds out how common security exploits actually are......

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Logjam by Trogre · · Score: 2

      It'll break again in 2100, rolling over to 2000, but I very much doubt that software will still be in use then.

      That's exactly how we got into the Y2K mess in the first place :p

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  4. Re:"Logjam"? Seriously? by hawguy · · Score: 2

    The name "Logjam" is not a good one, especially for those of us working in Silicon Valley.

    Due to our proximity to San Francisco and its demographic (read: lots of homosexual males), that term has a very different meaning here than it does in most places.

    "Logjam" refers to fecal compaction: that is, when a penis thrusting into an anus repeatedly compacts the feces in a way that causes severe constipation.

    All day I had to listen to the dev/QA/ops team cackling about "logjams".

    It was a not a pleasant day.

    As someone who lives in San Francisco and has many openly gay friends and coworkers, I can honestly say that I've never heard that definition of "logjam", and I wonder if anyone out of middle school uses the term.

  5. Meanwhile, in Australia by GigaplexNZ · · Score: 2

    The cycle is repeating

  6. This illustrates the folly of giving backdoors... by sydbarrett74 · · Score: 2

    ...to three-letter agencies. If we allow them in, we also allow the 'baddies' in -- and the NSA has proven to be at least as bad as the terrorists and criminals they're ostensibly monitoring. At least the criminals don't maintain the polite fiction that they're following the law.

    --
    'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
  7. Y2K problem resurfaces and will again by dbIII · · Score: 3, Informative

    In 2008 the Macromedia flexlm program (an annoying thing with the role of sporadically preventing you from using the software you have actually paid for - thus punishing people who didn't pirate it) had a bug where permanent licences, given a date of "00", were mapped onto the date of 1st January 2000 and thus had expired. Annoying. Even more annoying was the "expert" I dealt with on the issue said "what's a Y2K bug?".
    Such stupidity took a full two weeks to fix.