Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Releases Open Source Security Tool For Linux

Posted by samzenpus on from the here-you-go dept.

Earthquake Retrofit writes: The NSA's systems integrity management platform — SIMP — was released to the code repository GitHub over the weekend. NSA said it released the tool to avoid duplication after US government departments and other groups tried to replicate the product in order to meet compliance requirements set by US Defence and intelligence bodies. "By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: the wheel would not have to be reinvented for every organisation," the NSA said in a release.

8 of 105 comments (clear)

  1. Fuck yes! by Anonymous Coward · · Score: 5, Funny

    I'm installing this thing right away!

    1. Re:Fuck yes! by Panoptes · · Score: 5, Funny

      Beware of Geeks bearing gifts.

    2. Re:Fuck yes! by behrooz0az · · Score: 5, Funny

      Kexit, He uses KDE.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  2. This makes sense. by Anonymous Coward · · Score: 5, Funny

    It follows on the heels of another open-source effort from the NSA, aimed at penetration testing of large information silos. Secure Network Operator With Database Encryption Node has been shared internationally, with Russia and China actively pursuing forks and development of the tool.

  3. That's just great.. by simp · · Score: 5, Funny

    Now that my slashdot user name is also a NSA acronym I probably have to add a disclaimer to each post saying "This is just a text message, it is perfectly safe to parse this input". Then again some paranoid people might think that this is exactly what the NSA wants you think.

  4. Re:The NSA has done several things to help securit by bugnuts · · Score: 5, Informative

    And now that I think about it, long before that they gave stronger constants for DES when it was originally proposed. They didn't say why their constants were better, but it was later shown to be stronger.

  5. Re:The NSA has done several things to help securit by Dr_Barnowl · · Score: 5, Informative

    Stronger for everyone except them, perhaps.

    They did something similar, put a couple of specific constants, into the Dual_EC_DRBG random number generator. It was later shown that they amounted to a skeleton key - if you knew the numbers used to derive the constants, you could predict the future output of a given RNG instance with only a small amount of sample data. So any encryption based on Dual_EC_DRBG could be considered to be broken by the NSA (somewhat conveniently, in a way that only the NSA could actually prove).

    Despite the poor performance of this algorithm which lead most implementers to ignore it, it managed to end up as the default in the product of one of the most trusted vendors, RSA. There was speculation that the NSA bribed them to make this design choice. [1]

    Unsurprisingly, it was withdrawn from the standard in 2014.

    [1] The only comment on that story makes the same point - that the NSA, in the past, had reinforced weaknesses in DES. In the light of the later evidence about Dual_EC_DRBG, that may bear further examination - if the change was the tweaking of constants, it's entirely possible that this reinforced the standard for everyone but the NSA.

  6. Re: National Sheep Association? by chill · · Score: 5, Funny

    The National Sheep Association focuses more on the "penetration testing" side of security, if you know what I mean.

    --
    Learning HOW to think is more important than learning WHAT to think.