FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't (csoonline.com)

← Back to Stories (view on slashdot.org)

FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't (csoonline.com)

Posted by timothy on Thursday March 3, 2016 @04:39AM from the home-to-roost dept.

itwbennett writes: You need look no further than the FREAK and Logjam attacks in 2015 and the DROWN attack announced just this week to get a sense of 'the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today,' writes Lucian Constantin. But this isn't a new problem. 'One approach [the government] used throughout the 1990s [to keep encryption under its control] was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications,' says Constantin. 'This gave birth to so-called 'export-grade' encryption algorithms that have been integrated into cryptographic libraries and have survived to this day.'

70 comments

Min score:

Reason:

Sort:

What about "Import Grade" by Archangel+Michael · 2016-03-03 04:41 · Score: 3, Interesting

The way around the stupid laws that do not protect anyone from anything, is to import crypto from outside the US that is better and more robust than the stupid crippled versions mandated by US Law.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
1. Re:What about "Import Grade" by freeze128 · 2016-03-03 04:51 · Score: 3, Insightful
  
  But would a US Citizen trust encryption from another country to not have a backdoor or other such weakness that might allow that country's government to crack it easily?
2. Re:What about "Import Grade" by __aaclcg7560 · 2016-03-03 04:52 · Score: 2
  
  I keep seeing this statement to import crypto from outside the US but I haven't seen any download links.
3. Re:What about "Import Grade" by Bert64 · 2016-03-03 04:57 · Score: 3, Interesting
  
  No, but would you necessarily trust the US government either...
  The difference is that the US government has more reason to spy on a random US citizen then a foreign government does, and are more likely to do something with the information.
  If you're going to use something thats backdoored, better to have it backdoored by someone who has no interest in you.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
4. Re:What about "Import Grade" by buck-yar · 2016-03-03 05:01 · Score: 0
  
  Why on earth would the govt want to spy on you? You think some NSA nerd is sitting behind his star trek console watching your every move?
5. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:05 · Score: 2, Informative
  
  Canada
  Germany
6. Re:What about "Import Grade" by Bugler412 · 2016-03-03 05:05 · Score: 4, Informative
  
  Because it's been shown that in many data streams that they collect ALL communications and store it for future fishing expeditions, not only the specific target of interest at that point in time. There's no guarantee of you, your company or your (whatever) not becoming a target of interest in the future if say, for instance, some fascist demagogue was elected to office, (strictly hypothetical of course lol)
7. Re:What about "Import Grade" by mi · 2016-03-03 05:05 · Score: 5, Informative
  
  stupid laws that do not protect anyone from anything
  Of course, they do protect — encryption is a weapon and you try to limit access to your best stuff. Yes, the enemies may still be able to get some of it, but your efforts make it harder for them.
  Cryptography advances outside of the US made the point moot by early nineties, and the export-restrictions were dropped. But they weren't "stupid" — except, maybe, for the very last year or two.
  The article's emphasis is all wrong — the vulnerabilities are due to poor design of SSL2 and the coding practices of OpenSSL developers leading to poor implementation of the rest. Neither of these problems is due to the government's export-restrictions.
  
  --
  In Soviet Washington the swamp drains you.
8. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:08 · Score: 0
  
  No, but his computer program is.
  You are aware of the modern high tech power of automatic image search algorithms....right?
9. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:11 · Score: 1
  
  Back when export control was still an issue, the not-yet-greybeards would get their PGP here, which is in Norway.
10. Re:What about "Import Grade" by Sperbels · 2016-03-03 05:18 · Score: 3, Insightful
  
  Haven't you been paying attention to the government's whole argument for weakening encryption? Because one out of every few million nobodies like you and me become radical bombers and do things like blow up sky scrapers/marathons/etc and they want to be able to track down all your friends, family, and associates after the event.
11. Re:What about "Import Grade" by Zaowulf · 2016-03-03 05:23 · Score: 1
  
  Good question. Because communism! And terrorists!
12. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:23 · Score: 0
  
  try to limit access to your best stuff
  That's what she said.
13. Re:What about "Import Grade" by iggymanz · 2016-03-03 05:28 · Score: 4, Informative
  
  http://openbsd.org/
  http://www.openiked.org/
  http://www.libressl.org/
14. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:38 · Score: 1
  
  You're a moron. IT'S NOT ABOUT THE NSA SPYING ON YOU. It's about the NSA opening up holes in encryption that OTHERS use to spy on you ALSO.
15. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:51 · Score: 0
  
  OpenBSD specifically does their coding in Canada and other countries so they can use strong encryption. I'm a US Citizen, and I trust OpenBSD.
16. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 05:52 · Score: 0
  
  Simple solution: use both together.
17. Re:What about "Import Grade" by bleh-of-the-huns · 2016-03-03 06:00 · Score: 1
  
  Where are my mod points when I need them.
  Although, there have been documented instances where the feds meddled in things, like Dual_EC_DRBG.... So lets not assume the governments hands are completely clean.. but in this case, yeah the feds had no involvement.
  
  --
  I came, I conquered, I coredumped
18. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 06:18 · Score: 4, Informative
  
  Do you use SSH? A heck of a lot of US citizens do and trust it. It wasn't written in the US because of the crazy encryption restrictions the government has. The OpenBSD group runs it.
  http://www.openssh.com/history.html
  "for the ssh protocol in the 2.6 release, but we had to make sure that it was perfect. Therefore, we decided to immediately fork from the OSSH release, and pursue rapid development using the same process as the original OpenBSD security auditing process. The initial import was done on Sep 26, 1999, and, at the time of release two months later, many of the source code files were already at RCS revision 1.34... some as high as 1.66. Development went very fast indeed, since we had a deadline to meet.
  The following team members participated:
  Theo de Raadt (CANADA) started by removing non-portabilities which made the code harder to read -- the goal being simpler source code, so that security holes and other issues could be spotted easier.
  Niels Provos (GERMANY but living in USA) quickly removed the remaining cryptographic and GPL'd components by doing road trips to Canada, so that we could end up with a completely freely reusable source code base.
  Markus Friedl (GERMANY) jumped in and very quickly managed to replace the SSH 1.3 protocol code from the 1.2.12 release, with a SSH 1.5 protocol implementation compatible with the modern "ssh 1.2.27" series (this change was needed to operate with a lot of SSH-compatible Windows clients which lack support for SSH 1.3 protocol). His implementation is now used in OSSH. He added SSH 1.5 protocol support in such a way that SSH 1.3 protocol support remained operational. Later, he also added support for SSH 2 protocol and SFTP.
  Bob Beck (CANADA) helped with Makefile magic to ensure that we could compile OpenSSL without patented algorithms. Because OpenBSD 2.6 was shipping before the RSA patent expiration date, we needed to ship our CD with libssl and libcrypto shared libraries which lacked RSA. At install time, the user was able to replace these libraries via FTP/HTTP over the Internet. Luckily this kind of hackery is no longer needed.
  Aaron Campbell (CANADA) improved numerous documentation flaws and a few other code problems. It is mostly due to him that the manual pages are so complete.
  Dug Song (USA) helped with some authentication issues in the KerberosIV case (his changes were carefully checked to ensure they stayed away from any cryptography, and only touched on authentication issues). "
19. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 06:19 · Score: 0
  
  Aboslutely
20. Re:What about "Import Grade" by buck-yar · 2016-03-03 06:46 · Score: 1
  
  What's images got to do with this?
21. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 06:52 · Score: 0
  
  As a US Citizen, which government is more likely to want to, and can more easily harass and harm you, the US government, or the Chinese government?
22. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 06:53 · Score: 0
  
  Almost true. The OpenBSD distribution is made in Canada and the development is organized in Canada, but the "coding" is done all over the world including the USA.
23. Re:What about "Import Grade" by JoelKatz · 2016-03-03 08:12 · Score: 1
  
  What benefit do you think the US government gets from harming you?
24. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 09:31 · Score: 0
  
  encryption is a weapon
  
  Good. Not only is it covered by the 1st, 4th and 5th Amendments, it's covered by the 2nd Amendment too.
25. Re:What about "Import Grade" by Xtifr · 2016-03-03 09:46 · Score: 1
  
  These days (since around 2001), open-source software is basically exempt from the US ITAR export rules (with some qualifications—if you're planning to export crypto software source yourself, you need to check out the rules). Back before that was true, every major Linux distro had sites in Europe to host the essential crypto software (e.g. nonus.debian.org).
  So, I dunno about Windows or MacOS, but with Linux, the reason you haven't seen any download links is probably that you're too young!
26. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 10:30 · Score: 0
  
  ... have you been living under a rock? That's exactly what they do, and Edward Snowden and others showed proof.
27. Re:What about "Import Grade" by Impy+the+Impiuos+Imp · 2016-03-03 10:32 · Score: 1
  
  But would a US Citizen trust encryption from another country to not have a backdoor or other such weakness that might allow that country's government to crack it easily?
  Export of crypto is limited. Inside the US you can use anything. IIRC the Supreme Court already ruled speaking encrypted is protected by the First Amendment.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
28. Re: What about "Import Grade" by Anonymous Coward · 2016-03-03 11:07 · Score: 0
  
  Wrong question. What benefit does a potential FUTURE government percieve, whether real or not, in harming you?
  We've witnessed a massive wave of anti-freespeech sentiment from social justice warriors, a combination of left wing and authoritarian that no one could predict. We've also witnessed a set of alt right folks who are some hybrid of fascist and techno-libertarian, also not well predicted.
  Twenty years ago-ish, Clinton, a liberal democrat, signed the Defense of Marriage act, preempting the case where a state might make gay marriage legal. Ten years ago, it was reasonable to be opposed to gay marriage. Two years ago, it was unsavory enough that a mere donation got the Mozilla CEO kicked out on his ass. One year ago, it became the law through the Supreme court finding that it was in the constitution all along or something. Nowadays, anyone opposed is viewed as an outright bigot.
  Now I do support gay marriage, and have for longer than all these modern era Democrats who had to do a backflip to catch up with society on this- but guess what?
  YOU DON'T KNOW WHAT WILL BE FORBIDDEN TOMORROW
  You have no idea what is normal now that will be considered dangerously left, or dangerously right, in just a few years.
  Who the fuck knows what will be illegal soon. Probably cartoons with big tits or something so they can fuck with people who don't go outside, just like everyone is currently a criminal the moment they put a car on the road. Everyone always has to be a criminal, see.
  And you know why.
29. Re:What about "Import Grade" by shawn2772 · 2016-03-03 12:47 · Score: 1
  
  Cryptography advances outside of the US made the point moot by early nineties, and the export-restrictions were dropped. But they weren't "stupid" — except, maybe, for the very last year or two.
  Yes, they were stupid. There were no significant cryptographic primitives in use in the US about which full details hadn't been published, or indeed, of which implementations weren't available worldwide. Many of the "export-grade" ciphers were the same ciphers used in the US, just with arbitrary restrictions on key length.
  There was no point in time where encryption tools available to US corporations and citizens were significantly better than tools available outside of the US.
30. Re:What about "Import Grade" by Kazoo+the+Clown · 2016-03-03 13:34 · Score: 1
  
  Of course, they do protect — encryption is a weapon [theguardian.com] and you try to limit access to your best stuff [quora.com]. Yes, the enemies may still be able to get some of it, but your efforts make it harder for them.
  More relevant, encryption is a defense. And it's that aspect of it where limiting access to it is harmful.
31. Re:What about "Import Grade" by Anonymous Coward · 2016-03-03 14:12 · Score: 0
  
  and think about the children!
32. Re:What about "Import Grade" by __aaclcg7560 · 2016-03-03 15:24 · Score: 1
  
  So, I dunno about Windows or MacOS, but with Linux, the reason you haven't seen any download links is probably that you're too young!
  I started compiling Linux source in 1997 in my early 30's I routinely downloaded from Australian FTP servers because a fast link existed between there and Silicon Valley for downloading on a 56K modem. Crypto software has never been an issue for me until now.
33. Re:What about "Import Grade" by Z80a · 2016-03-03 18:52 · Score: 1
  
  Or a corporate overlord, or a socialist nutjob that is probably the best option due being too pussy to do what he wants to.
34. Re:What about "Import Grade" by bickerdyke · 2016-03-03 21:44 · Score: 1
  
  You know for sure he wasn't the victim of so-called "LOVEINT"?
  NSA does have to watch at least someone, or else it would just be money blown out. What makes you so sure it's not HIM?
  
  --
  bickerdyke
35. Re:What about "Import Grade" by bickerdyke · 2016-03-03 22:01 · Score: 2
  
  hmm... considering that the average US citizen hasn't any ties with the Chinese government, the answer is obvious.
  Of course it's a different answer for US citizens with international political or business contacts or any kind of contact to China
  I know the answer is slightly surprising, but having to ask that question alone should ring everyone's alarms, as one of these examples is known to be a anti-democratic regime violaiting human rights and suppressing their citizens.
  As average person in a democratic, you should not even have to consider if your own government is spying on you!
  
  --
  bickerdyke
36. Re:What about "Import Grade" by bickerdyke · 2016-03-03 22:02 · Score: 1
  
  Probably none.
  But then, why are they doing it anyway?
  
  --
  bickerdyke
37. Re:What about "Import Grade" by Anonymous Coward · 2016-03-04 00:35 · Score: 0
  
  Please don't confuse SSH with OpenSSH. Those are two completely different concepts.
38. Re:What about "Import Grade" by JoelKatz · 2016-03-04 08:53 · Score: 1
  
  For a variety of reasons including incompetence, collateral damage, organizational dysfunction, pandering to win elections, and prioritization of small short-term goals over significant long-term goals. But it's incredibly naive and misguided to fail to appreciate two things:
  1) The United States has both statutory and institutional controls over law enforcement and national intelligence that are much stronger than many other country's.
  2) Foreign governments do in fact use their foreign intelligence capabilities against United States citizens and businesses, just as we do to foreign companies and individuals.
So stop listening to them then? by Anonymous Coward · 2016-03-03 04:44 · Score: 0

Why does this seem so difficult? I guess if you're reliant on them for money, but business has a vested interest in doing this right (well, one would think).
All the US Gov't needs is some rope... by TigerPlish · 2016-03-03 04:47 · Score: 1

..so they can hoist their own petard themselves.
Seriously, US Gov't -- keep digging, you'll finish your grave soon 'nuff.

--
The "Civilized World" jumped the shark ca. 1973.
1. Re:All the US Gov't needs is some rope... by penguinoid · 2016-03-03 05:01 · Score: 1
  
  ..so they can hoist their own petard themselves.
  I thought that they needed a mortar and especially a mortar shell, to hoist on their own petard.
  
  --
  Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
2. Re:All the US Gov't needs is some rope... by TigerPlish · 2016-03-03 05:28 · Score: 1
  
  I've always thought of it, for some reason, as involving rope and a flagpole. o.O
  
  --
  The "Civilized World" jumped the shark ca. 1973.
3. Re:All the US Gov't needs is some rope... by Salgak1 · 2016-03-03 05:31 · Score: 1
  
  You have no idea. I'm currently getting static about patching glibc and OpenSSL outside the "normal monthly patch cycle". Which was 3 versions behind **BEFORE** GHOST and DROWN surfaces. . .
4. Re:All the US Gov't needs is some rope... by Anonymous Coward · 2016-03-03 07:35 · Score: 0
  
  Wikipedia suggests that all you need in order to be hoisted by your own petard is to have a fondness for home-made fireworks and other IED's.
  The petard, being derived from the french word for flatulence, was a mortar shell, and to be "hoisted" meant to be blown up by it. Apparently these mortar shells were also sometimes jerry-rigged as mines. Apparently it was common enough in world war II to be blown up by your own jerry-rigged mine that it is a common expression today.
  Captcha: Overdone.
"Government's Fault" is a bit of a reach by xxxJonBoyxxx · 2016-03-03 04:55 · Score: 5, Insightful

I remember the 1990's crypto wars. But we've also had plenty of time to refactor our code, create secure-by-default installations and disable insecure implementations. In fact, as an industry, we've done it before for SSL 2.0, MD5, SSL 3.0, RC4 and now SHA1.
1. Re:"Government's Fault" is a bit of a reach by Anonymous Coward · 2016-03-03 05:28 · Score: 0
  
  I wish I had points for you. It's been a bit too long since reasonable people would still blame the Gov't. Instead, how about offering a branch that says "This isn't going to be backwards compatible with '90s era tech, but it is MUCH more secure"
2. Re:"Government's Fault" is a bit of a reach by SvnLyrBrto · 2016-03-03 06:48 · Score: 1
  
  Indeed. It's been known for quite a while that older SSLs were crap, even before DROWN. When the CVE hit, I checked the servers I'm responsible for, and discovered that I'd already disabled SSLv2 not long after I took the job. I'd simply forgotten having done so.
  
  --
  Imagine all the people...
We're trying. by NMBob · 2016-03-03 04:58 · Score: 1

I like his last line: "...let's hope that we won't make the same mistake again." Wasn't it John Paul Jones that said, "We have not yet begun to make mistakes!"? I might not have that right.
wrong by ole_timer · 2016-03-03 05:04 · Score: 2

not that I'm in favor of government intervention, but those were all implementation errors. anything designed and built by humans has them.

--
nothing to see here - move along
Oh, gee, I don't know? by Anonymous Coward · 2016-03-03 05:06 · Score: 0

Maybe because you haven't paid all your taxes?
1. Re:Oh, gee, I don't know? by Anonymous Coward · 2016-03-03 16:33 · Score: 0
  
  Learn the difference between IRS and NSA
The major problem is neglect by Kjella · 2016-03-03 05:16 · Score: 1

Base libraries like these are often widely used but everybody assumes somebody else has done the code reviews and exploit testing. It took some major exploits like heartbleed to make people realize that OpenSSL was understaffed, full of cruft and really far from the ideal crypto library. Yes, in this case it was a downgrade exploit to an export cipher. That doesn't mean the US government is generally at fault for downgrade attacks, it's poor coding. That a library might have support for old yet known flawed protocols/algorithms for compatibility is a reasonable feature, but the handshake is supposed to verify the client and server connected in the best possible way. But it's so much easier to blame somebody else.

--
Live today, because you never know what tomorrow brings
Export restrictions on crypto always seemed so sil by ZorinLynx · 2016-03-03 05:16 · Score: 1

It's not like it's hard to export things over the Internet, even if it's "against the law", and it only has to be done once.
This sounds like a law put in place more for "the feels" than to actually accomplish anything.
Here are the best I could find by gurps_npc · 2016-03-03 05:19 · Score: 1

[ REDACTED by order of the NSA]
[ REDACTED by order of the NSA]
and my personal favorite:

--
excitingthingstodo.blogspot.com
Warrant canary by danceswithtrees · 2016-03-03 05:23 · Score: 1

Perhaps companies/groups that write such software could implement a "warrant canary." See https://en.wikipedia.org/wiki/...
Once you are served with a secret warrant, you are legally bound not to disclose that you have been served. They can however stop updating the "We have not been served" status on their website letting users/people know that they have been served.
If you work on an security project and haven't been served, please do this now. And blink twice if you can't say anything....
1. Re:Warrant canary by Bugler412 · 2016-03-03 05:52 · Score: 3, Interesting
  
  that works until the next precedent setting court case that determines that failing to update the warrant canary is a form of communication prohibited by the gag order due to the intent of the operator. Coming soon to a federal court near you I'm sure.
2. Re:Warrant canary by JoelKatz · 2016-03-03 08:14 · Score: 1
  
  I wonder if there's any case law on failing to prevent the existence of a secret warrant becoming known through intentional inaction was prosecuted. The cases might be analogous.
3. Re:Warrant canary by Anonymous Coward · 2016-03-03 08:54 · Score: 1
  
  That would be an interesting case indeed because it would compel parties to engage in a form of speech against their will.
  http://law2.umkc.edu/faculty/projects/ftrials/conlaw/compelledspeech.htm
Click here if you're in the USA or a terrorist by thegarbz · 2016-03-03 05:28 · Score: 1

I remember those good old days and the choices you got to download software:
Click here if you're with the USA, or you want better encryption, or you're a terrorist, or you think this concept is retarded.
Click here if you're an idiot and outside the USA.
Also. . . by Salgak1 · 2016-03-03 05:33 · Score: 1

. . . . all the lamp-posts in DC have been changed out from the standard pole-and-boom to strictly vertical posts. It's as if the expected the citizens to one day rise up, and do the hoisting. . . . (evil grin)
Golf Clap by Anonymous Coward · 2016-03-03 05:35 · Score: 0

Wow! This is hilarious! This is the exact subject I did my "technical writing" course on, back in my 4th year of computer science in 2000. And I came to the same conclusion back then too, that encryption was being artificially weakened. All this information was available back then and the writing was on the wall.
bullshit reporting by Anonymous Coward · 2016-03-03 05:38 · Score: 0

"says constantin" like he's some kind of crypto expert ir something. This is just theoreticall bullshit reporting
1. Re: bullshit reporting by Anonymous Coward · 2016-03-03 06:01 · Score: 0
  
  I say fuck the govt and their bs snooping laws. Bunch of faggots need to be bitch slapped back to the stoneage with iphones rammed up their asses. The same goes for att, tmo, and any other panhandling cunts who value the latest and greatest pos over pricacy. Fuck em all.
Answer? OpenBSD by Anonymous Coward · 2016-03-03 06:03 · Score: 0

for using OpenBSD. Not subject to US laws. I always download from the Canadian mirrors, for initial install ISOs and software installs. Been an OpenBSD fan since 2001. It's my absolutely favorite OS hands down. It features outstanding laptop support like wireless chipset support and suspend, has a very comfortable refresh cycle (6 months) and is arguably faster and more secure than any Linux distro I've ever used, and I've been a *nix sysadmin since 1998.
Why not by KonstantinVoznesensk · 2016-03-03 07:25 · Score: 1

Special NSA user with root rights and a separate password for every installation (on every OS and platform), so that leaked credentials for one computer doesn't affect any other - creation of such a user can be done during online activation.Yes that requires that online activation should be secure process. I don't think this is genius idea, but it should be better than a backdoor in every OS that can be used with no credentials check.
1. Re:Why not by JoelKatz · 2016-03-03 08:17 · Score: 1
  
  I'm ignoring the legal and moral issues and looking only at the technical ones.
  If access was only for national security, that might work. But the problem is that law enforcement around the country wants access to this information any time any judge anywhere issues a warrant. That would mean the database of such passwords would be accessed by thousands of people around the country every day.
  Some of those passwords would protect a twelve year old's text messages with their friends. Some of them would protect critical industrial secrets.
  That's totally unworkable. It's like storing the Mona Lisa the same place everyone keeps their wallet.
Not just government! by Anonymous Coward · 2016-03-03 08:18 · Score: 0

I'm all for government bashing, but the downgrade attacks would not have happened if the message format included a list of supported SSL/TLS versions.
Government did a bad thing. The protocol designers however were not good enough to consider transition periods.