Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Science Professor Mocks The NSA's Buggy Code (softpedia.com)

Posted by EditorDavid on from the back-to-school dept.

After performing hours of analysis, a computer science professor says he's "not impressed" by the quality of the recently-leaked code that's supposedly from an NSA hacking tool. An anonymous Slashdot reader writes: The professor, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago, gripes about the cryptography operations employed in the code of an exploit called BANANAGLEE, used against Fortinet firewalls. Some of his criticism include the words "ridiculous", "very bad", "crazy" and "boring memory leaks".

"I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email.
If these were cyberweapons, "I'm pretty underwhelmed by their quality," professor Checkoway writes on his blog, adding that he found "sloppy and buggy code," no authentication of the encrypted communication channel, 128-bit keys generated using 64 bits of entropy, and cypher initialization vectors that leaked bits of the hash of the plain text...

2 of 179 comments (clear)

  1. Re:Random Numbers by raftpeople · · Score: 2, Informative

    Snowden revealed a few years ago that the NSA was able to decrypt most of encrypted traffic and stated there is a high probability that things like RDRAND are compromised.

  2. Re:NSA is part of "big government" after all by dbIII · · Score: 3, Informative

    Privatize security? You mean like dismantle the TSA and have airport security run by the airlines?

    At this point that would be an incredibly good idea.
    The airlines have different priorities so would run it as security and not a massive welfare program for a massive number of poorly trained staff and money funnel to political connections.
    Walmart "greeters" take the security part of their job far more seriously than the TSA up to the highest level.

    As for everything else, you've got some good points.

    is the privatization of all military

    Blackwater etc partially happening and a horror story in general. Mercenaries employed to do what professional soldiers consider unprofessional or outright war crimes.

    I believe he has enough respect of the people in uniform

    He has shown utter contempt on several occasions.

    I believe it won't be long before larger and more complicated weapons, like a passable battle tank, can be mass produced in an amateur machinist garage.

    A very interesting idea but it doesn't seem to be playing out that way anywhere.

    By the way, what do you second amendment types do at 45? Do you get rid of all your guns since the second amendment doesn't apply to you after that? Perhaps you should consider that your right to be armed comes from it not being taken away from you in the first place and has nothing at all to do with the second amendment.