So, what are these algorithms that are impossible to backdoor either through design or implementation? No chance of another something like heartbleed, or Reflections on Trusting Trust?
There is actually nothing wrong with the algorithm for Dual_EC_DRBG, the issue is with people's trust of the constants that define the curve for it in the standard. The only issue there is that people don't trust them just like they didn't trust the NSA generated S-boxes that strengthened DES against secret cryptanalysis techniques. Choosing a new set of known good constants for the standard would resolves all the issues other than performance. Of course that would mean you would need to verify the new configuration was still good and generated proper numbers. (And no matter what you do there will be people that mistrust it, just as this thread started.)
Paranoia can be a useful factor in dealing with security, but it should be moderated and harnessed in a positive manner. If not you end up making mistakes due to poor judgment as I discussed in my other post on DES. You assume the worst case, flop around and make an ever worse choice.
That may be at some level, but keep it mind that operating only on suspicion makes it easy to end up in the "didn't use DES, got data read by differential cryptanalysis (or method X)" bin. Your choice. It is easy to have suspicions that aren't well founded, as well as false confidence.
Math majors get heavily recruited for those jobs for a reason. Sound encryption doesn't tend to emerge from whimsy.
Clear thinking generally takes some effort. You should always be clear about what the evidence proves and what it doesn't prove or you are likely to make mistakes. Once you understand that you can apply your suspicions. There were plenty of people that assumed that DES was backdoored due to the changes made in the DES S-boxes prior to the standard being approved. They refused to use DES and used other technologies. It was later revealed that DES had been hardened against secret cryptanalysis techniques that cracked other methods. The people that refused to use DES and used those other methods were unknowingly using weaker encryption due simply to their suspicions. Operating by suspicion can be hazardous when it comes to encryption. Of course the flip side is true too, as the Ultra cracks of Enigma showed.
As I understand it that is the nature of elliptic curve technology, so I don't think that is quite right. You may recall that elliptic curve encryption was thought to be a highly promising encryption technology at the time. I'm not sure that the calculations would really help you since you could probably generate the same points with or without a backdoor, although I could be mistaken on that point. But as far as I know there is no way to tell just by examining a set of constants if there is a backdoor or not. And that is where the controversy comes in.
When it comes to encryption you're either going to trust somebody, who may end up having a hidden agenda and the ability to hide it from you, or you won't be exchanging encrypted messaged. Even public review is no guarantee: "Opps! Looks like we didn't cover that obscure corner case, "glad" you spotted it!"
The problem is that by assuming the worst you can go down the wrong path is the situation isn't in fact worst case. Consider the example of DES encryption. The NSA tweaked the S-box values before the standard was approved. Nobody outside of NSA knew why. Many people suspected some sort of backdoor, but nobody could find one. As a result of the suspicion there were people that refused to use DES. Eventually it emerged that NSA had strengthened DES against secret cryptanalysis techniques that weren't generally known at the time. Many of the people that refused to use DES ended up using encryption schemes that were vulnerable to the secret techniques because they assumed the worst and were wrong. DES held up remarkably well against attacks over time, including attacks that were either invented or reinvented long after DES was approved.
There is no evidence that a backdoor actually exists, only that one is possible with the technology. You can't tell if one exists or not just from the published specification. The only people that would know if one exists are the people that created the curve values.
Presumably GP worries that if one out of four options selected by this body is not just flawed but apparently deliberately subverted, what does that say about how well the other three were vetted?
That isn't quite the issue. All of the options in the standard were vetted. The Dual_EC_DRBG option is controversial for performance, the correction to it, and one other reason. Some people claim that it has a backdoor, but that isn't what has been proven. What has been proven is that a backdoor is possible with the technology and you wouldn't know either way. You can generate values for the curve without creating a backdoor, and that would be less work. If there was a backdoor created, only the person or group that created the values used in curve would know it and how to exploit it. If a backdoor exists for a particular set of curve values identifying it isn't easier than the original problem. It looks the same either way with or without a backdoor. People have been making exaggerated claims based on this ambiguity.
Ah yes, the "no true communist" fallacy. Surely you don't believe it? There has been no shortage of communists over the years willing to exterminate the class according to Marx's bloody theories (14:16-23:16) to try building yet another Marxist "uptopia" of collectivism and a dictatorship of the proletariat. What makes you so certain you've got it right and none of those other millions that called themselves communists didn't?
I hope that if you haven't already done so that you make some time to share some of those memories with her. It would be mark of shame on the generation that lived through it if the memory of communist oppression were to disappear quickly, especially since there are still communists straining for another chance to try building communism again.
If it was Soviet Estonia then your parents or grandparents weren't among the victims of repression or deportation, although they might be among the ethnic Russians moved there by the Soviet Union. (Ethnic Russian by any chance?) Those would be among the ethnic Russians that Putin has threatened other countries over.
The Soviet Union had started preparations for the launch of terror in Estonian civil society already before the occupation of Estonia. As elsewhere, the purpose of communist terror was to suppress any possible resistance from the very beginning and to inculcate great fear among people in order to rule out any kind of organised general resistance movement in the future as well. In Estonia, the planned extermination of the prominent and active persons, as well as the displacement of large groups of people were intended to destroy the Estonian society and economy. The lists of people to be repressed were prepared well in advance. From the files of the Soviet security organs, it seems that already in the early 1930’s the Soviet security organs had collected data on persons to be subjected to repressions. Pursuant to the instructions issued in 1941, the following people in the territories to be annexed into the Soviet Union and their family members were to be subjected to repression: all the members of the former governments, higher state officials and judges, higher military personnel, former politicians, members of voluntary state defence organisations, members of student organisations, persons having actively participated in anti-Soviet armed combat, Russian émigrés, security police officers and police officers, representatives of foreign companies and in general all people having contacts abroad, entrepreneurs and bankers, clergymen and members of the Red Cross. Approximately 23 percent of the population belonged to these categories. In fact, the number of those actually subjected to repressions was much greater, for a large number of people not included in the lists also fell victim to the settlement of scores.
If you miss the "sanity" of Soviet times, you are woefully ignorant about events, badly confused, or a madman. Perhaps you could start smaller, such a suggesting widespread castration because it "calms" men?
If you really miss an ever present threat against you then you could try a visit a tribal society and start a blood feud?
It is consistent with appropriate due process against the enemy during war*, including American turncoats, to attack them. If you don't agree then you are apparently against the Constitutional war making powers of Congress, and the President's role as Commander in Chief. You may notice the courts don't have a role there.
* Congress passed the Authorization for Use of Military Force, equivalent to a declaration of war.
You make good points, but I think EMP would be considered as a sort of "decapitation" strike while not necessarily creating the conditions for a full nuclear counter-strike.
How much in the way of modern microelectronics was in use at the time of Starfish Prime as opposed to vacuum tubes which are much more resistant? The ability of EMP to damage modern computers is known.
How much would the EMP attack be enhanced by optimizing the warhead for that in a fashion similar to what is done for neutron bombs?
If EMP doesn't do that much, why would the military harden its electronics against it?
If you've only got one shot in the face of missile defenses, do you go for an obvious high value target that may fail, or maybe something else?
Either way I think that it is prudent to take steps to harden the infrastructure, especially where it can be done at moderate cost.
An EMP attack is most likely from a hostile nation. Terrorists, assuming they somehow got hold of a nuke, would probably use it against a city.
what is more likely: that they would use it as a normal bomb to kill people, or as an EMP to knock out power and damage electronics in less than a 1000-mile radius?
Put that explosion over the central United States, and then draw a 1,000 mile radius of damage. Which do you think will have a bigger impact? One city hit by a nuke, or most of the US hit by EMP?
Since when is it permissible for any government to employ military force against its own (civilian) citizens? I'm pretty sure that armed (combat) drones are military technology.
When those citizens take up arms as part of a military force at war with the United States, and the US Congress has authorized military force against them.
Al Qaida declared war in 1996 and has conducted many attacks since then. The US Congress authorized military action in 2001.
If you are whining about the "collateral murder" incident, they were killed because they were sneaking around with terrorists and weren't wearing the special journalist hat. So no, "we" really don't like killing journalists.
No my dear moderator, that was not "flamebait." That is what is called an opinion, and a reasonable and justifiable one at that. The fact that you don't like my opinion doesn't make it flamebait. The fact that I invoke the history of previous dealings with similar problems does not make it flamebait. You have misused your modpoint, no doubt because you don't have a counterargument. You penalize me for your shortcoming.
This isn't a new problem for the United States. The US has dealt with the same or similar problems in the past. The American renegades get all the due process needed for the circumstances. In fact, American renegades today are almost certainly getting more due process than has been performed in the past.
You can see a depiction of Americans in a similar legal status and how they were dealt with here.
Constitutionally it is fine. Arrests, formal legal charges, trials, judges and lawyers are not needed. If the renegades want that they can surrender and get those instead.
Your chronology is wrong, so I assume that is party of the confusion. Snowden was at the Russian embassy in Hong Kong for several days although it was not made widely known at the time. He waited until his passport was canceled, then boarded the plane for Russia (the Chinese weren't going to stop him). On his arrival in Russia his arrival was proclaimed a "surprise" despite his time at the Russian embassy in Hong Kong. Snowden then went through the public motions of applying for asylum while often successfully evading reporters at the airport. His spokesman in Russia is a lawyer on the public committee of the FSB security service, and has ties to former KGB officer Putin. All coincidence? "Maybe." I find it interesting that published reports indicate that Snowden was known to be disgruntled while still working at the CIA, years before he stole nearly 2,000,000 Top Secret documents and fled the country for Hong Kong. The papers report that intelligence officials in the UK and US assess it highly likely that the Chinese, the Russians, or both have everything he took. Mitigation efforts are now being made. It will cost billions of dollars and take years to fix. They basically have to do that since there is no way to prove that enormous cache of documents, some of which have been handed over to multiple third parties, hasn't been compromised somewhere along the line by either Snowden or someone on the inside of one of those other document holders. Since Snowden fled and started leaking the documents to be published, Russia has announced that it is upgrading its internal computer surveillance systems in line with what has been revealed in the documents Snowden took. Both Russia and China have embarked on a path of aggression against their neighbors. Do you think it is possible that they became confident about the limits of US intelligence? And finally, various terrorist organizations have been changing their communications methods and have been evading surveillance. Coincidence? No.
Slashdot Mirror
So, what are these algorithms that are impossible to backdoor either through design or implementation? No chance of another something like heartbleed, or Reflections on Trusting Trust?
There is actually nothing wrong with the algorithm for Dual_EC_DRBG, the issue is with people's trust of the constants that define the curve for it in the standard. The only issue there is that people don't trust them just like they didn't trust the NSA generated S-boxes that strengthened DES against secret cryptanalysis techniques. Choosing a new set of known good constants for the standard would resolves all the issues other than performance. Of course that would mean you would need to verify the new configuration was still good and generated proper numbers. (And no matter what you do there will be people that mistrust it, just as this thread started.)
Paranoia can be a useful factor in dealing with security, but it should be moderated and harnessed in a positive manner. If not you end up making mistakes due to poor judgment as I discussed in my other post on DES. You assume the worst case, flop around and make an ever worse choice.
That may be at some level, but keep it mind that operating only on suspicion makes it easy to end up in the "didn't use DES, got data read by differential cryptanalysis (or method X)" bin. Your choice. It is easy to have suspicions that aren't well founded, as well as false confidence.
Math majors get heavily recruited for those jobs for a reason. Sound encryption doesn't tend to emerge from whimsy.
Clear thinking generally takes some effort. You should always be clear about what the evidence proves and what it doesn't prove or you are likely to make mistakes. Once you understand that you can apply your suspicions. There were plenty of people that assumed that DES was backdoored due to the changes made in the DES S-boxes prior to the standard being approved. They refused to use DES and used other technologies. It was later revealed that DES had been hardened against secret cryptanalysis techniques that cracked other methods. The people that refused to use DES and used those other methods were unknowingly using weaker encryption due simply to their suspicions. Operating by suspicion can be hazardous when it comes to encryption. Of course the flip side is true too, as the Ultra cracks of Enigma showed.
As I understand it that is the nature of elliptic curve technology, so I don't think that is quite right. You may recall that elliptic curve encryption was thought to be a highly promising encryption technology at the time. I'm not sure that the calculations would really help you since you could probably generate the same points with or without a backdoor, although I could be mistaken on that point. But as far as I know there is no way to tell just by examining a set of constants if there is a backdoor or not. And that is where the controversy comes in.
When it comes to encryption you're either going to trust somebody, who may end up having a hidden agenda and the ability to hide it from you, or you won't be exchanging encrypted messaged. Even public review is no guarantee: "Opps! Looks like we didn't cover that obscure corner case, "glad" you spotted it!"
The problem is that by assuming the worst you can go down the wrong path is the situation isn't in fact worst case. Consider the example of DES encryption. The NSA tweaked the S-box values before the standard was approved. Nobody outside of NSA knew why. Many people suspected some sort of backdoor, but nobody could find one. As a result of the suspicion there were people that refused to use DES. Eventually it emerged that NSA had strengthened DES against secret cryptanalysis techniques that weren't generally known at the time. Many of the people that refused to use DES ended up using encryption schemes that were vulnerable to the secret techniques because they assumed the worst and were wrong. DES held up remarkably well against attacks over time, including attacks that were either invented or reinvented long after DES was approved.
There is no evidence that a backdoor actually exists, only that one is possible with the technology. You can't tell if one exists or not just from the published specification. The only people that would know if one exists are the people that created the curve values.
Presumably GP worries that if one out of four options selected by this body is not just flawed but apparently deliberately subverted, what does that say about how well the other three were vetted?
That isn't quite the issue. All of the options in the standard were vetted. The Dual_EC_DRBG option is controversial for performance, the correction to it, and one other reason. Some people claim that it has a backdoor, but that isn't what has been proven. What has been proven is that a backdoor is possible with the technology and you wouldn't know either way. You can generate values for the curve without creating a backdoor, and that would be less work. If there was a backdoor created, only the person or group that created the values used in curve would know it and how to exploit it. If a backdoor exists for a particular set of curve values identifying it isn't easier than the original problem. It looks the same either way with or without a backdoor. People have been making exaggerated claims based on this ambiguity.
Ah yes, the "no true communist" fallacy. Surely you don't believe it? There has been no shortage of communists over the years willing to exterminate the class according to Marx's bloody theories (14:16-23:16) to try building yet another Marxist "uptopia" of collectivism and a dictatorship of the proletariat. What makes you so certain you've got it right and none of those other millions that called themselves communists didn't?
I hope that if you haven't already done so that you make some time to share some of those memories with her. It would be mark of shame on the generation that lived through it if the memory of communist oppression were to disappear quickly, especially since there are still communists straining for another chance to try building communism again.
If it was Soviet Estonia then your parents or grandparents weren't among the victims of repression or deportation, although they might be among the ethnic Russians moved there by the Soviet Union. (Ethnic Russian by any chance?) Those would be among the ethnic Russians that Putin has threatened other countries over.
Just a snippet of history: Soviet deportations from Estonia in 1940s
The Soviet Union had started preparations for the launch of terror in Estonian civil society already before the occupation of Estonia. As elsewhere, the purpose of communist terror was to suppress any possible resistance from the very beginning and to inculcate great fear among people in order to rule out any kind of organised general resistance movement in the future as well. In Estonia, the planned extermination of the prominent and active persons, as well as the displacement of large groups of people were intended to destroy the Estonian society and economy. The lists of people to be repressed were prepared well in advance. From the files of the Soviet security organs, it seems that already in the early 1930’s the Soviet security organs had collected data on persons to be subjected to repressions. Pursuant to the instructions issued in 1941, the following people in the territories to be annexed into the Soviet Union and their family members were to be subjected to repression: all the members of the former governments, higher state officials and judges, higher military personnel, former politicians, members of voluntary state defence organisations, members of student organisations, persons having actively participated in anti-Soviet armed combat, Russian émigrés, security police officers and police officers, representatives of foreign companies and in general all people having contacts abroad, entrepreneurs and bankers, clergymen and members of the Red Cross. Approximately 23 percent of the population belonged to these categories. In fact, the number of those actually subjected to repressions was much greater, for a large number of people not included in the lists also fell victim to the settlement of scores.
Yes, it would be a very bad thing for the Soviet Union to come back, a disaster of epic proportions. Communists killed 100,000,000 people in the last century. Such tyranny has seldom been equaled.
If you miss the "sanity" of Soviet times, you are woefully ignorant about events, badly confused, or a madman. Perhaps you could start smaller, such a suggesting widespread castration because it "calms" men?
If you really miss an ever present threat against you then you could try a visit a tribal society and start a blood feud?
So, does anyone have any ideas where Edward Snowden might be working in Russia these days?
Now, you bring the bugging devices home as consumer appliances, and install then them yourself for the spooks.
This saves them a lot of effort. Cost effective.
You mean nobody does it for the Eastern Europe mafias or the Chinese?
Inmates running the asylum? Sounds about right.
Now you too......can turn water into wine.
Yes, bad wine apparently. Jesus did better.
It is consistent with appropriate due process against the enemy during war*, including American turncoats, to attack them. If you don't agree then you are apparently against the Constitutional war making powers of Congress, and the President's role as Commander in Chief. You may notice the courts don't have a role there.
* Congress passed the Authorization for Use of Military Force, equivalent to a declaration of war.
You make good points, but I think EMP would be considered as a sort of "decapitation" strike while not necessarily creating the conditions for a full nuclear counter-strike.
How much in the way of modern microelectronics was in use at the time of Starfish Prime as opposed to vacuum tubes which are much more resistant? The ability of EMP to damage modern computers is known.
How much would the EMP attack be enhanced by optimizing the warhead for that in a fashion similar to what is done for neutron bombs?
If EMP doesn't do that much, why would the military harden its electronics against it?
If you've only got one shot in the face of missile defenses, do you go for an obvious high value target that may fail, or maybe something else?
Either way I think that it is prudent to take steps to harden the infrastructure, especially where it can be done at moderate cost.
An EMP attack is most likely from a hostile nation. Terrorists, assuming they somehow got hold of a nuke, would probably use it against a city.
what is more likely: that they would use it as a normal bomb to kill people, or as an EMP to knock out power and damage electronics in less than a 1000-mile radius?
Put that explosion over the central United States, and then draw a 1,000 mile radius of damage. Which do you think will have a bigger impact? One city hit by a nuke, or most of the US hit by EMP?
Since when is it permissible for any government to employ military force against its own (civilian) citizens? I'm pretty sure that armed (combat) drones are military technology.
When those citizens take up arms as part of a military force at war with the United States, and the US Congress has authorized military force against them.
Al Qaida declared war in 1996 and has conducted many attacks since then. The US Congress authorized military action in 2001.
If you are whining about the "collateral murder" incident, they were killed because they were sneaking around with terrorists and weren't wearing the special journalist hat. So no, "we" really don't like killing journalists.
No my dear moderator, that was not "flamebait." That is what is called an opinion, and a reasonable and justifiable one at that. The fact that you don't like my opinion doesn't make it flamebait. The fact that I invoke the history of previous dealings with similar problems does not make it flamebait. You have misused your modpoint, no doubt because you don't have a counterargument. You penalize me for your shortcoming.
This isn't a new problem for the United States. The US has dealt with the same or similar problems in the past. The American renegades get all the due process needed for the circumstances. In fact, American renegades today are almost certainly getting more due process than has been performed in the past.
You can see a depiction of Americans in a similar legal status and how they were dealt with here.
Constitutionally it is fine. Arrests, formal legal charges, trials, judges and lawyers are not needed. If the renegades want that they can surrender and get those instead.
Your chronology is wrong, so I assume that is party of the confusion. Snowden was at the Russian embassy in Hong Kong for several days although it was not made widely known at the time. He waited until his passport was canceled, then boarded the plane for Russia (the Chinese weren't going to stop him). On his arrival in Russia his arrival was proclaimed a "surprise" despite his time at the Russian embassy in Hong Kong. Snowden then went through the public motions of applying for asylum while often successfully evading reporters at the airport. His spokesman in Russia is a lawyer on the public committee of the FSB security service, and has ties to former KGB officer Putin. All coincidence? "Maybe." I find it interesting that published reports indicate that Snowden was known to be disgruntled while still working at the CIA, years before he stole nearly 2,000,000 Top Secret documents and fled the country for Hong Kong. The papers report that intelligence officials in the UK and US assess it highly likely that the Chinese, the Russians, or both have everything he took. Mitigation efforts are now being made. It will cost billions of dollars and take years to fix. They basically have to do that since there is no way to prove that enormous cache of documents, some of which have been handed over to multiple third parties, hasn't been compromised somewhere along the line by either Snowden or someone on the inside of one of those other document holders. Since Snowden fled and started leaking the documents to be published, Russia has announced that it is upgrading its internal computer surveillance systems in line with what has been revealed in the documents Snowden took. Both Russia and China have embarked on a path of aggression against their neighbors. Do you think it is possible that they became confident about the limits of US intelligence? And finally, various terrorist organizations have been changing their communications methods and have been evading surveillance. Coincidence? No.