Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Infiltrated RSA Deeper Than Imagined

samzenpus posted about 6 months ago | from the bad-to-worse dept.

United States 168

Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."

cancel ×

168 comments

Sorry! There are no comments related to the filter you selected.

Surprise surprise, they lied and it's still there. (1)

Anonymous Coward | about 6 months ago | (#46622439)

The only question is WHY DO THEY GO ON RECORD with the bullshit denials?

Re:Surprise surprise, they lied and it's still the (1)

fustakrakich (1673220) | about 6 months ago | (#46622559)

It is a calculated risk, and maybe out of habit.

Re:Surprise surprise, they lied and it's still the (4, Insightful)

erikkemperman (252014) | about 6 months ago | (#46623431)

The only question is WHY DO THEY GO ON RECORD with the bullshit denials?

It is a calculated risk, and maybe out of habit.

Somewhere along the chain of command, though, the denials do become true. A good underling knows when to grant his masters the ultimate in plausible deniability by simply not filling them in on certain matters.

Re:Surprise surprise, they lied and it's still the (3, Insightful)

Wootery (1087023) | about 6 months ago | (#46624031)

A good underling

Good for whom, exactly?

Re:Surprise surprise, they lied and it's still the (4, Insightful)

interkin3tic (1469267) | about 6 months ago | (#46622571)

I'm guessing it's because they honestly believe what they are doing is necessary to keep America safe. To the point that they think lying to the people who are supposed to be overseeing them is necessary for the greater good.

Which is terrifying. Give me all the cynical, greedy, lying, corrupt asshole politicians you want. Just please, don't put zealots in power.

Re:Surprise surprise, they lied and it's still the (4, Insightful)

fuzzyfuzzyfungus (1223518) | about 6 months ago | (#46622845)

Anyone who falls into that belief might as well be written off and put up against the wall, second in line to the people who believe that their own possession of arbitrary power is the only way to ensure the nation's safety. They can go first.

Re:Surprise surprise, they lied and it's still the (1)

Aighearach (97333) | about 6 months ago | (#46623063)

And when their culture of lies and secrecy was started, in WWII when we'd secretly broken our enemies codes, it might have even been true.

Re:Surprise surprise, they lied and it's still the (-1)

Anonymous Coward | about 6 months ago | (#46623175)

So you admit that the American people, as well as civilians and private companies across the globe, are seen as dangerous enemies of the US government?

Re:Surprise surprise, they lied and it's still the (1)

Rinikusu (28164) | about 6 months ago | (#46623747)

Probably also because they had a vew "backroom" visits by the NSA who explained quite clearly that revealing or admitting to this sort of behavior will quickly get them thrown into a federal PMITA prison instead of a cushy white-collar prison. How many "hackers" have been "accidentally" put into a "real" prison who end up getting beaten nearly to death and viciously raped because they pissed off a particularly vindictive DA? (I can remember at least one. And there only needs to be one...)

Re:Surprise surprise, they lied and it's still the (0)

Anonymous Coward | about 6 months ago | (#46623883)

I'm guessing it's because they honestly believe what they are doing is necessary to keep America safe.

Funny thing is that a lot of Democrats feel that way. And Hitler honestly believed he was making Germany better by eliminating all the Jews.

Whenever there is a section of government that isnt held accountable then its going to create tyranny. The only question is "how long will that take".

Re:Surprise surprise, they lied and it's still the (1)

mbkennel (97636) | about 6 months ago | (#46623947)

| The only question is WHY DO THEY GO ON RECORD with the bullshit denials?

Because they'd be put in federal prison---no parole system, extremely long sentences---if they don't. This is not an exaggeration, they were obviously forced to agree to certain national security requirements, and this is what they mean.

The USA is slightly kinder than the equivalent in China or Russia (and there's no doubt they do just as much, but no defectors)---you'd get a multiple-gunshot suicide and polonium in your tea.

we must end this jewish problem once and for all (-1)

Anonymous Coward | about 6 months ago | (#46622451)

america is for americans not israelis or mexicans.

Re:we must end this jewish problem once and for al (-1)

Anonymous Coward | about 6 months ago | (#46622679)

America is a land of immigrants, unfortunately you're an ignorant.

Re:we must end this jewish problem once and for al (-1)

Anonymous Coward | about 6 months ago | (#46623321)

It's also a land of spies and surveillance. deal with it, faggot.

Re:we must end this jewish problem once and for al (-1)

Anonymous Coward | about 6 months ago | (#46622911)

america is for americans not israelis or mexicans.

So, America is for Native Americans?

Re:we must end this jewish problem once and for al (2, Insightful)

Dishevel (1105119) | about 6 months ago | (#46623243)

It was. Then they lost that war.

Re:we must end this jewish problem once and for al (-1)

Anonymous Coward | about 6 months ago | (#46623351)

Illegal immigration didn't work out too well for them, did it?

Re:we must end this jewish problem once and for al (1)

Dishevel (1105119) | about 6 months ago | (#46623739)

Nope. :)

It worked out well for us though.

Re:we must end this jewish problem once and for al (5, Insightful)

Ziest (143204) | about 6 months ago | (#46622915)

America today is NOT the country my ancestors fled Eastern Europe for nor is it the country my wife and I grew up in. America is now a country run for the benefit of the wealthy, the privileged and the corporations. The CIA, NSA, FBI, DEA, etc. now exist to keep the powerful in charge and to detect and eliminate any movement that will challenge the status quo. Google "Green is the new Red"

Re:we must end this jewish problem once and for al (0, Insightful)

Anonymous Coward | about 6 months ago | (#46622969)

Go google the revolutionary war and see who was running the country back then. Wealth, privileged corporate owners.

Re:we must end this jewish problem once and for al (0)

Aighearach (97333) | about 6 months ago | (#46623085)

While there are legitimate problems, I don't think derping all over yourself offers any sort of solution, alternative, or progress.

If you can't beat 'em, join 'em (0)

Anonymous Coward | about 6 months ago | (#46622473)

Why do you think encryption was taken off the export controls list in the late 90s? It wasn't just out of the goodness of their hearts, people.

Re:If you can't beat 'em, join 'em (1, Flamebait)

flyingfsck (986395) | about 6 months ago | (#46622531)

Why? Because the Yanks realized that the European encryption tools are stronger than the American and they wanted people to use their inferior algorithms. That is why. Any self respecting computer Geek knew that all along.

Re:If you can't beat 'em, join 'em (1)

fustakrakich (1673220) | about 6 months ago | (#46622585)

...European encryption tools are stronger than the American...

How do you know this??

Re:If you can't beat 'em, join 'em (5, Interesting)

TheCarp (96830) | about 6 months ago | (#46622725)

How? Easy for me, I was alive and paying attention.

The problem wasn't so much that good tools from American sources were unavailable, they were just subject to onerous restrictions, that made it hard to distribute. So producers of software were stuck either producing an "international" version which was easy to distribute and download, but had restrictive key length limits and a seperate, harder to download version for the US.

So yes, European tools were generally better, because they were not under such restrictions, and worked just fine in or outside the US. A lot of people in the US even used pgp "international" version just because it was easier.

It really was little more than a lame attempt to stuff a genie back in a bottle; after the bottom was smashed off. The ONLY thing it served to do was make the US into a laughing stock.

Re:If you can't beat 'em, join 'em (-1)

Anonymous Coward | about 6 months ago | (#46622919)

How do you know this??

How? Easy for me, I was alive and paying attention.

So you have no proof beyond your own ego? How disappointing, I was looking forward to an alternative. Looks like RSA it will stay for now.

Re:If you can't beat 'em, join 'em (2)

fustakrakich (1673220) | about 6 months ago | (#46622995)

So yes, European tools were generally better, because they were not under such restrictions...

Yes, they are better than the crippled exportable versions, but you still don't know if they've been compromised. You are speculating. Unless you have some kind of security clearance, you don't know as a fact if all publicly available encryption doesn't have a built in backdoor, as future documents might indicate. The tin hatters are looking a little less crazy every day as their suspicions become vindicated.

Re:If you can't beat 'em, join 'em (1)

TheCarp (96830) | about 6 months ago | (#46623305)

You are correct but I don't see how that is relevant. Yes, just about any software you choose to use COULD be backdoored. In fact, even having the source doesn't protect you from clever attacks that are well hidden.

The point remains, which is the point that was being made, and you responded to, that these international versions which were crippled actually made use of algorithms and key lengths that were already too weak to be recommended. THAT was the direct result of regulation, and the ONLY thing it was effective at doing. It certainly didn't prevent the worldwide dissemination of strong encryption tools...that happened in spite of their efforts.

Another effect, which I failed to mention, is that often the decision in the face of the restrictions was not to produce a US and crippled international version, but to JUST make the crippled exportable version.

Re:If you can't beat 'em, join 'em (0)

Anonymous Coward | about 6 months ago | (#46622811)

It's right in the summary! US encryption tools have been deliberately weakened by the NSA and as far as we know, European encryption tools haven't.

Re:If you can't beat 'em, join 'em (0)

Anonymous Coward | about 6 months ago | (#46622869)

It's right in the summary! US encryption tools have been deliberately weakened by the NSA and as far as we know, European encryption tools haven't.

Critical words there.

Re:If you can't beat 'em, join 'em (1)

NatasRevol (731260) | about 6 months ago | (#46622985)

It should be 'relatively' easy to see if the NSA put people into place to 'adjust' the European standards like they did the American standards.

Re:If you can't beat 'em, join 'em (1)

WillAffleckUW (858324) | about 6 months ago | (#46623457)

Oh, trust me, GCHQ and the other agencies weakened your protocols as well.

Ask not what you can do for your corporation, ask only how high should you jump, sheeple.

Re:If you can't beat 'em, join 'em (1)

Aighearach (97333) | about 6 months ago | (#46623107)

I hate to go all Rumsfeldian on you, but a known known does not negate a known unknown. We already know we don't know what Europe did.

We simply need more public intelligence in order to convert the known unknown to a known known before we can make any judgements about which is better, or even the ways that they may be different.

Re:If you can't beat 'em, join 'em (1)

Anonymous Coward | about 6 months ago | (#46623607)

If it's not American then it cannot be trusted. Europeans are just just a bunch of passive aggressive socialist nanny-state lovers.

Re:If you can't beat 'em, join 'em (-1)

Anonymous Coward | about 6 months ago | (#46623559)

Europeans are pussies

Re:If you can't beat 'em, join 'em (0)

Anonymous Coward | about 6 months ago | (#46623079)

Because US businesses were finding out that virtually everyone else was working on encryption that was useful, and it would have locked American companies from being able to compete in the expanding Internet bubble.

One reason why DVD got cracked so quickly was due to ITAR and the short bit length of the crypto involved.

April Fools (-1)

Anonymous Coward | about 6 months ago | (#46622489)

YHBT.

(It's already April 1st in Australia, so all stories posted in the next 36 hours or so are automatically suspect.)

p.s. Fuck beta.

Re:April Fools (-1)

Anonymous Coward | about 6 months ago | (#46622957)

then chuck another shrimp on the bar-b mate. G'day.

Sales plummeted (5, Interesting)

spacepimp (664856) | about 6 months ago | (#46622495)

I can only hope that this sort of bullshit maneuver by RSA reflects both globally and in the USA with respect to sales. Name one Government willing to buy this equipment any longer? 10 M compared to what they're going to lose now is nothing.

Re:Sales plummeted (5, Insightful)

Anonymous Coward | about 6 months ago | (#46622547)

I can't imagine why anybody anywhere would ever invest in proprietary crypto software.
The risk is too great to just take your vendor's word.

Re:Sales plummeted (2, Insightful)

NatasRevol (731260) | about 6 months ago | (#46623021)

So your solution is what? Build your own crypto software?

Should every company and person wanting to have encrypted communications do this too?

Do you trust your compiler? Or your hardware?

Re:Sales plummeted (0)

Anonymous Coward | about 6 months ago | (#46623345)

Ken Thompson has personally assured me he will not hack my compiler. Siri is the real threat.

Re:Sales plummeted (2, Informative)

Anonymous Coward | about 6 months ago | (#46624069)

So your solution is what? Build your own crypto software?

Use open source implementations of the established standard algorithms, with many eyes on them.

Should every company and person wanting to have encrypted communications do this too?

Yes. Proprietary software should have zero market share in this area. It's too important.

Do you trust your compiler? Or your hardware?

Yes, I do, but you don't have to.
If you're very very paranoid, use the "countering trusting trust" techniques.

Re:Sales plummeted (1)

Charliemopps (1157495) | about 6 months ago | (#46622577)

The problem is, given their resources and drive to spy, I doubt there's an alternative that hasn't been targeted by them.

Re:Sales plummeted (0)

Anonymous Coward | about 6 months ago | (#46623395)

I can only hope that this sort of bullshit maneuver by RSA reflects both globally and in the USA with respect to sales. Name one Government willing to buy this equipment any longer? 10 M compared to what they're going to lose now is nothing.

Yes, you should definitely buy European crypto software instead. They certainly don't have a history of state and industrial espionage abetted by their national intelligence services. </sarcasm>

Goverments + Crypto == unsecure (0)

Anonymous Coward | about 6 months ago | (#46622511)

that is why you don't want to have goverments around the world involved in any crypto

Fookin' NSA! (0)

Anonymous Coward | about 6 months ago | (#46622513)

No wonder world's confidence in American tech companies has dropped more than sharply!

Desensitizing the masses (5, Interesting)

wjcofkc (964165) | about 6 months ago | (#46622659)

I can't help but wonder...

When the acts of the NSA first came to light as we now know them, there was outrage not just from the tech sector, but from the general population as well. As these stories continue coming at a steady and regular pace, I still see outrage over the infringement of our rights - and the understanding of the general slippery slope creepiness of it - from those technically inclined. But less and less are the major outlets making a fuss, and even when the general population catches wind of each new story it is increasingly met with a sarcastic, "Gee, didn't see that coming." and a shrug of the shoulders. Is the possibility of a tipping point in favor of our rights being eliminated be the increasing apathy of the greater people toward these issues? I suspect we are on the losing side. I suspect that as the stories come out, and people in general not only become desensitized - but worse, it becomes the norm. In becoming the norm it will balloon to scales and scopes unimaginable. I feel we will reach a point where the majority of people will have forgotten that it was ever any other way. Even as it continues to get worse, they will continue to forget.

Re:Desensitizing the masses (2)

wiredlogic (135348) | about 6 months ago | (#46622733)

It is unfortunate that the popular media does what it does these days and ignores "boring" news in their chase to find the next hot story. Still, this is an election year and the Snowden revelations will likely come back to the foreground as candidates pander for votes, especially with the GOP fractured, having no real consensus on how to sell themselves.

Re:Desensitizing the masses (1)

stevez67 (2374822) | about 6 months ago | (#46623099)

They know how to sell themselves ... it involves large bags of unmarked currency and plausible deniability.

Re:Desensitizing the masses (1)

TheCarp (96830) | about 6 months ago | (#46622781)

"...Depression, strife, riots, murder, all this dread. We're irresistibly drawn to that almost orgiastic state created out of death and destruction. It's in all of us. We revel in it. Sure, the media tries to put a sad face on these things, painting them up as great human tragedies. But we all know the function of the media has never been to eliminate the evils of the world, no. Their job is to persuade us to accept those evils and get used to living with them. The powers that be want us to be passive observers. Hey, you got a match?"

Re:Desensitizing the masses (5, Insightful)

neiras (723124) | about 6 months ago | (#46622823)

Government organizations like the NSA are playing a long game. If one generation is desensitized, the next will be uncaring as long as basic needs and a sense of freedom are preserved.

They are winning, and even if we form long-lived organizations to fight them on their terms they will undermine until those organizations are publicly ridiculed and useless. Individuals who speak up will be tarred as "activists", "protestors", and later "traitors". They have the upper hand and there's no way to get it back without an actual war, which no one wants.

They are winning.

This began a long time ago. In two generations they will have won.

Re:Desensitizing the masses (1)

ewieling (90662) | about 6 months ago | (#46623043)

The only way to win is to not play the game. Unfortunately most people won't stop playing the game. They won't stop using the internet and won't stop using credit/debit cards. I am slowly weaning myself off the internet. At this point I use the internet around 90% less than before the Snowden revelations. I can't seem to give up that last 10% (which includes).

Re:Desensitizing the masses (1)

wjcofkc (964165) | about 6 months ago | (#46623181)

I agree. I wonder, yet also dare not wonder, what will become of those of us (a lot of people here) who will never be able to stop seeing the forest through the trees. Complacency from fear? Revolutionaries? Found out by technology that can spot us and executed? Perhaps all three where option two may be impossible.

Re:Desensitizing the masses (2)

Aighearach (97333) | about 6 months ago | (#46623191)

The pendulum swings both directions. I recommend thinking bigger.

Re:Desensitizing the masses (3, Insightful)

Anonymous Coward | about 6 months ago | (#46622827)

You could write a series of books on why this occurs but in a nutshell it comes down to this:

What are you (we) going to do about it?

Sure "we" could all get together an elect people to "fix" things. That will never happen. Your special interest isn't the most important thing to everyone and most people vote based on a few select issues. Making sure this issue is everyone's core issue is impossible. Gay rights, women rights, abortion, religion, gun rights, taxes, welfare, etc are generally more important to those affected. Candidates can't run on only one issue so they must decide their stance or non-stance on each issue. Each of these decisions will alienate voters. The system creates two parties that bicker and can only focus on a few problems at a time. These problems are highly influenced by what the media focuses on. Read into that what you want.

Re:Desensitizing the masses (1)

Aighearach (97333) | about 6 months ago | (#46623177)

The idea of Greenwald was to trickle the stories out so they last years and he can get the most attention for his career. That started with 3-6 months of lies, where poorly written and misleading training PDFs were paraded out before they even started to trickle the documents talking about actual programs. Of course that reduced the effectiveness of the leaks to inform the public. That is a no-brainer.

It won't "become" the norm, it is the norm, and it already was the norm.

Many of us who are "on the left" were warning of all this when the "Patriot Act" was first proposed; it is not some secret thing the NSA did. It is something that Congress did right in public, put the permissions right into law, and wishy-washy voters just said, "ah, gee, we can trust `em" even though their next sentence was, "drown the government, the government only can do evil, blah blah blah."

Re:Desensitizing the masses (3, Insightful)

Jiro (131519) | about 6 months ago | (#46623393)

Reeasing things in dribs and drabs has benefits, though. It probably keeps the public's interest more than releasing the whole thing as a lump; even if public interest is down because of exhaustion, it's probably not as far down as it would be if nothing had been released in a year.

The other reason is that it makes it harder for the government to lie. If you release a document, the government can't lie and deny it because they don't know that maybe tomorrow you'll release a document that could expose the lie. If you release the whole thing in a lump, they could just carefully tailor the lie to match the existing releases.

Thank goodness for open-source alternatives (3, Informative)

mrflash818 (226638) | about 6 months ago | (#46622711)

So those that know how, can test and verify open-source alternatives are cryptographically secure, not back-doored, and safe for people to use.

Re:Thank goodness for open-source alternatives (4, Interesting)

cryptizard (2629853) | about 6 months ago | (#46622951)

Open-source doesn't help for shit in this situation. Dual_EC_DRBG was an open standard, all the details were public. The problem is that, with cryptographic algorithms, only a handful of people in the entire world are qualified to say whether something might or might not be secure. And even if there is a problem, it might go for years without being found.

Proving trust (1)

sjbe (173966) | about 6 months ago | (#46622961)

So those that know how, can test and verify open-source alternatives are cryptographically secure, not back-doored, and safe for people to use.

Simple question. Since I don't know or trust any of those people doing the evaluation of the open source alternatives, exactly how do you propose I trust that they are not back-doored as well? It's not a trivial question. I am not a software developer nor am I a cryptography expert. No one I know fits both categories either. Open source stuff could be absolutely riddled with holes and I'd have really no way to know. Even if numerous parties declare it safe, how can I be certain the compiled copy hasn't been tampered with?

Re:Proving trust (1)

Anonymous Coward | about 6 months ago | (#46624101)

Even if numerous parties declare it safe, how can I be certain the compiled copy hasn't been tampered with?

MD5.

Times have changed (4, Insightful)

PvtVoid (1252388) | about 6 months ago | (#46622757)

Remember when the NSA was secretly changing widely-used crypto algortithms to make them stronger? I'm thinking of the DES sbox and differential cryptanalysis [wikipedia.org] .

One thing's for sure, RSA is toast. They can issue all the denials they want. Nobody's ever going to trust them again.

Re:Times have changed (0)

Anonymous Coward | about 6 months ago | (#46622821)

I'm thinking that is how it was sold to the people up the chain making the decisions. Remember how we added those apparently random things that made it better? How bout we add random things that make it easier for us, but people assume we're doing the opposite?

Re:Times have changed (0)

Anonymous Coward | about 6 months ago | (#46623295)

Yet the NSA got accused of weakening DES just the same, since the sboxes were modified, but no explanation was given since the technique was modified.

Its hard to trust people with questionable motives.

Re:Times have changed (0)

Anonymous Coward | about 6 months ago | (#46623731)

Actually, I think the NSA both strengthened and weakened DES at the same time.
They made it stronger by fixing the S-Boxes which would have rendered the system entirely broken within days of the technique being discovered.
They made it weaker by lowering the key length from 64 bits to 56 bits (and the NSA tried to lower it to 48 bits!).
So a fair analysis would be the NSA un-broke it, but made it weaker. This seems to be in character of what we know today too.

Re:Times have changed (1)

thue (121682) | about 6 months ago | (#46623313)

Meh - NSA at the same time asked them to use a too short key length. And it was an open secret for a long time that NSA could brute-force it. https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:Times have changed (2)

MisterBlue (98835) | about 6 months ago | (#46623757)

I think this is the basis of Snowden's disagreement with the NSA -- the NSA could have taken a defensive mode and worked to make the country and its people more secure but it instead took an offensive mode and made crypto-weaker and found software bugs and used them to break in rather than working to have them fixed. The long term effect if this choice is a less secure country and a country with a shit reputation.

Mole in Mozilla / "Eric Rescorla" ? (3, Interesting)

burni2 (1643061) | about 6 months ago | (#46622877)

I think Mozilla needs to be cleaned of moles and it seems "Eric Rescorla" is one of them, and look where he is active:

https://tools.ietf.org/html/dr... [ietf.org]

-- snip from reuters story -- .. Information Assurance Directorate, and an outside expert named Eric Rescorla.

Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
-- snip --

Re:Mole in Mozilla / "Eric Rescorla" ? (0)

Anonymous Coward | about 6 months ago | (#46623023)

-- snip from reuters story -- .. Information Assurance Directorate, and an outside expert named Eric Rescorla.

I bolded the other interesting thing. NSA has a dual mandate - pwn Their(tm) boxen, and secure Our (i.e., American) boxen. Information assurance is the part of the organization that's (supposed to) secure American IT assets.

But if the IAD is the whitehat side of NSA, supposedly tasked with securing our boxen against the forein h4xor h0rd3s, and they're into this up to their necks, it raises an interesting question: whether or not (a) IAD participated willingly, (b) IAD, as a sub-organization, was deemed not to have a need to know that NSA, at a higher level, had decided to compromise the information assurance portion of NSA's dual mandate. That is, did NSA, for lack of a better word, "compromise" IAD? And if that's the case, was it done with or without the knowledge of the rest of NSA's chain of command?

I don't have a need to know, but I sure have a want to know. I hope I'm around in the 2040s when it's all declassified.

Re:Mole in Mozilla / "Eric Rescorla" ? (0)

Anonymous Coward | about 6 months ago | (#46623839)

"7. Security Considerations Everything in this document needs further analysis to determine if it is OK."

Not just the tip? (0)

Anonymous Coward | about 6 months ago | (#46622903)

They said it was just going to be foreplay!

Still don't know what everyone's complaining about (-1)

Anonymous Coward | about 6 months ago | (#46622909)

I know I'm in the minority on this one, but I really don't see a problem with this. People voluntarily hand over every detail of their personal lives to Facebook, Apple and Google every single day. Why are they shocked that the NSA uses this same data for tracking? I'd be a lot more worried about private companies having access to data.

The only people I've seen vociferously complaining about the NSA spying, in my eyes, are the anti-government privacy nuts hopping up and down screaming about the vast conspiracy against them. If people are legitimately concerned, they have to have a more coherent, controlled voice and a rational argument against it.

Re:Still don't know what everyone's complaining ab (0)

Anonymous Coward | about 6 months ago | (#46623031)

The NSA has not been authorized to cryptanalyze American traffic, only foreign.
They have no business weakening American cryptography.

Re:Still don't know what everyone's complaining ab (0)

Anonymous Coward | about 6 months ago | (#46623059)

Because it's not the same data, you idiot.

Re:Still don't know what everyone's complaining ab (1)

lister king of smeg (2481612) | about 6 months ago | (#46623065)

I know I'm in the minority on this one, but I really don't see a problem with this. People voluntarily hand over every detail of their personal lives to Facebook, Apple and Google every single day. Why are they shocked that the NSA uses this same data for tracking? I'd be a lot more worried about private companies having access to data.

Because the people using these algorithoms arn't the ones handing out all of their information and often the information isn't theirs to hand out, for example medical institutes use them to store your information they need it you need them to have it but it is not suposed to be public or shared knowledge.

Additionally just because many people do throw all of their info at facebbok and google does not mean everyone does or that anyone should. I for example use encryption wherever possible, I use pgp to sign nearly all of my email and enrypt with others that uses it, I uses ssh to proxy much of my traffic to secure it and to keep my location privet to me. I don't share my every detail of life with every corpration on the planet. they have no right to my privet data and neither does the government. As for being woried more about the corps than government why? Can corperations arrest and imprison you? If not then you really have screwed up threat assesment abilities.

Re:Still don't know what everyone's complaining ab (1)

ErichTheRed (39327) | about 6 months ago | (#46623525)

As for being woried more about the corps than government why? Can corperations arrest and imprison you? If not then you really have screwed up threat assesment abilities.

This is kind of what I was getting at -- among those more concerned about privacy, everything is part of a vast government conspiracy, and they're lurking behind the next corner just waiting to imprison and torture you. I think the reality is a little different -- the US has become way too diverse even in the last 50 years to allow any one group to gain enough power to do anything major. There's 300+ million people, spread over a huge geographic area, all with different opinions on pretty much everything. Even if you did live in a mountaintop compound stockpiling ammunition for the revolution, no one would bother you unless you start using it on your neighbors. Look at how hard it is to get anything accomplished with a divided Congress...the entire country is polarized like that, and I doubt that will change anytime soon.

Companies having access to your personal data is a little different. There's an incentive to squeeze every last cent out of every single customer interaction now, and I think most people don't realize how much their data is being mined, for whatever reason. I find the increasingly focused ad targeting I've been noticing lately to be a little more invasive than an imagined threat. I'd love it if Google charged a subscription fee instead of using my data as payment for their services, but I guess they make way more from advertisers or they would have offered it as an option by now.

Re:Still don't know what everyone's complaining ab (1)

bigmo (181402) | about 6 months ago | (#46623223)

I can understand your feelings and I don't completely disagree with them either. However I think the issue is that many if not most people have a line they draw where everything beyond it is personal and private and they do not willingly share this information with people unless it's family or very close friends. There have been suicides over people being "outed" for their sexual preference or other intensely personal things. This is bad enough in the hands of normal bullies, but in the hands of government bullies people can be jailed, legitimate governments destroyed and illegitimate governments upheld. Commercial bullies can use secret information to coerce officials into placing outlandish restrictions on our rights as well. I could of course go on and on.

I am under no illusions that we in fact have any sort of real privacy anymore. I know that ended decades ago. However I think that we have the duty to try to make it difficult for those that want to catalog us in every way, reducing our humanity to data points. I for one will continue to try to shovel back the tide, no matter how pointless it may be.

Re:Still don't know what everyone's complaining ab (1)

Anonymous Coward | about 6 months ago | (#46623821)

People voluntarily hand over every detail of their personal lives to Facebook, Apple and Google every single day.

I can refuse to join Facebook, purchase from Apple, and attempt to minimize my contact with Google. I have no such options with respect to the US government; as we have learned, even emigrating wouldn't work.

Just because some Americans don't value their privacy doesn't give the American government the idea to compromise mine.

RSA's name is dirt in the security industry (4, Interesting)

bazmail (764941) | about 6 months ago | (#46623005)

RSA are little more than a government puppet. If you are serious about security, avoid their products.

"RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months ."

lol. Wonder what new broke ~6 months ago.

Re:RSA's name is dirt in the security industry (1)

Anonymous Coward | about 6 months ago | (#46624061)

IS RSA's name, dirt in the info-sec/sec industry? Please! I'd really like to know that's actually the case!

I see headlines here and there on popular tech news sites, and catch the occasional announcement from a high-profile programmer, professor, CEO, or industry leader, but I'm not seeing or hearing the wholesale damnation from an entire industry that I'd expect, given the circumstances. Maybe I'm just not in the right listservs, irc's, or missing specific security news outlets, but I honestly expected tar and feathering to near crucifiction of RSA by now. Sure a few security professional protested the RSA conference, and started their own, but how many people still went to that conference? I'm honestly starting to think there is a fear in the info-sec/sec industry to voice an opinion on this matter. Or rather, the damnation of RSA is best left to the high-profile characters whose name is almost universally without question in the comp-sec industry. Schneier obvious comes to mind, but on something as important as information security confidence, one voice just isn't enough.

FIPS 140-2 4.9.2. The Other Back Door. (5, Interesting)

TechyImmigrant (175943) | about 6 months ago | (#46623097)

I think people are being blinded a bit by the dual_EC_DRBG issue. It makes people think the other 3 DRBG algorithms in SP800-90A are OK.

However if your system implements FIPS140-2 compliance, there's another hole which affects all RNGs within the FIPS boundary. Please read section 4.9.2 of FIPS140-2. You will see this. I call it the FIPS entropy destroyer...

"1. If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated
after power-up, initialization, or reset shall not be used, but shall be saved for comparison with
the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be
compared with the previously generated block. The test shall fail if any two compared n-bit
blocks are equal. "

This will eliminate all adjacent pairs, which would otherwise appear with a frequency dictated by the binomial distribution derived from the bit width of the output and for a 16 bit source, is trivially distinguishable from random with less that 1MByte of output data.

For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

Re:FIPS 140-2 4.9.2. The Other Back Door. (1)

thue (121682) | about 6 months ago | (#46623443)

I agree that the output is not random by the standard definition. And obviously a bad RNG.

But making a practical attack based on that seems unlikely to me.

> For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

Wait what - you designed Intel's RdRand hardware RNG?

So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P

Re:FIPS 140-2 4.9.2. The Other Back Door. (3, Informative)

TechyImmigrant (175943) | about 6 months ago | (#46623795)

>But making a practical attack based on that seems unlikely to me.

Q: If you have a 128 bit 'full entropy' key K[127:0] , how much is the entropy reduce if K[(n*16)+15:(n*16)] K[((n+1)*16)+15:((n+1)*16)] for n in {0..7} ?
A: A lot.

I.E. It reduces the brute force search space by a lot.

Re:FIPS 140-2 4.9.2. The Other Back Door. (1)

Anonymous Coward | about 6 months ago | (#46624005)

A: 128 - 8*log2(65535) = 128 - 127.9998 = 0.0001 bits of entropy.

Not a lot.

Re:FIPS 140-2 4.9.2. The Other Back Door. (2)

TechyImmigrant (175943) | about 6 months ago | (#46624083)

It's more than that by a lot. The min entropy of a composed number isn't the sum of the shannon entropies of the constituent numbers.

I'd post the math here, but I'm a work and my half written book that addresses this is at home.

Re:FIPS 140-2 4.9.2. The Other Back Door. (1)

TechyImmigrant (175943) | about 6 months ago | (#46623991)

>Wait what - you designed Intel's RdRand hardware RNG?
Me and many others. I was the primary designer of the crypto processing hardware which intersects with these specs. My public comments on the specs are here [nist.gov] .

>So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P
No. I say that as a personal statement. I don't speak for my employer in public forums.

I'm in it to improve security of users from all comers. Good RNGs are a prerequisite for good security and in my design philosophy, security wins over slavish compliance to debatable clauses is specs. I'll seek a waiver for not putting in the back door, but I won't knowingly ship an insecure design.

Re:FIPS 140-2 4.9.2. The Other Back Door. (2)

cryptizard (2629853) | about 6 months ago | (#46623451)

The 16 is just a lower limit. Almost every cryptographic RNG has a block size much, much larger so it's no big deal. Many applications rely on the fact that you will not get two blocks from an RNG that are the same so it seems like a good test to me.

Re:FIPS 140-2 4.9.2. The Other Back Door. (2)

TechyImmigrant (175943) | about 6 months ago | (#46623817)

>The 16 is just a lower limit. Almost every cryptographic RNG has a block size much, much larger so it's no big deal.

But it asks for the test to be made at the output. The block size might be 128 or 256 bits, but the output is often less. E.G. RdRand has a block size of 16, 32 or 64 bits. So if you built a FIPS140-2 compliant software stack and didn't want to fight with the certification house and so implemented 4.9.2, it would fail easily at 16 bits and fairly easily at 32 bits.

Re:FIPS 140-2 4.9.2. The Other Back Door. (1)

Anonymous Coward | about 6 months ago | (#46623617)

OK, so instead of 16 bits of entropy on the next block, you get log2(65535) = 15.999978 bits of entropy. This doesn't seem to have much practical impact. On the other hand, you've detected a common hardware error mode from the entropy source.

Re:FIPS 140-2 4.9.2. The Other Back Door. (2)

TechyImmigrant (175943) | about 6 months ago | (#46623861)

But it gives you a set of algebraic equations you can use to attack a key composed of multiple of these values.
key[31:16] != key[15:0]
key[47:32] != key[31:16]
key[63:48] != key[47:32] ...
key[127:112] != key[111:96]

Imagine all the ways you could use these equations to attack they key schedule in a block cipher.

Re:FIPS 140-2 4.9.2. The Other Back Door. (1)

Solandri (704621) | about 6 months ago | (#46624025)

I dunno. I agree it reduces entropy by eliminating adjacent pairs, but the frequency of sequential 16+ bit random numbers being identical is 1/65536. 0.0015% or less. You're losing just a tiny bit of entropy.

OTOH if the RNG breaks for whatever reason and keeps returning the same value, then throwing away identical sequential results would prevent the broken values from passing into the algorithm. It sounds to me more like this is a safeguard against the RNG crapping out, or attack vectors where the RNG is replaced by a call which returns the same value all the time. I mean if you compromised the system's RNG, the encryption software would still function without complaint and pass any binary md5 checksum. But by feeding it a known value instead of a random number, the encryption would be compromised. This requirement makes the software complain (by hanging in a loop) if it's being passed bad random numbers.

Re:FIPS 140-2 4.9.2. The Other Back Door. (1)

TechyImmigrant (175943) | about 6 months ago | (#46624097)

>OTOH if the RNG breaks for whatever reason and keeps returning the same value, then throwing away identical sequential results would prevent the broken values from passing into the algorithm.

Yes, but SP800-90 has proper tests for addressing a crapped out RNG. FIPS140-2 (the enclosing spec) is no place to add ad-hoc tests that reduce the entropy of the output.

Could EMC sue? (2)

real gumby (11516) | about 6 months ago | (#46623109)

EMC paid $2.6B for RSA. Could they sue the NSA for destroying the value of their property? What would be just compensation?

Re:Could EMC sue? (1)

sjames (1099) | about 6 months ago | (#46624057)

No. RSA willingly prostituted itself.

USA Is a discusting country (-1)

Anonymous Coward | about 6 months ago | (#46623367)

Just stop playing sheep. Go and join your brothers from North Korea, hold hands and admit you are a Fucking Communist Regime called U.S.A

Where is the science? (0)

Anonymous Coward | about 6 months ago | (#46623383)

Adding it doesn't seem to provide any security benefits that we can figure out," said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.

Doesn't seem to? How is it SUPPOSED to work? The article says there are papers written on it. So can you reproduce the claims.. or not?
Can we get something a little more sciency sounding?

The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.

Would have? Is it particularly hard to actually verify?

"It's certainly well-designed," said security expert Bruce Schneier, a frequent critic of the NSA. "The random number generator is one of the better ones."

So... there's a lot I don't understand about cryptography, but I'll go out on a shorter limb and suggest this "news" is a lot stupider than it sounds.

The NSA is what it is, whatever your feelings on the field of intelligence work, but I really doubt something known to be crackable in an hour is going to be seriously recommended for use within our government. The U.S. Government is HUGE. There is no such thing as "Hey y'all, we think you should use this spiffy new crypto algorithm", "OK boys, heyuck, make sure you don't use that broke ass new algorithm we just told everyone about".

If it's in the FIPS standard, everybody and their mother will use it within the government, period. IDK, forgive me if I feel things might be played up a bit. I mean the $10 mil figure... that's what it costs for big boys to have some enterprise software tweaked to their preference. That's not the rate you'd pay for a big company to compromise their integrity.

Use of the past tense - Infiltrated (1)

WillAffleckUW (858324) | about 6 months ago | (#46623437)

I think you fail to understand how deep the rabbit hole goes, Neo.

Deeper than *I* imagined? (1)

maliqua (1316471) | about 6 months ago | (#46624027)

I can't imagine anything deeper than "balls deep" as i originally assumed the NSA was into RSA. This leaves me dumbfounded I have written the NSA and asked for schematics on how they managed to get past balls deep, how much further they went, and did they get a whole leg in? did they get past the hips? was there a a device similar to the jaws of life employed in the process?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?