×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

NSA Infiltrated RSA Deeper Than Imagined

thue Re:FIPS 140-2 4.9.2. The Other Back Door. (168 comments)

> 2^128 - 2^112 [...] it's significant, especially if you have a huge data center in Utah.

But 2^128/2^112=2^16=65536

As an upper limit, assume that you remove 100*2^112. But that will still only eliminate 100/65536=0.1% of the search space. Any key that is brute-forceable by NSA with those 0.1% removed is also brute-forceable without those 0.1% of the search space removed.

> What may be worse (I don't know) is the simultaneous equations that it creates that are invariant for keys from such a source. Maybe they could be used in a cryptographic attack to help solve the sorts of attack that try to build big systems of simultaneous equations to attack the key schedule.

Something like this seems slightly more likely. But assuming the bits were perfectly random before the removal of repeated blocks, for finite keys it still doesn't generate anything that couldn't have been generated by chance without the removal of repeated blocks.

about two weeks ago
top

NSA Infiltrated RSA Deeper Than Imagined

thue Re:FIPS 140-2 4.9.2. The Other Back Door. (168 comments)

I agree that the output is not random by the standard definition. And obviously a bad RNG.

But making a practical attack based on that seems unlikely to me.

> For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

Wait what - you designed Intel's RdRand hardware RNG?

So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P

about two weeks ago
top

Dropbox's New Policy of Scanning Files For DMCA Issues

thue Re:Huh? (243 comments)

> And what if there is a hash collision?

Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.

about two weeks ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On the record (99 comments)

I freely admit that I assume they are guilty because of 1) all the damning evidence 2) their refusal to defend themselves.

And I submit that all reasonable persons should assume they are guilty for the same reasons. Assuming they are not guilty would be incredibly stupid.

about a month and a half ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On the record (99 comments)

For starters, they can come clean. All their press releases have been exercises in trying to say as little as possible, and be as misleading as possible whiile still not literally lying. For example, their non-denial of the $10,000,000 deal with NSA had half the press falsely reporting that RSA claimed there never any $10,000,000 deal.

Dual_EC_DRBG has been documented since 2006/2007 to be an insecure CSPRNG, even without the backdoor. I knew about it for example, and I do not even work in that field. The only way nobody at RSA Security (a huge company specializing in security) could not have heard about it is by putting their hands over their ears and yelling LALALA. And they didn't put 2 and 2 together about why NSA paid them $10,000,000 when the possible backdoor was discussed in the media and the cryptographic community?

I can accept that RSA Security might have been fooled in 2004. But they have not even tried to explain why they kept using Dual_EC_DRBG after 2006/2007. They have been caught with the hand in the cookie jar, and refuse to even try to defend themselves. Why should I try to invent explanations for their innocence for them?

> what evidence could RSA show us that would reinstate our trust

The point is that the circumstantial evidence is so hugely strong. This is not unfair - this is reality.

It is like finding you standing over a corpse in a pool of blood and a knife in your hand, with a $10 million payment to your account from the victims worst enemy. And you refusing to talk about how you got there, or why the victim's worst enemy sent you the $10 million. Do you think I have no right to make assumptions in that case?

about 1 month ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:What did you expect? (99 comments)

> What RSA Security has specifically said is that they knew about the backdoor when they made the $10,000,000 deal.

That should of course have been:

> What RSA Security has specifically said is that they didn't know about the backdoor when they made the $10,000,000 deal.

about 1 month ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On the record (99 comments)

Are you referring to this RSA's CTO Sam Curry's "defense", which Mathew Green and Matt Blaze has had so much fun ridiculing? http://blog.cryptographyengine...

RSA Security really haven't made anything close to a coherent defense.

about 1 month ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:What did you expect? (99 comments)

> And the RSA did go on record. They said it wasn't true.

What RSA Security has specifically said is that they knew about the backdoor when they made the $10,000,000 deal. RSA Security has not denied that it turned out there was a backdoor, or that there was a $10,000,000 deal to make Dual_EC_DRBG the default in the BSAFE library.

If you read the keynote from the current RSA Conference, RSA's defense is that they stopped independently creating and verifying the cryptographical algorithms, instead just getting them straight from NIST and ANSI. And they knew or should have known that Dual_EC_DRBG was written by NSA.

> "Recognizing that [after year 2000, open source, non-patented encryption was widely available], and encryption's inevitable shrinking contribution to out business, we worked to establish an approch to standards setting that was based on the input of the larger community rather than the intellectual property of any one vendor. We put our weight and trust behind a number of standards bodies - ANSI X9 and yes, the National Institute of Standards and technology (NIST). We saw our new role, not as the driver, but as a contributor to and beneficiary of open standards that would be stronger due to the input of the larger community."

Meanwhile RSA Security ignored all the independent research showing that Dual_EC_DRBG was radioactive. So RSA Security's defense is that they stopped doing any due diligence, and instead just copied everything straight from NSA. And because they stopped even trying to do independent cryptography, they were not aware of the possible backdoor. And you think RSA Security's statements in their defense are not laughable, and that people protesting this is just "a$$holes"?

about 1 month ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On what basis can you make this demand? (99 comments)

> They can't go and release the details of a confidential contract simply because somebody thinks it contains something it doesn't have.

Given that NSA made the contract in bad faith, is RSA Security still obligated to keep their silence? Maybe, but it seems insane. What RSA Security could say for starters was for example to explicitly confirm that a $10,000,000 contract exists. They haven't even done that.

RSA Security also have not yet given a good explanation for why they ignored the multitude of red flags until 2013. As cryptographer Matthew Green writes:

> So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow -- which has real performance implications -- it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing. And the killer is that RSA employs a number of highly distinguished cryptographers! It's unlikely that they'd all miss the news about Dual_EC.

If RSA Security makes secret contracts that impacts other people's security, I don't see why RSA Security should get any benefit of the doubt. Why should we trust a company cloaked in secrecy who has shown themselves to be overwhelmingly incompetent and/or malicious?

about 1 month ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:What lie? (99 comments)

> There's zero evidence that RSA knew about the weakness when accepting the money to include the algorithm in their products.

It is possible that RSA Security was not aware of the possible backdoor in 2004, though unlikely. But that in no way excuses or explains why RSA security kept using the algorithm after the flaws became apparent and widely known in 2006 and 2007: http://blog.cryptographyengine...

about 1 month ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue RSA considered Dual_EC research without merit? (99 comments)

Jeffrey Carr has a good point from the RSA Conference keynote:

> "When, last September, it became possible that concerns raised in 2007 might have merit as part of a strategy of exploitation, NIST as the relevant standards body issued new guidance to stop the use of this algorithm. We immediately acted upon that guidance, notified our customers, and took steps to remove the algorithm from use." - Art Coviello RSAC 2014 Keynote speech

So up until then, they apparently considered all the criticism of RSA security without merit? On what basis? The research was obviously right.

http://jeffreycarr.blogspot.dk...

If you read a bit more in the actual keynote, there is actually an unexpectedly frank explanation:

> "Recognizing that [after year 2000, open source, non-patented encryption was widely available], and encryption's inevitable shrinking contribution to out business, we worked to establish an approch to standards setting that was based on the input of the larger community rather than the intellectual property of any one vendor. We put our weight and trust behind a number of standards bodies - ANSI X9 and yes, the National Institute of Standards and technology (NIST). We saw our new role, not as the driver, but as a contributor to and beneficiary of open standards that would be stronger due to the input of the larger community."

But they ignore most of the input of the larger community, in favor of taking $10,000,000 from NSA to use their backdoored algorithm.

What we have seems to be standard exploitation of a valuable acquired brand which is no longer profitable. Take a high-quality brand with an outstanding reputation for independent quality checking. Fire everybody skilled (and expensive), and sell as many cheap commodity products under that brand as you can get away with, with as little expensive quality control as possible. Their claim is that they expected to get the quality control for free from NIST, which they knew was dominated by the NSA. Meanwhile, RSA Security choose to totally ignore any contradicting independent research.

Personally I believe the amount of incompetence and cluelessness claimed by RSA Security as defense strains credulity beyond breaking point.

about 1 month ago
top

Portal 2 Beta Released For Linux

thue Re:Steam Linux (99 comments)

There are lots of Linux titles, but they are mostly indie games. Indie games don't seem to have any problem posting to Linux.

Go buy some Humble Bundles - most games in those have Linux support (and Steam keys).

about 2 months ago
top

Why Your Phone Gets OTA Updates But Your Car Doesn't

thue Re:Umm safety? (305 comments)

Obviously the update should not be applied while the car is turned on... car companies are not that stupid.

about 2 months ago
top

Finnish Police Board Wants Justification For Wikipedia's Fundraising Campaign

thue PDF file... in Finnish (252 comments)

Did the summary just link to a PDF file... in Finnish? It wasn't enough that the same file was already linked from the mail article, but was judged useful enough to link from the summary? Really?

The trick to good linking is to avoid overlinking, to avoid confusing the reader. This summary fails.

about 2 months ago
top

Chinese Moon Rover Says an Early Goodnight

thue Kung-fu? (284 comments)

> The shi-fu ('kung-fu masters,' meaning the scientists and engineers)

According to Wikipedia, shifu means master craftsman. Though that obviously also covers kung-fu masters, I don't think that is what the Chinese were alluding to!

I think somebody has been watching too many Hong Kong kung-fu movies.

about 3 months ago
top

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

thue Floppy disks? (232 comments)

Being limited by floppy disk support requirement sounds like a bad joke. Is that really relevant for any computer which is not hopelessly antiquated in 2014? For reference, Apple stopped shipping floppy disk drives by default in 1998.

about 3 months ago
top

Is Earth Weighed Down By Dark Matter?

thue Betteridge's law of headlines (247 comments)

"Any headline which ends in a question mark can be answered by the word no."

about 3 months ago

Submissions

top

Climate Science: Scepticism's limits

thue thue writes  |  more than 4 years ago

thue (121682) writes "There is a good article over at The Economist where they pick apart a specific claim that climate change is all a hoax manufactured by scientists. The Economist then goes on to note that "So, after hours of research, I can dismiss Mr Eschenbach. But what am I supposed to do the next time I wake up and someone whose name I don't know has produced another plausible-seeming account of bias in the climate-change science? [...] So for the time being, my response to any and all further "smoking gun" claims begins with: show me the peer-reviewed journal article demonstrating the error here. Otherwise, you're a crank and this is not a story." Which is an excellent point in the current everything-goes debate."
Link to Original Source

Journals

thue has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...