Forgot your password?

Dual_EC_DRBG Backdoor: a Proof of Concept 201

Posted by Soulskill
from the this-is-how-we-do-it dept.
New submitter Reliable Windmill sends this followup to the report that RSA took money from the NSA to use backdoored tech for random number generation in encryption software. From the article: "Dual_EC_DRBG is an pseudo-random number generator promoted by NIST in NIST SP 800-90A and created by NSA. This algorithm is problematic because it has been made mandatory by the FIPS norm (and should be implemented in every FIPS approved software) and some vendors even promoted this algorithm as first source of randomness in their applications. If you still believe Dual_EC_DRBG was not backdoored on purpose, please keep reading. ... It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed. It is obviously complete madness to use the reference implementation from NIST"
This discussion has been archived. No new comments can be posted.

Dual_EC_DRBG Backdoor: a Proof of Concept

Comments Filter:
  • by Anonymous Coward on Wednesday January 01, 2014 @04:01PM (#45839139)

    Please, people who understand EC properly, verify & reproduce this ASAP. If so this is yet another thing (one the BIGGEST things) the NSA has denied about the content of the Snowden leaks.

    Plus RSA needs to really step up and be honest about just what occurred inside their walls wrt. FIPS and this algorithm.

    At this point, I think the longstanding rule that 'only a fool writes his own crypto' is getting weaker.. I would amend it to "only a fool writes his own crypto, or uses ones supplied by anyone without full, independent audit and full control over magic constants..."

    Captcha: bilked

  • Re:YES! (Score:5, Insightful)

    by Will.Woodhull (1038600) <> on Wednesday January 01, 2014 @04:24PM (#45839283) Homepage Journal

    For a start, we could at this point reasonably demand that everyone who has accepted a salary from NSA be branded on the forehead with a scarlet letter, so that anyone with any sense would know not to hire them for any position involving trust. Let them work as street sweepers. As persons who sort garbage into different recycling streams. We know these persons cannot be trusted. Identify them, remove them from their current jobs, and place their names on a very public list of persons who cannot be entrusted with anything, in any endeavor.

    There needs to be some amount of personal responsibility in the NSA, yet with the obvious exception of Snowden, there is no evidence of any such thing. One good place to start is to hold those who were involved in creating this monster accountable for ethical / moral turpitude.

  • by sjames (1099) on Wednesday January 01, 2014 @05:01PM (#45839533) Homepage

    But looking at it from a motivation standpoint, only option 3 would be worth paying $10 million for.

  • Re: Hmmm (Score:5, Insightful)

    by MobSwatter (2884921) on Wednesday January 01, 2014 @05:02PM (#45839541)

    Business Intelligence, for the purpose of corporate espionage. You also have to take into consideration that the NSA does answer to someone, and that someone was corporate sponsored before they were even put on a ballot to be voted on. They were put up to this, and continuance of the program likely has little to do with terrorism as the program has proven fruitless even after intelligence information was given about events prior to them being given/developing these tools but they in fact failed to respond accordingly to prevent them, this includes 9/11.

  • by LazLong (757) on Wednesday January 01, 2014 @06:01PM (#45839907) Homepage

    So, they introduced a backdoor into software that can be/is used to secure US nuclear secrets, in the hopes only they would be able to take advantage of it? This is just another variant of "security through obscurity." Really, really fucking stupid!

  • Re:YES! (Score:1, Insightful)

    by deviated_prevert (1146403) on Wednesday January 01, 2014 @06:04PM (#45839935) Journal

    No you don't. Social media sites like Google+ and Facebook vacuum up information about you from everywhere, even things you never intended to be made public like links you've clicked on.

    Which to the NSA is useless information overload, with RSA keys being easily hacked it leads down a completely different path than the average Joe on the net, I would think that the NSA is much more interested in targets of value. The fact is most people who use Google+ or Faceplant have nothing of any real value to be had especially for security agencies. If you are a consumer and all of a sudden your posting habits make advertising money for Brin and Zukerberg who gives a rats ass. Here we are with a bunch of so called information gurus telling us that are consuming habits are a valuable commodity. Personally I listen to Igor Stravinsky and if in watching and listening to a youtube vid suddenly Google comes back and advertises a concert somewhere of a performance of Le Sacre Du Printemps then good for them.

    AND BY THE WAY nice shift off the topic and away from the bastards at the NSA subverting RSA keys and a not so cunning redirect to attack instead Google services as being somehow associated with the information sink hole in Washington that is the NSA.... If however I frequent neo nazi sites and post hate speech on the net then as far as I am concerned being on the radar of the NSA is not that bad a thing...UNLESS OF COURSE I AM A MORON WHITEY TIGHTY BORN AGAIN NAZI MYSELF OR A CLOSET TERRORIST.

    However being much more concerned about my bodily fluids and essences, instead I am against the fluoridation of our precious water and bodily fluids. The encryption key is found in PURITY OF ESSENCE from which all things will be revealed. GOOGLE IS EVIL DON'T FORGET IT only through the use of Microsoft Windows and Bing can true encrypted PURITY OF ESSENCE be acheived. RSA keys the NSA have absolutely nothing to do with this thread. WOOOF

  • by thue (121682) on Wednesday January 01, 2014 @06:12PM (#45839983) Homepage

    You need to read it like a lawyer. Take the first claim for example

    > Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

    Note what is not denied:

    * It is not denied that the contract existed
    * It is not denied that they set Dual_EC_DRBG as default as a result of the contract
    * It is not denied that the contract was secret (they do later deny that their relationship with NSA in general was not secret, which is correct, but does not preclude one contract from being secret)

    They only thing they deny is that they knew that Dual_EC_DRBG contained a backdoor when they made the secret contract to set it as the default.

    The same with their other non-denials.

  • by gargleblast (683147) on Wednesday January 01, 2014 @07:43PM (#45840819)

    They didn't make a "non-denial." It appears to be quite explicit.

    The only thing explicit is that RSA denied a bunch of highly specific scenarios. Let me highlight one word:

    Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries.. We categorically deny this allegation.

    Now change that one word to from "known" to "unknown". Did they deny that?

    Plausible deniability. [] The only truth with a hole in it!

  • Re:Bah (Score:3, Insightful)

    by davidhoude (1868300) on Wednesday January 01, 2014 @10:08PM (#45842059)
    If I am not mistaken, Snowden did not have clearance to access these documents...making your point moot. He used stolen credentials to access the documents, credentials he was able to get due to his role as a sysadmin.
  • by WaywardGeek (1480513) on Wednesday January 01, 2014 @11:12PM (#45842439) Journal

    The crypto email list [] discussed this at length. People chimed in who remember when this happened. Here's my take away: EMC had just bought RSA, and was looking for profits, and many of the best and brightest at RSA had left. The NSA offered $10M to make their RNG the default in BSAFE, and no one at RSA could offer EMC management any compelling argument as to why they should not take the money. RSA issued a press release about it. There was no secrecy. Competitors thought it was foolish to take money from the NSA, and at the same time wondered how they could get onto this gravy train.

    This is a case of typical incompetence. The response RSA published is slimy lawyer crapola. The lawyer sucks as bad as the incompetent EMC management. The good news is that there was no secret deal that RSA agreed to with the NSA to compromise all our security. The NSA did their job well. RSA didn't. I'll just point out that only crypto ignoramuses would accept closed-source un-auditable stuff from anyone when it comes to encryption, IMO. Money corrupts this industry.

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun