Dual_EC_DRBG Backdoor: a Proof of Concept 201
New submitter Reliable Windmill sends this followup to the report that RSA took money from the NSA to use backdoored tech for random number generation in encryption software. From the article:
"Dual_EC_DRBG is an pseudo-random number generator promoted by NIST in NIST SP 800-90A and created by NSA. This algorithm is problematic because it has been made mandatory by the FIPS norm (and should be implemented in every FIPS approved software) and some vendors even promoted this algorithm as first source of randomness in their applications. If you still believe Dual_EC_DRBG was not backdoored on purpose, please keep reading. ... It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed. It is obviously complete madness to use the reference implementation from NIST"
This is pretty freaking huge, if true (Score:2, Insightful)
Please, people who understand EC properly, verify & reproduce this ASAP. If so this is yet another thing (one the BIGGEST things) the NSA has denied about the content of the Snowden leaks.
Plus RSA needs to really step up and be honest about just what occurred inside their walls wrt. FIPS and this algorithm.
At this point, I think the longstanding rule that 'only a fool writes his own crypto' is getting weaker.. I would amend it to "only a fool writes his own crypto, or uses ones supplied by anyone without full, independent audit and full control over magic constants..."
Captcha: bilked
Re:YES! (Score:5, Insightful)
For a start, we could at this point reasonably demand that everyone who has accepted a salary from NSA be branded on the forehead with a scarlet letter, so that anyone with any sense would know not to hire them for any position involving trust. Let them work as street sweepers. As persons who sort garbage into different recycling streams. We know these persons cannot be trusted. Identify them, remove them from their current jobs, and place their names on a very public list of persons who cannot be entrusted with anything, in any endeavor.
There needs to be some amount of personal responsibility in the NSA, yet with the obvious exception of Snowden, there is no evidence of any such thing. One good place to start is to hold those who were involved in creating this monster accountable for ethical / moral turpitude.
Re:is RSA soon an open vault? (Score:5, Insightful)
But looking at it from a motivation standpoint, only option 3 would be worth paying $10 million for.
Re: Hmmm (Score:5, Insightful)
Business Intelligence, for the purpose of corporate espionage. You also have to take into consideration that the NSA does answer to someone, and that someone was corporate sponsored before they were even put on a ballot to be voted on. They were put up to this, and continuance of the program likely has little to do with terrorism as the program has proven fruitless even after intelligence information was given about events prior to them being given/developing these tools but they in fact failed to respond accordingly to prevent them, this includes 9/11.
The NSA is fucking stupid! (Score:5, Insightful)
So, they introduced a backdoor into software that can be/is used to secure US nuclear secrets, in the hopes only they would be able to take advantage of it? This is just another variant of "security through obscurity." Really, really fucking stupid!
Re:YES! (Score:1, Insightful)
No you don't. Social media sites like Google+ and Facebook vacuum up information about you from everywhere, even things you never intended to be made public like links you've clicked on.
Which to the NSA is useless information overload, with RSA keys being easily hacked it leads down a completely different path than the average Joe on the net, I would think that the NSA is much more interested in targets of value. The fact is most people who use Google+ or Faceplant have nothing of any real value to be had especially for security agencies. If you are a consumer and all of a sudden your posting habits make advertising money for Brin and Zukerberg who gives a rats ass. Here we are with a bunch of so called information gurus telling us that are consuming habits are a valuable commodity. Personally I listen to Igor Stravinsky and if in watching and listening to a youtube vid suddenly Google comes back and advertises a concert somewhere of a performance of Le Sacre Du Printemps then good for them.
AND BY THE WAY nice shift off the topic and away from the bastards at the NSA subverting RSA keys and a not so cunning redirect to attack instead Google services as being somehow associated with the information sink hole in Washington that is the NSA.... If however I frequent neo nazi sites and post hate speech on the net then as far as I am concerned being on the radar of the NSA is not that bad a thing...UNLESS OF COURSE I AM A MORON WHITEY TIGHTY BORN AGAIN NAZI MYSELF OR A CLOSET TERRORIST.
However being much more concerned about my bodily fluids and essences, instead I am against the fluoridation of our precious water and bodily fluids. The encryption key is found in PURITY OF ESSENCE from which all things will be revealed. GOOGLE IS EVIL DON'T FORGET IT only through the use of Microsoft Windows and Bing can true encrypted PURITY OF ESSENCE be acheived. RSA keys the NSA have absolutely nothing to do with this thread. WOOOF
Re:Another view on teh RSA / NSA thing... (Score:5, Insightful)
You need to read it like a lawyer. Take the first claim for example
> Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.
Note what is not denied:
* It is not denied that the contract existed
* It is not denied that they set Dual_EC_DRBG as default as a result of the contract
* It is not denied that the contract was secret (they do later deny that their relationship with NSA in general was not secret, which is correct, but does not preclude one contract from being secret)
They only thing they deny is that they knew that Dual_EC_DRBG contained a backdoor when they made the secret contract to set it as the default.
The same with their other non-denials.
Re:Another view on teh RSA / NSA thing... (Score:4, Insightful)
They didn't make a "non-denial." It appears to be quite explicit.
The only thing explicit is that RSA denied a bunch of highly specific scenarios. Let me highlight one word:
Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries.. We categorically deny this allegation.
Now change that one word to from "known" to "unknown". Did they deny that?
Plausible deniability. [wikipedia.org] The only truth with a hole in it!
Re:Bah (Score:3, Insightful)
Re:Another view on teh RSA / NSA thing... (Score:5, Insightful)
The crypto email list [metzdowd.com] discussed this at length. People chimed in who remember when this happened. Here's my take away: EMC had just bought RSA, and was looking for profits, and many of the best and brightest at RSA had left. The NSA offered $10M to make their RNG the default in BSAFE, and no one at RSA could offer EMC management any compelling argument as to why they should not take the money. RSA issued a press release about it. There was no secrecy. Competitors thought it was foolish to take money from the NSA, and at the same time wondered how they could get onto this gravy train.
This is a case of typical incompetence. The response RSA published is slimy lawyer crapola. The lawyer sucks as bad as the incompetent EMC management. The good news is that there was no secret deal that RSA agreed to with the NSA to compromise all our security. The NSA did their job well. RSA didn't. I'll just point out that only crypto ignoramuses would accept closed-source un-auditable stuff from anyone when it comes to encryption, IMO. Money corrupts this industry.