Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Government United States

NSA Official: Supporting Backdoored Random Number Generator Was "Regrettable" 106

Trailrunner7 writes In a new article in an academic math journal, the NSA's director of research says that the agency's decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a "regrettable" choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. "With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable," Wertheimer wrote in a piece in Notices' February issue.
This discussion has been archived. No new comments can be posted.

NSA Official: Supporting Backdoored Random Number Generator Was "Regrettable"

Comments Filter:
  • by Narcocide ( 102829 ) on Wednesday January 14, 2015 @07:00PM (#48815411) Homepage

    Is he sorry that they created a monster or is he just sorry that they got caught and now their credibility is in the trash can?

    • by Anonymous Coward on Wednesday January 14, 2015 @07:04PM (#48815453)

      The later, obviously. And "I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable" What about "criminal"?

      • by penguinoid ( 724646 ) on Wednesday January 14, 2015 @09:25PM (#48816245) Homepage Journal

        "Words cannot express how sorry we are. Next time, we will make sure the backdoor is much less obvious."

      • by BenJeremy ( 181303 ) on Wednesday January 14, 2015 @11:24PM (#48816849)

        The later, obviously. And "I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable" What about "criminal"?

        I think the proper word is "Treasonous"

        In the DoD, the NSA-backed algorithms have been used without question, and in creating a backdoor'd generator, they've compromised our national security.

        • by Required Snark ( 1702878 ) on Thursday January 15, 2015 @10:36PM (#48826795)
          Treason [wikipedia.org] is not the correct term. It refers to betrayal of country.

          In law, treason is the crime that covers some of the more extreme acts against one's sovereign or nation. Historically, treason also covered the murder of specific social superiors, such as the murder of a husband by his wife or that of a master by his servant.

          The correct term is Sedition [wikipedia.org].

          In law, sedition is overt conduct, such as speech and organization, that is deemed by the legal authority to tend toward insurrection against the established order. Sedition often includes subversion of a constitution and incitement of discontent (or resistance) to lawful authority. Sedition may include any commotion, though not aimed at direct and open violence against the laws. Seditious words in writing are seditious libel. A seditionist is one who engages in or promotes the interests of sedition.

          Note the boldface. In this case the "established order" is the rule of law enshrined in the constitution. The NSA has subverted the constitution with warrantless mass surveillance. The Department of Homeland Security (aka Department of Homeland Pork) has ignored the constitutional right to due process with the "no fly list": there is no official way to find out if you are on it or to be removed from the list.

          These actions, along with many current policies, are absolutely unconstitutional. In short, sedition. They betray the constitutional rule of law. Treason typically is the betrayal of one's country to another sovereign entity.

    • He said:

        NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor.

      • by msauve ( 701917 ) on Wednesday January 14, 2015 @07:23PM (#48815543)
        IOW, he wants the perception to be that they wouldn't do the same again. Because, it's lowered their credibility. That doesn't mean they wouldn't do the same thing again, they just want you to think they wouldn't.

        ("Please don't look for more holes in stuff we support. Ignore the man behind the curtain. We're from the government, and we're here to help.")
        • by Euler ( 31942 )

          Exactly. This is not an apology. I read TFA. Somehow, they want to put the horse back in the barn. There was a time that they had a mission to develop technology that was useful to US government agencies, industry, banking interests, etc. I truly respect people who were doing honest work at securing US interests. But there is just no going back, all that work is forever tainted.

    • Is he sorry that they created a monster or is he just sorry that they got caught and now their credibility is in the trash can?

      He's sorry that they continued supporting it after the flaws were discovered. He regrets that they were so obvious.

      • by rtb61 ( 674572 ) on Wednesday January 14, 2015 @09:59PM (#48816431) Homepage

        Worse than they, they had intended to use the power they control to attempt to force the use of it. The real question is how long before other people discovered the flaw were they aware of it and was it the only reason they supported it in the first place. This makes far more sense when you consider they still pushed it once the flaw was discovered, they were already heavily invested in pushing it onto the public exactly because of that flaw, they wanted that flaw. So who originated the work and thus who can not now be trusted as they are very likely an under cover NSA agent. Which brings to the point how many others are out there, how many others are working to break your security, how many others are out there working on entrapment and extortion plans and how many others can not be trusted to touch your hardware because they will touch it in a very naughty way.

        Brings to mind the penalties private corporations have been paying when they have failed to secure the privacy of the public, how many of those were as a direct result of an incursion led by the NSA and basically leaving holes which others have then exploited. Just like the FBI and Lulzsec, most of the damage was done after the FBI took over and were seeking to groom minors into a life of crime, supply the resource, the technology and the targets, so they could what prosecute them or recruit them or as it seems most likely, both.

        The NSA and the FBI and all the rest are going to run into the exact same problem, they are going to end up recruiting privacy invasive perverts who get a kick out of invading the private lives of others, creating that perverted delusion of control over others and that will inevitably reflect upon how the agencies carry out their activities. How the individuals within them will get a sexual kick about invading the privacy of others and how given time that kick will demand greater and greater control and express itself as schemes of extortion, whether to break into other secure data stores, whether to profit or whether to extend that sexual perversion into direct personal molestation.

    • by strack ( 1051390 )
      What hes actually saying is he thinks mathematicians and programmers are stupid enough that he believes its worth his time to bullshit us in writing after the NSA got caught with its hand in the cookie jar . Hes insulting our intelligence. Hes showing us his gaping asshole, telling us its not actually shit, and inviting us to take another sniff.
  • "describe our failure to drop support for the Dual_EC_DRBG algorithm" = as designed

  • by Anonymous Coward

    To ensure it's inclusion as default in RSA products.

    • by Smallpond ( 221300 ) on Wednesday January 14, 2015 @07:33PM (#48815615) Homepage Journal

      To ensure it's inclusion as default in RSA products.

      Yup. $10M to use it as the default encryption mode. They also tried to require it for FIPS certification so pardon my gasps of disbelief.

      • Wanting to include this in FIPS seems to also who an incredibly level of incompetence. Imagine the NSA forcing a backdoor into the crypto algorithm only to have an adversary take advantage of it to have an backdoor into the US government. It's possible that there was a parallel plot to turn this off on every FIPS certified device purchased by US government agencies but given the level of competence that can be found in the bureaucracy it's likely that the whole thing would have backfired. The NSA is luck
  • by pixelpusher220 ( 529617 ) on Wednesday January 14, 2015 @07:03PM (#48815449)
    criminal? fraudulent? subversive?
  • by DoofusOfDeath ( 636671 ) on Wednesday January 14, 2015 @07:12PM (#48815493)

    I'd like to hear him explain his regret in a little more detail. Was it morally wrong? Was it against civil ethics? Was it anti-democratic? Was it illegal? Or was it that they got caught?

    Also, "is regrettable" is basically the passive tense. Does he regret it? Does he thing that the congressional oversight committees are morally culpable for not having stopped it?

    • by rwyoder ( 759998 )

      I'd like to hear him explain his regret in a little more detail. Was it morally wrong? Was it against civil ethics? Was it anti-democratic? Was it illegal? Or was it that they got caught?

      Also, "is regrettable" is basically the passive tense. Does he regret it? Does he thing that the congressional oversight committees are morally culpable for not having stopped it?

      Here is the video: https://www.youtube.com/watch?... [youtube.com]

    • I'd like to hear him explain his regret in a little more detail. Was it morally wrong? Was it against civil ethics? Was it anti-democratic? Was it illegal? Or was it that they got caught?

      He regrets it like he regrets eating that hot chili cheese burrito.

    • Also, "is regrettable" is basically the passive tense.

      At best it's deagentization. Syntax-wise, I don't see anything passive about copulative sentences.

    • You can read what he wrote, it's linked to in the article. Earlier in the article he has an explanation of why the backdoor was left in, that it wasn't an attempt to subvert encryption of the world.

      With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable. The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST’s April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to “undermine Internet encryption.” A fair reading of our track record speaks otherwise.

  • by Anonymous Coward on Wednesday January 14, 2015 @07:12PM (#48815503)

    Parse his words carefully. He never admits that the NSA actually engineered the backdoor into the algorithm, he only states that he regrets supporting the algorithm after other people pointed out it was backdoored.

    This is basically equivalent to the mealy-mouthed apologies you hear from young children after they've done something wrong but absolutely refuse to fess up about it.

    • by DoofusOfDeath ( 636671 ) on Wednesday January 14, 2015 @07:22PM (#48815541)

      I wonder if it would have been a security violation for him to admit it, so this is the best he can do?

    • by stoborrobots ( 577882 ) on Thursday January 15, 2015 @04:23AM (#48817957)

      He never admits that the NSA actually engineered the backdoor into the algorithm, he only states that he regrets supporting the algorithm after other people pointed out it was backdoored.

      It's entirely possible that they did not engineer the backdoor - that might have come from the original creator.

      It's further possible (although I would hope it's not the case) that they did not find the backdoor before it was publicly disclosed.

      Either way, they should have stopped endorsing the algorithm as soon as they knew it was weak, whether that was at public disclosure or earlier.

      That they continued to claim it was secure after it was publicly known to be weak is a complete failure on their part, and they are DEFINITELY culpable for that.

      We BELIEVE that they probably put it there, in which case, they're even more culpable, but we don't know that for certain...

    • by gnasher719 ( 869701 ) on Thursday January 15, 2015 @05:09AM (#48818099)

      Parse his words carefully. He never admits that the NSA actually engineered the backdoor into the algorithm, he only states that he regrets supporting the algorithm after other people pointed out it was backdoored.

      This is basically equivalent to the mealy-mouthed apologies you hear from young children after they've done something wrong but absolutely refuse to fess up about it.

      And you don't understand what actually happened. There is no evidence and there never was evidence that the algorithm had a backdoor. There is evidence that _if_ the NSA had known about the possibility of a backdoor early enough, they _could_ have added a backdoor. There is no evidence that they knew about it early enough, and there is no evidence that they added a backdoor. The NSA _does_ know that nobody else added a backdoor. So they either added a backdoor, or they didn't and know there is no backdoor. There is no evidence either way.

      So nobody has any evidence that they have done anything wrong. They supported this standard for too long, and there are two logical explanations for this: Either because they had added a backdoor and wanted to use it, or because they knew for a fact that there is no backdoor (because only the NSA could have added it and they know they didn't) and therefore knew that the algorithm was safe.

      • by Agripa ( 139780 )

        There is no need to wait for non-circumstantial evidence. The government likes to use lessor evidence standards than beyond a reasonable doubt so lets follow their example.

        What is more likely than not? That the NSA missed a public/private key based backdoor designed into an algorithm, strongely supported it after it was revealed that such existed, and bribed RSA over it? Or that NSA designed it in from the start and through a fit of managerial incompetence, trashed any trust they had accumulated with non

  • by Excelcia ( 906188 ) <slashdot@excelcia.ca> on Wednesday January 14, 2015 @07:16PM (#48815513) Homepage Journal

    I find it very interesting the wording. They think that they should have "ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor" and that their failure to do so was regrettable. What about their helping to develop the algo with a back door to begin with?

    They are essentially coming out and admitting they are sorry that they didn't drop support, because if they had dropped support at least they would have been able to cover up the fact they intentionally create algorithms with flaws to begin with.

    • by AHuxley ( 892839 ) on Wednesday January 14, 2015 @08:56PM (#48816089) Journal
      It was regrettable security researchers, brands, firms, academics and other experts failed to find, did not look, did not ask, did not consider, did not want to understand, where not interested or collaborated in placing so many trap doors and backdoors in international crypto standards over the years.
      Just getting weak crypto created and set as a standard is the first part. Keeping it as a standard for some time was the real trick. At lot of smart people and top brands had to stay tame and look the other way on that aspect over the years.
      The good news is people can just move back to number stations and only use one time pads once.
      The intentionally create algorithms seemed to go back to the 1950's as the Martin and Mitchell defection hinted in the early 1960's
      https://en.wikipedia.org/wiki/... [wikipedia.org]
      "Our main dissatisfaction concerned some of the practices the United States uses in gathering intelligence information ... deliberately violating the airspace of other nations ... intercepting and deciphering the secret communications of its own allies ..."
  • by fustakrakich ( 1673220 ) on Wednesday January 14, 2015 @07:24PM (#48815547) Journal

    Nothing happened. The spying continues as if nobody said a thing. It had no effect on the election, and it won't have any effect in the next one. Whatever the NSA does from here on out cannot be blamed on anybody but the voters. It's extremely simple.

    • It isn't even just a case of voters ignoring the issue; countless people directly support the unconstitutional freedom-violating mass surveillance. So yeah, it's definitely the fault of voters, and a lot of them love it.

      • Yes, I did fail to bring up the fact that most people want this. We truly do have a very representative government in the US.

    • Nothing happened. The spying continues as if nobody said a thing. It had no effect on the election, and it won't have any effect in the next one. Whatever the NSA does from here on out cannot be blamed on anybody but the voters. It's extremely simple.

      Wow, you mean we get to vote for the chief executive, who is the boss of executive agencies like the NSA?

      That's good to know. I wonder who most of those complaining about the NSA supported and opposed the last time they had the chance?

  • by DarkOx ( 621550 ) on Wednesday January 14, 2015 @07:24PM (#48815549) Journal

    With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor

    So really he regrets they got caught trying to insert a backdoor and wishes they would have handled the after math of being busting in a way that might have won back some undeserved trust, but he does not regret attempting back door the algorithm in the first. I read this as "would do it again".

  • by steelfood ( 895457 ) on Wednesday January 14, 2015 @07:32PM (#48815609)

    That's no apology, it's that's just expressing regret.

    If they really wanted to apologize, they should be apologizing for subverting the standards process in the first place. Both RSA's and NIST's credibility are in the crapper thanks to them, though it's admittedly RSA's own fault for taking the $10 million.

    But there's no point in apologizing to the crypto community or even to any subset of it. This behavior by the NSA was almost expected, and it would be stupid to not believe it given all the pre-Snowden evidence. In fact, it validates a lot of people's conclusion that funny-looking and funny-smelling things should generally be avoided.

    • by Anonymous Coward

      it validates a lot of people's conclusion that funny-looking and funny-smelling things should generally be avoided.

      You mean like how AES is a curiously simplistic untested algorithm that somehow got standardized?

  • Fuck you, Mike! (Score:4, Insightful)

    by Anonymous Coward on Wednesday January 14, 2015 @07:43PM (#48815669)

    It was "regrettable" that, after the whole community cast aspersions at your intentionally-broken algorithm, you didn't drop your own support for it? Go eat a fucking dick.

    What you should have done, instead of "dropping your support", was come clean and say "sorry guys, that was a shitty thing to do and we should not have done it. This algorithm was in fact sabotaged by us and it should never be used for anything other than a case study for cryptographers learning to detect shitty things like this being done to algorithms in plain sight. We ought to using better tools to catch bad guys rather than intentionally breaking encryption for everyone."

    Asshole. Dual-use technologies work both ways, smarty-pants: if you break the algorithm, it's broken for the good guys, too, and the bad guys pwn everyone who thinks they are safe.

    Seriously, fuck you.

    • My sentiments exactly. This post deserves to be heard. It deserves more than a 0 score.

    • Comment removed based on user account deletion
    • Dual-use technologies work both ways, smarty-pants: if you break the algorithm, it's broken for the good guys, too, and the bad guys pwn everyone who thinks they are safe.

      The cleverness of Dual_EC_DRBG is that it really is broken in a limited way. It produces numbers that are random to everyone who doesn't know the seed or a particular private key, which we assume only the NSA has. It's just as secure as using any "good" random number generator and then sending the seed to the NSA using public key encryption.

  • "I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable." Allow me to help: indecent, dangerous, immoral, short sighted, borderline criminal.
    • I would go so far as to say its basically theft, since in doing this (along with so many similar actions) they've basically done the exact opposite of the task to which they were assigned when we handed over our tax dollars to fund them.

  • by wickerprints ( 1094741 ) on Wednesday January 14, 2015 @07:48PM (#48815705)

    I find Werthiemer's characterization of this gross oversight to be..."regrettable."

    Let's remind the reader and put the role of NSA mathematicians in context: In the world of mathematical research, what the NSA knows is by construction a superset of what the academic community knows. That is to say, NSA researchers have at their disposal the body of all published mathematical literature, in addition to any discoveries they have made internally, whereas non-NSA mathematicians do not have access to the latter. If a flaw in a commonly used cryptographic scheme is discovered by the NSA but is unknown in the public arena, this immediately leads to an exploitable situation.

    Thus, when outside researchers discover an issue, this tells us NOTHING about if or when the NSA knew about the same flaw. It also means nothing for NSA mathematicians to apologize or write in public correspondence what their version of events was. Their lack of credibility does not stem from the existence of such flaws; no. Neither does it necessarily follow from the lies they have told in other respects. On this point I must be completely clear. Their lack of credibility stems from the aforementioned and inherent information asymmetry. To attempt to infer the sincerity of the message based on indirect evidence, past behavior, and allusions to glorious historical efforts is to be misled from the fundamental reality, which is that the NSA and its mathematicians are under no obligation to tell the truth because they undoubtedly possess mathematical secrets that the public does not.

    That said, I am gratified that many preeminent mathematicians working in the fields of number theory, cryptography, algebra, combinatorial analysis, and cryptanalysis do not choose to work for the NSA and instead remain in the academic community, on the premise that the advancement of humankind necessitates the openness of the process of discovery and the unrestricted dissemination of mathematical research.

    • by Anonymous Coward

      The problem here is not that the NSA "discovered" the flaw and kept quiet, but rather the appearance that they could have engineered a backdoor into the protocol that giving them a backdoor that no-one else had. NSA is claiming they didn't realize their insistence upon using a specific vector set of their choosing would give them this advantage. The Snowden revelations make that claim of ignorance very suspect given the high level of efforts at the time to infiltrate all forms of encrypted communications.

    • by epine ( 68316 )

      In the world of mathematical research, what the NSA knows is by construction a superset of what the academic community knows.

      Modulo pub net (aka Brewsky's) and "unpublished communication".

      But apparently you subscribe to the the maxim that the "publish or perish" edict is axiomatically tantamount to "no unpublished thought" which I find interesting, because stuffy academic writing hardly strikes me as Truman Burbank's brainstem Twitter feed.

      Not that this is a subject matter where we should stray into the kin

  • Michael Wertheimer, the director of researcher at the National Security Agency, was found in his garage dead this morning. Medical officials say he died from auto-erotic asphyxiation. He left a suicide note saying he was "sorry for ever speaking out against my excellent employer and even death cannot undo what I have done".
  • Why not use a real random number generator (such as avalanche noise in a semiconductor junction) to generate a key instead of a pseudorandom number generated by software that can be back-doored?

    • by Anonymous Coward

      True random generators are not certifiable because no matter how long you run them you can never be sure that the randomness is evenly distributed. PRNGs can be tested and verified.

  • by Anonymous Coward

    "It's something We should feel ashamed about. We DON'T feel ashamed, though." Big big difference.

  • And then... (Score:4, Interesting)

    by wonkey_monkey ( 2592601 ) on Thursday January 15, 2015 @03:29AM (#48817807) Homepage

    NSA Official: Supporting Backdoored Random Number Generator Was "Regrettable"

    He then steepled his fingers and muttered "mwuhaha" under his breath.

    Isn't "regrettable" how Bond villains usually refer to their gruesome murders of formerly trusted employees?

  • Little more than just suspecting if so
  • He does a good job of calling out [cryptograp...eering.com] pretty much everything expressed here. As well as highlighting some of the half-truthes and/or complete lies in the letter.
  • Yeah, it's regrettable that in pursuit of spying on your own citizens and other departments of your own govrrnment, you dropped all of our collective pants to a long list of potential attackers. On second thought, maybe I'm overstating things. How many people who want to damage American interests can afford a room full of GPUs and some math Phds? It's all good. Let's just move along.

Heard that the next Space Shuttle is supposed to carry several Guernsey cows? It's gonna be the herd shot 'round the world.

Working...