I'd comment, but then I'd have to kill me.
NSA: We've learned our lesson after foreign spies used one of our crypto backdoors – but we can't say how exactly
It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. However, curiously enough, the NSA has been unable to find a copy of that report. On Wednesday, Reuters reporter Joseph Menn published an …
COMMENTS
-
-
-
-
Friday 30th October 2020 22:27 GMT Michael Wojcik
No one (who knows anything about it) thinks it's "random" at all. "Deterministic Random Bit Generator", the phrase NIST actually uses, is their (unfortunate) term for cryptographically-strong PRNG.
Everyone always knew Dual_EC_DRBG was a CPRNG, which meant it deterministically generated a bit stream with statistical properties that were indistinguishable from random under a series of assumptions. The concerns around Dual_EC_DRBG were, first, there's no way to tell whether there's a backdoor (i.e. whether the default constants provided by the NSA via NIST1 were chosen to allow someone with an additional piece of information to predict the output2); and second, it's a rubbish algorithm anyway and so there's no good reason to use it.
Ever. Even if you don't think there's a back door. And if there isn't a back door, why recommend it in the first place? Probably just an honest mistake.
1It's worth noting that these constants can be changed, and in fact NIST tells you how to compute a suitable set of alternatives and use them in the DRBG. Of course doing so invalidates any backdoor, and the backdoor is the only reason to use Dual_EC_DRBG.
2Specifically, SP800-90 specifies the form of the DRBG and provides parameters P, the curve's generator, and Q, both points on the curve. It's not explained where Q comes from. It's a prime curve, so there's some e such that Qe=P (mod p). Given Q, e is hard to find. But say you're proposing an EC-based DRBG, and instead of picking a random point Q, you set Q to be a multiple of P. Then you can easily compute e. And you can recover the internal state of a Dual_EC_DRBG instance by observing about 32 bytes of output. That is a Bad Thing.
-
-
-
Thursday 29th October 2020 03:47 GMT Schultz
I'd comment ...
"NSA policy now requires a fallout plan". So can we take that as confirmation that the NSA systematically subverts encryption in networking gear?
It might be safe to assume that Huawei equipment does not carry NSA back-doors, considering the efforts of the US government to shut down everything Huawei. But then, others might be listening in. I guess you really need strong end-to-end encryption to assume any degree of privacy. And even then, your computer carries a Security and Management Engine / Platform Security Processor, specifically designed to handle sensitive low-level functions. The NSA would not be worth its budget if they didn't find a way into those. Amiright?
-
Thursday 29th October 2020 11:19 GMT Mage
Re: I'd comment ...
See also proven NSA / CIA etc backdoors in Cisco gear. Juniper is a major competitor.
Could Huawei be being banned in USA and UK etc (Five Eyes and friends dominated by USA), because they won't add US backdoors?
GCHQ audit revealed no backdoors in Huawei, but poor code quality.
No surprise as that was well known on Huawei routers supplied by many UK & Ireland ISPs. But also true of almost everyone.
-
-
Thursday 29th October 2020 16:46 GMT Anonymous Coward
Re: I'd comment ...
Most if not all software for network equipment has holes due to sloppy programming that can be exploited (i.e. hacked) to varying degrees. I would assume that any intelligence service you've ever heard of has their collection of them.
Backdoors, OTOH, are expertly programmed by Five Eyes to allow a much broader range of exploits on demand.
It's the difference between negligence and aiding and abetting.
-
-
-
Thursday 29th October 2020 18:05 GMT Anonymous Coward
Re: I'd comment ...
It's probably safe to assume any closed source psuedo random number generator involved in crypto is compromised in some way.
To this day information on the Microsoft PRNG is thin on the ground. I've literally got no idea if I can trust the MS PRNG.
Even if a PRNG is safe, your source of entropy may not be. Servers are notoriously less random than workstations in that regard.
-
Friday 30th October 2020 18:47 GMT Claptrap314
Re: I'd comment ...
As a rule, I would expect that an intentionally weakened generator by an expert would be _stronger_ than some POS put together by a non-expert. See, for instance the custom-rolled PRNG in Systemd.
The question is: which did u$ employ in this case?
If you are not publishing your primitives, they ARE junk. Prove me wrong.
-
-
-
-
Thursday 29th October 2020 00:29 GMT Anonymous Coward
How do you avoid US spy gear, it is everywhere.
Intel ME : https://libreboot.org/faq.html#intel
AMD PSP: https://libreboot.org/faq.html#amd
face^H^H^H^Hciabook
everything that google does (google analytics).
Cisco
Apple
Microsoft telemetry (they record everything that your computer runs and does)
Amazon, logs everything, everything, everything (Did you search for something 25 years ago, that is still in the archives).
And then you have the five eyes, which is probably closer to 50 eyes these days.
And then you have the game consoles and Valves Steam, they track and record everything.
And every US company must obey all secret FISA court orders, to carry out the wishes of the NSA.
Who needs backdoors, when they have access to so many front doors.
-
-
Thursday 29th October 2020 06:01 GMT Anonymous Coward
Re: How do you avoid US spy gear, it is everywhere.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." - Ed
So much active spying capacity would have been the wet dream of the Stasi.
-
Thursday 29th October 2020 09:42 GMT fpx
Re: How do you avoid US spy gear, it is everywhere.
Can you please explain to this court why, twenty years ago, you googled "iron maiden"? Doesn't that demonstrate your intent to torture someone?
The data trail that all of us leave behind alwys contain some dubious nuggets that, selectively edited and taken out of context, will make you look bad.
As foretold by Kafka. We know there is a crime hidden in all of that data, we just have to find it. You will not be in a position to defend yourself, since you will have long forgotten. Too bad.
-
-
Thursday 29th October 2020 11:25 GMT Mage
Re: How do you avoid US spy gear, it is everywhere.
Maybe said by Cardinal Richelieu?
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
-
Saturday 31st October 2020 22:40 GMT MachDiamond
Re: How do you avoid US spy gear, it is everywhere.
"Can you please explain to this court why, twenty years ago, you googled "iron maiden"? Doesn't that demonstrate your intent to torture someone?"
There was a couple of 20 somethings a couple of years ago that were going to take a trip to Hollywood to spend a week clubbing. One of them tweeted "we're going to destroy America", a slang for partying that the US spy agencies didn't know. The couple got turned around in NY when they went through customs.
I know my search history is eclectic enough to pull lots of stories of terrorism and mayhem out of. When something interesting is in the news, I'll often do some research since the new agency isn't ever going to be reporting it correctly. I've also worked in commercial fireworks, aerospace and all sorts of other things including being a proper photo-journalist.
It's readily apparent that governments don't like people that eschew being spoon fed by the MSM and do their own knowledge gathering.
-
Wednesday 11th November 2020 17:32 GMT Anonymous Coward
Re: How do you avoid US spy gear, it is everywhere.
*spams palms down and stands up in the dock*
Give me the sense to wonder
To wonder if I'm free
Give me a sense of wonder
To know I can be me
Give me the strength to hold my head up
Spit back in their face
Don't need no key to unlock this door
Gonna break down the walls
Break out of this bad place
CAN I PLAY WITH MADNESS?
-
-
Thursday 29th October 2020 16:04 GMT Filippo
Re: How do you avoid US spy gear, it is everywhere.
The problem is that knowledge is power. Anyone who knows your passwords and entire browsing history has a whole lot of power over you. Of course, I (mostly) could trust my government not to abuse this, because, like you, I live in a functioning democracy and I'm not paranoid. Or maybe I don't, in which case I already have a good reason not to want this to happen. However, bear with me: that is not the point. That is irrelevant. The point is not trust: The point is power.
When you ask what do we fear, what you are asking is basically: what does it matter if people have power over you, as long as you trust those people not to abuse it?
The answer is that any power over you must be regulated by law. This is a fundamental axiom of free society. It cannot be conditioned on trust alone. If any entity has the ability to gain power over you without this ability being well-regulated by law, that is a problem. It does not matter how much you trust that entity. The problem is not lack of trust; if I trusted the NSA completely to never abuse the knowledge they have, their ability to gain power over me outside the boundaries of law would _still_ be an unacceptable issue.
If you do not understand why no entity should be able to gain power over you outside the boundaries of law (oh, and secret laws enforced by secret tribunals don't count for this purpose), I'm afraid I don't have the ability to explain further in a mere comment.
I do hope, however, that you will realize that having all of your data is not very much different from having a gun to your head, that you can imagine that having a gun to your head is intrinsically problematic, regardless of how much you trust the guy with the finger on the trigger, and that you can agree that it should only be allowed in well-regulated circumstances, and that if it happens outside of those circumstances, it needs to be sanctioned even if nobody actually got shot.
-
Thursday 29th October 2020 19:37 GMT elip
Re: How do you avoid US spy gear, it is everywhere.
Some of us are old enough to remember, and come from countries where not all that long ago, our overlords, err representative governments took our fellow citizens to the woods for a chat and put one in their heads. Just one literal example from my childhood in Eastern Europe.
-
-
Thursday 29th October 2020 12:45 GMT Pascal Monett
Valve ? Why are you dragging Valve into this ?
Do you seriously think that Steam is watching you ?
Steam is the best game-selling platform there is. If you don't have a connection, you can still play your games. If you do have a connection you can play them online.
Yes, Valve checks when you log on to verify that you have the right login and password, and that's all. You tell me how Valve can do less and still maintain a business.
Steam is the only game-selling platform I know that doesn't care where you run it from. I can upgrade my PC, change my disks, change computer ; the only thing Steam wants is my login/password combination. That is a far cry from EA Games or any of the others, who basically consider that any change in hardware is proof that you are filthy thief and you have to re-download your entire collection.
With EA Games, that even happens when you update your video driver !
So please, leave Valve out of your otherwise quite plausible list of surveillance entities.
-
Thursday 29th October 2020 17:46 GMT Mage
Re: Valve ? If you don't have a connection, you can still play your games.
Not true for some games, at least to start them.
Also plenty of older XP / Vista games yet they pulled the plug on XP being able to use an already installed game.
Also I hate DVD cased games that have no indication on the packaging that are actually only an Internet installer for Steam or something else you can simply go to directly. Not sure when Steam support ends for Win7. But for a long while it's been a better idea to use a PS4 for gaming. I see the optical drives are option versions of 2020 Xbox and PS5.
Welcome to the 1960s, where you need the connection to a server for anything. Is Office 365 & cloud replacing purely local MS Office? You'd think so searching MS site for Office Patches, Add ons and converters.
-
Thursday 29th October 2020 17:47 GMT bombastic bob
Re: How do you avoid US spy gear, it is everywhere.
it's why back doors themselves should NEVER be used. Classic example here, in which OTHERS have discovered the keys, and the existence of the back doors has been revealed, defeating their very purpose and compromising EVERYTHING gummints were attempting to use them for.
They need to do REAL investigating. You know, like the OLD days.
Open source may provide a perfect solution to this. How about hardened linux router software that's 100% open source that you can subsequently load onto Cisco's hardware and thereby ELIMINATE the problem? Peer review would find any back doors. Maybe Linus could make it happen?
-
Thursday 29th October 2020 19:43 GMT elip
Re: How do you avoid US spy gear, it is everywhere.
Many companies already run their own routing and some switching on open source OSes (Linux, OpenBSD, etc.). Would love to see some larger server/network gear vendors start certifying those stacks on their platforms. For now, I'll just stick to my OpenBSD, on top of Coreboot, on small embedded platforms. :-)
-
Thursday 29th October 2020 19:54 GMT EnviableOne
Re: How do you avoid US spy gear, it is everywhere.
I'd rather steer clear of cisco's custom asics, you dont know what backdoors the NSA has put in them
NIce bit of Dell lowest commen denominator kit:
https://www.dell.com/ae/business/p/open-networking-switches/pd
they been selling these bare bones for a while
-
Friday 30th October 2020 12:18 GMT Anonymous Coward
Re: How do you avoid US spy gear, it is everywhere.
This thread has just reminded me to buy an Open Source router (Turris Omnia), which I've been meaning to for a while.
I wonder whether the NSA/GCHQ specifically monitor sites selling those, and are going to make an extra effort to probe my systems before it arrives, as I clearly have something to hide?
-
-
-
-
Thursday 29th October 2020 01:26 GMT Anonymous Coward
the NSA now claims it can't find the file.
I actually believe that statement.
The NSA is probably too bogged down with the vast amount of data it collects on American citizens to stay in power than to be bothered with dealing with the requsts of an actual ELECTED OFFICIAL like or technically enlighted Ron Wyden.
As a side note on Dual EC..
there is a very informative blog post by a researcher that was having trouble with his WIFI router over the Christmas holidays where he discovered backdoors and ECB in many, many MANY home routers after poking around:
https://github.com/elvanderb/TCP-32764
-
Thursday 29th October 2020 05:43 GMT Anonymous Coward
NSA head is a Trumpsky
The head of the NSA is one of these, Kremlin-approved, Trump appointees, a man named Richard Grenell.
https://www.theguardian.com/us-news/2020/feb/19/trump-richard-grenell-director-national-intelligence
If there is a zero day exploit that NSA has, then Russia has it too. If there's a secret the NSA is holding then Russia has that too. If there's a backdoor NSA holds, then Russia has that backdoor too.
NSA is compromised. If you've backdoored your kit for the NSA, then you've backdoored your kit for Trump's Russia buddies, you need to close all the backdoors. You've compromised American security.
Here's Grenell trying to launch a Russian disinformation package against Democrats for this election cycle:
https://apnews.com/article/election-2020-intelligence-agencies-hillary-clinton-elections-archive-8a9811f5ce2094a9b47c2794e2e887ea
Here he is launching a Russian wedge package seeking to divide Democrats:
https://www.thedailybeast.com/team-bernie-fingers-richard-grenell-for-leaking-russia-story
Here he is, agreeing to tip off (indicted Russian) Lev Parnas and Rudy Guilliani on the Dimitry Firtash case (Firtash is under house arrest in Vienna accused of being a Russian bagman).
https://nymag.com/intelligencer/2020/02/richard-grenell-director-national-intelligence.html
"according to now-indicted Giuliani associate Lev Parnas. Parnas told the Daily Beast that he was told to ask Grenell for advance notice if the Department of Justice were to move to extradite an indicted Ukrainian oligarch, Dmytro Firtash, from whom Giuliani hoped to get compromising information. Parnas also claims Grenell said he would comply. It would, to put it mildly, not be normal or legal for an ambassador to tip off a private citizen to a law-enforcement move"
Just let that sink in for a second, the head of the NSA, offering to give a private citizen, Rudy Guilliani, who meets up with Russian military intelligence agents, secret info on an accused Russian bagman!
Firtash, in case you don't know where he fits in:
https://en.wikipedia.org/wiki/Dmytro_Firtash
"Living in Vienna, Austria, since 2014 Firtash has been resisting extradition to the United States on bribery and racketeering charges, and has sought to have the charges dropped...
"Firtash is represented by Trump and Giuliani associates Joseph diGenova and his wife Victoria Toensing, having hired them on the recommendation of Giuliani associate Lev Parnas.
"The New York Times reported in November that Giuliani had directed Parnas to approach Firtash with the recommendation, with the proposition that Firtash could help to provide compromising information on Biden, which Parnas's attorney described was "part of any potential resolution to [Firtash's] extradition matter."[77] "
"...during the summer of 2019 Firtash associates began attempting to dig up dirt on the Bidens in an effort to solicit Giuliani's assistance with Firtash's legal matters, as well as hiring diGenova and Toensing in July. Bloomberg News also reported that its sources told them Giuliani's high-profile publicity of the Shokin statement had greatly reduced the chances of the Justice Department dropping the charges against Firtash, as it would appear to be a political quid pro quo"
I don't think they're worried at this point, Russia's involvement is crystal clear, and so I'm expecting Barr to simply drop the charges on Firtash, or for Trump to pre-emptively pardon him.
Knowing how Trump works, he'll probably pardon Firash, go to Austria in Airforce One, collect a big wad of Rubles in front of the cameras, with Airforce one in the background, say "how can it be illegal I'm doing it right in front of your eyes and no Republican is complaining!" Fox & Friends will cover the story as "American freedom to accept bribes"
-
Thursday 29th October 2020 08:49 GMT Anonymous Coward
Re: NSA head is a Trumpsky
And you fell for the bi-partisan shtick, you think one side is better that the other!? That there are "sides", as I was told when god was a lad, "no matter who you vote for the government always win"
Please go back to faecesbook with your crappy political posts, we ain't interested, same ac same bullshit posts, boring!
-
Thursday 29th October 2020 12:47 GMT Anonymous Coward
Re: NSA head is a Trumpsky
I'm so glad you posted that. I was under the impression the NSA has been around since 1952, started by Harry Truman (D).
Thanks for setting me straight.
Would you mind updating this page, they seem to have it all wrong: https://en.wikipedia.org/wiki/National_Security_Agency
-
-
Thursday 29th October 2020 11:55 GMT Peter2
Re: the NSA now claims it can't find the file.
the NSA now claims it can't find the file.
Because it's a file stored on computer, and it's been deleted by another countries version of the NSA because the NSA were being unkind about what they said about the opposing spy agency in the report. This action obviously doesn't show up in the logs, because the software keeping the logs had a backdoor built into it that said opposing spy agency exploited which shows why this sort of backdoor is a mistake.
That, or just admit deliberately lying to their oversight.
-
-
-
Sunday 1st November 2020 12:12 GMT thejynxed
Re: Hey, can't have that pesky report show up...
It doesn't matter who's in charge, the intelligence community apparatus doesn't care about party affiliation. See CIA & NSA monitoring of Sen. Feinstein's laptop as she was in the middle of a Senate Intelligence Committee meeting when Obama was POTUS.
-
-
-
Thursday 29th October 2020 05:52 GMT Anonymous Coward
This "backdoors" discussion misses an important point......
...a point well understood by anyone (or any group) seeking private conversations.
*
Namely....if messaging is encrypted with a private cipher BEFORE the message enters the channel, then IT DOESN'T MATTER ABOUT BACKDOORS. See below for an example of the sort of thing which the spooks might obtain from their backdoor slurp.....
*
0F2w1kqF0nLi0BxJ0$I51bj30OlL0bnI1TZ$0UTd
1dsJ1fQe1LXm1XE607o$10bZ0iNI0Ypm0DKR0ZLQ
0EIM1HZJ0Zmr0ZaF0zJp0uef14ui0aP50pRY1L$W
0H3u0zsE08GH17651Wvr11I51Dn=0DFo0GLZ0c0S
16fA18aW0ChM1Ue80qRE1fAt0s4R1GJp1dq40VbG
0hkG1SOu01Ni08191Wou1JXD0=EM1EYi0fk50u0h
0akJ1a$t1hTL0E6l0jff0v940ytJ1UcO0Aae1MS9
1Hs91MXm0a7P1RPo1PI61RRE1gv306kG1hcG0Igv
1Cua09Qp0tfN1jVn0iaZ0nzx1lYg18W6052D1TOO
0HHL0JeY1mce0p5y0WYu03z702vD05RG16wI1NA2
1L2l0=Ni
*
-
-
-
Friday 30th October 2020 14:07 GMT A.P. Veening
Re: Using strong encryption, citizen?
Who says it's "strong encryption"? It looks like it might be a long list of four-long numbers. Maybe one of those "weak" book ciphers?
It is "strong encryption" if they don't already have the key.
And when did personal privacy get translated into "something to hide"?
Right after the power grab by NSA/CIA shortly after 9/11.
-
-
-
Friday 30th October 2020 21:06 GMT Michael Wojcik
Re: This "backdoors" discussion misses an important point......
Sigh.
The problem is not whether a handful of technically-adept parties who already have a secure channel for key distribution can maintain confidentiality, or even confidentiality + integrity + authentication (and, hey, throw in non-repudiation if it makes you happy). That's always been possible.
The problem is government interference with attempts to address the actual difficult questions, like mass cryptography for non-technical parties, key distribution among large groups with no prior secure channel, authentication where there's no existing relationship, and so on.
Your amateur cryptography is not interesting in this context. It's the equivalent of a pen-and-paper cipher. It might be weak, it might be strong; but it doesn't touch on any interesting problems.
-
Saturday 31st October 2020 10:52 GMT Anonymous Coward
Re: This "backdoors" discussion misses an important point......
@Michael_Wojcik
Sigh.
*
Maybe YOU are missing the point. The "government interference" you describe is EXACTLY THE REASON that "amateur cryptography" is being used. In this context people who seek privacy have absolutely no interest in "interesting problems".......they are building their own privacy tools....because no one out there is solving the privacy problem.
*
And this process, over time, is likely to make the problems faced by government snooping MUCH WORSE.....simply because the snoops will face a proliferation of "amateur cryptography" where today they only have to deal with a few targets (SIgnal, RSA, PGP and a few others). And condescending talk about the "amateur" won't make any of this go away!
-
-
-
Thursday 29th October 2020 07:24 GMT Dave 126
Argument might go away by itself
The USA's economic power (upon which its military power depends) depends upon intellectual property and trade secrets - in engineering and technology - which are the chief targets of China's espionage efforts. Making it harder for US firms to secure their data is self-defeating for the US government.
-
Thursday 29th October 2020 15:30 GMT JCitizen
Re: Argument might go away by itself
I was going to say, that they have the nerve to insist we private citizens and corporations need government back doors and compromised security to keep us "safe", and then they have something like this happen to them. How can they look us in the eye and seriously demand something like that?
-
Thursday 29th October 2020 17:47 GMT Anonymous Coward
Re: Argument might go away by itself
"How can they look us in the eye and seriously demand something like that?"
Let me see. Reasons they can ask for this. Let's start with over-officiousness. Add mistrust of the public. And add bureaucratic target-setting processes that don't consider the real world. And demands for a short-term "gotcha" intelligence coup from politicians and their appointees in the DoD/CIA/FBI while setting aside longer-term risks. And the desire to get some sweet, sweet press copy about what the government or a specific agency is doing to protect us from (Choose from and insert du jour terrorist/pedophile/drug kingpin/domestic extremist/Iranian/Chinese/Russkie punching bag here).
Yeah, I think that covers the reasons fairly well.
-
-
-
Thursday 29th October 2020 08:52 GMT Ochib
This file contains the complete set of papers, except for a number of secret documents, a few others which are part of still active files, some correspondence lost in the floods of 1967. Some records which went astray in the move to London and others when the War Office was incorporated in the Ministry of Defence, and the normal withdrawal of papers whose publication could give grounds for an action for libel or breach of confidence or cause embarrassment to friendly governments.
-
Thursday 29th October 2020 12:53 GMT Mahhn
Overlap
This is one of the reasons we like to have "overlap" in our security products. Due to constant proof (like this news story) we have to presume that at least one of our antivirus, firewalls, web filter, VPN, ransomware detectors, components is compromised, by private or nation state criminals - all the time. It's not a happy thing to know your own government is destroying security for the sake of stealing data for insider trading, er I mean keeping us safe from ghost.
-
-
Friday 12th February 2021 21:41 GMT thejynxed
Re: Huawei
Allegedly has nothing to do with it. Huawei networking gear had (at the time of accusations) hard-coded administration accounts that were logged as being accessed from locations in Shenzen and Guangzhou. Was this malicous activity by the CCP or just Huawei performing remote access to view the stored performance metrics such as error logs on the device is what the ultimate question was and was never answered to the general public, but we did see Huawei earn a permanent US ban, including being banned from purchasing microchips designed by or manufactured by/for US companies as a very public result of these accusations.
-
-
Friday 30th October 2020 15:52 GMT steviebuk
Ban VPNs
And either ban encryption or force companies to create backdoors into that encryption so only the "authorities" will have access. There is no reason to vote or argue against this as ONLY the correct authorities will have access to that backdoor..........WHAT? Someone else exploited it? Shit. Well, lessons have been learned (even though we were fucking warned before hand this would happen).
The tits.