Forgot your password?
Businesses Communications Encryption Government Privacy United States

Reuters: RSA Weakened Encryption For $10M From NSA 464

Posted by timothy
from the 30-pieces-of-silver-seemed-too-derivative dept.
Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
This discussion has been archived. No new comments can be posted.

Reuters: RSA Weakened Encryption For $10M From NSA

Comments Filter:
  • RSA sold you out (Score:5, Insightful)

    by Anonymous Coward on Friday December 20, 2013 @08:53PM (#45750763)

    The NSA sold its own customers out to the US government for the price of an NYC apartment.

  • by bob_super (3391281) on Friday December 20, 2013 @08:57PM (#45750785)

    Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

  • by bill_mcgonigle (4333) * on Friday December 20, 2013 @09:02PM (#45750803) Homepage Journal

    "... We are now merely haggling over the price."

    Oh, no, wait, it's $10M.

    (apologies to George Bernard Shaw)

    P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).

  • by Anonymous Coward on Friday December 20, 2013 @09:09PM (#45750839)

    Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.

    A massive exodus to where exactly?

    When an organization like the RSA can be bought, what in the hell makes you think the rest aren't too, regardless of country.

  • by surfdaddy (930829) on Friday December 20, 2013 @09:13PM (#45750849)
    I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught. We have a Constitution, which includes protections against unreasonable search. And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. They are so FUCKING PARANOID that EVERYTHING is on the table, including the privacy and liberty of the citizens. I lower my head in FUCKING SHAME as to what has become of this country.
  • Catastrophic (Score:5, Insightful)

    by Anonymous Coward on Friday December 20, 2013 @09:17PM (#45750875)

    Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.

    No RSA product can ever be trusted again.

  • by Threni (635302) on Friday December 20, 2013 @09:24PM (#45750905)


    This wouldn't have been posted 10, or even 5, years ago. I don't want to see it. Please don't lower your standards.

  • by JoeyRox (2711699) on Friday December 20, 2013 @09:26PM (#45750915)
    Like most criminals they probably never expected to be caught.
  • by dgatwood (11270) on Friday December 20, 2013 @09:27PM (#45750921) Journal

    I'm assuming for the moment that this evidence is, in fact, legitimate. Given how heinous the NSA's actions have been lately, it seems completely in character, which makes that likely a safe assumption. However, just to give them the benefit of the doubt, everyone involved should receive a fair trial. With that said, everyone involved should be tried for high crimes against the United States and its allies. These are accusations of very serious crimes.

    Deliberately compromising the secure communications of hundreds of millions of computers all around the world just so a bunch of pencil-dicked asshats can play their little spy games goes so far beyond unconscionability that it borders on a crime against humanity. Such ends-justify-means thinking is fundamentally incompatible with any form of liberty or justice. Our data is fundamentally easier to crack not just by our own government, but also by organized crime syndicates, foreign governments, and even terrorist groups. In all likelihood, even military communications gear is less secure, which means our troops are at elevated risk during a time of war as a direct result of their actions. That's treason, even by the absolute strictest definition thereof. Further, such deliberate weakening of crypto endangers the lives of dissidents in countries with oppressive regimes, many of which are considered our enemies—an act that could also be considered treason.

    Their actions, if true, clearly constitute providing material support to terrorists and treason by means of providing material aid to our enemies in a time of war. Therefore, according to U.S. law, everyone involved should be immediately treated as enemy combatants, deported to an appropriate holding facility outside our borders—preferably the one affectionately known as "Gitmo"—and tried before a military tribunal.

    In addition to prosecution of individuals, there should be consequences for the groups involved. RSA should be immediately dissolved and all its assets destroyed. Further, at this point, it should be abundantly clear to anyone with even the slightest understanding of crypto that nothing short of the complete and total elimination of the NSA and a constitutional amendment clearly and plainly banning any similar organization from ever existing in the future can even begin to restore trust in cryptography and computers. That organization is fundamentally malevolent, and its very existence is inherently incompatible with the very concepts of security and privacy. No matter what successes they may have had, nothing can possibly even come close to justifying such a heinous breach of the public's trust.

  • by fyngyrz (762201) on Friday December 20, 2013 @09:31PM (#45750949) Homepage Journal

    The NSA is doing everything it can to save your ass.

    No. US citizens are not under any real threat, either short term or long -- at least, no threat that isn't in the end posed by our government itself. What the NSA is doing is attempting to shore up the government, which, frankly, I'm beginning to feel would be better off being replaced by people, almost *any* group of people, who simply understand that it is not acceptable to break one's oath, and that the oath to the constitution is designed to, and should, ultimately govern all of our legislation.

  • Re:SSL Security (Score:4, Insightful)

    by Anonymous Coward on Friday December 20, 2013 @09:32PM (#45750953)

    The article submitter (or maybe the Slashdot "editors" and I use the term loosely) probably just wanted to link whore by playing a game of Madlibs and associating anything related to cryptography and the big-bad NSA. The elliptic curve thing.. that people already assumed was flawed in 2006 years before Snowden became cool and that nobody used*... is *not* how the NSA would operate if it wanted to be *effective* at spying on everyone.

    Remember kids: Snowden said that the NSA hates it when you use cryptography. If the NSA could just click a button and decrypt everyone's traffic, then they wouldn't have gone to the major expense and risk to bypass the encryption that Google/Yahoo/etc. were using, now would they?

    * No really, nobody used it. Try to do anything with that RNG in OpenSSL and guess what... your program segfaults because in 7 years nobody even did rudimentary unit tests of the code, much less tried to do anything with it.

  • by Anonymous Coward on Friday December 20, 2013 @09:35PM (#45750967)

    I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught.

    And now you know why they were so careful to teach you that. Because it's a lie. You see, the easiest slave to control is one who doesn't realize he's a slave.

  • They didn't know! (Score:5, Insightful)

    by hawguy (1600213) on Friday December 20, 2013 @09:43PM (#45751009)

    "They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption."

    Right, the NSA, known to be codebreakers, paid them $10M to include their "special" algorithm, and no one had any idea that it could be compromised. Right. Why else would they pay them to use it?

  • by bob_super (3391281) on Friday December 20, 2013 @09:48PM (#45751029)

    I cringe every time I see elementary school children reciting the pledge of allegiance.
    Start them young...

  • Nuke hystyeria (Score:5, Insightful)

    by fyngyrz (762201) on Friday December 20, 2013 @09:50PM (#45751041) Homepage Journal

    It only takes one wealthy wackjob to buy a chemical or nuclear weapon and use it to kill millions of people.

    No, it also takes a seller of such weapons. And there aren't any, or we'd have been sweeping up the remains of some city, political center, or major chunk of infrastructure by now. The whole "terrorists and nuclear weapons" is a total mind job done on you and yours by your government. One thing to to keep in mind: Nukes are very difficult and expensive to manufacture, and pretty damned difficult to lose track of.

    Civilization isn't likely to die due to nuclear weapons. We've set off well over a thousand of them already, and there's no particular notable effects other than the low hum of hysteria at the intersection of the set of the ill-informed and the paranoid.

    Also, Chemical weapons are a lot less "mass" than nukes are, barring very sophisticated delivery systems, which again, aren't available to religious tools. Bacterial weapons are vaguely possible (although still very, very technical), but incorporate the downside of most likely eventually killing everyone everywhere instead of just the target(s), and so not even your average superstition-addled dingbat seriously considers them.

    If you are a US citizen, If you want to worry about civilization, you should be worrying about the decay of our government from one authorized by the constitution into a form exclusively controlled by corporate and political groups. Because unlike the "nuclear threat", said decay is real and ongoing and has already screwed things up immensely: almost 100% loss of manufacturing capacity and so also jobs, crippling inflation, loss of citizen's rights, usurpation of article five powers by the judiciary, illegal legislation that spans almost the entire bill of rights to ex post facto laws to the complete inversion of the commerce clause, promulgation of multiple very expensive, ultimately useless wars... the problem isn't terrorists. The problem is our federal government. The whole terrorist thing is to keep the citizens looking the wrong way.

  • by BringsApples (3418089) on Friday December 20, 2013 @09:53PM (#45751059)
    Ahh, but you see my friend, my countryman... this is our time to shine. This is the very reason that America was ever great. This is the time to revolt in the proper way. It's not our country that's gone down the tubes, but our government. When The People break the law, the governing body has to step in to set them right. When the government breaks the law, The People have to step up to set them right. If not, then The People need to get used to getting fucked regularly by the power that develops in their stead.
  • by gmuslera (3436) on Friday December 20, 2013 @09:54PM (#45751061) Homepage Journal
    Companies/organizations from other countries aren't forced by law to both do it, and not tell that they did it. Even if you includes countries like UK, Sweden, South Korea and a few others as compromised, there is plenty of room for independent development. And, of course, open source solutions indepently reviewed. But the point is, if you want security, don't buy anything from US companies. Weakening crypto means that not only NSA can access it.
  • by Seumas (6865) on Friday December 20, 2013 @10:33PM (#45751221)

    They teach them to parrot "freedom!" rhetoric, while not bothering to teach them about the foundation of our government, Constitution, etc. In fact, they undermine it by educating them from "summarized" versions of the Bill of Rights or by having class lessons on "revising the constitution", strongly implying in their young mushy brains that the constitution is a living yadda yadda yadda (because, you know, things like preventing the government from infringing on the rights of women to vote are things that may someday need to be changed to fit into the world we live in blah blah blah).

    In my entire school life, we spent far more time in DARE programs than we did learning about government, liberties, and civics.

  • Re:CryptoLocker (Score:4, Insightful)

    by jonwil (467024) on Friday December 20, 2013 @10:49PM (#45751303)

    Because the people behind CryptoLocker (who are probably from Russia or China or some other country that isn't exactly best buddies with the US) are likely smart enough not to trust US-made off-the-shelf cryptography.

  • by jd (1658) <<moc.oohay> <ta> <kapimi>> on Friday December 20, 2013 @10:53PM (#45751329) Homepage Journal

    The Pledge is an affront to all that school stands for. Unthinking obedience simply isn't compatible with intellectual growth or rational questioning. Obedience to a nation is also incompatible with the international semi-borderless worlds of science and art. Neither paints nor positrons have any respect for local laws or political boundaries. Boundaries exist to maximize the benefits within and minimize contagion from flawed systems, the notion of "loyalty" to any standard is relatively modern as society goes and has been a failure from start to, well, it hasn't finished yet but it's time for philosophers to stop poking at their navels and start thinking about metanations and paranations, how to draw on what has always worked (cooperation across strengths) to derive a notion that is functional, rational, sane and likely to (as an early Megadeth noted) work this time.

  • by TubeSteak (669689) on Friday December 20, 2013 @10:55PM (#45751339) Journal

    10 million pieces of (Judas) silver would be about 5 million troy ounces.
    That works out to $97,000,000 USD at current exchange rates.

    RSA definitely got cheated by not insisting on 2000 year old silver as their payment.

  • by FridayBob (619244) on Friday December 20, 2013 @11:00PM (#45751371) Homepage

    ... And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. ... I lower my head in FUCKING SHAME as to what has become of this country.

    That's exactly how I feel. But, if our representatives in the Federal government no longer seem to be on our side, that's because they aren't. They don't work for us anymore: they work for their donors. Among the latter are a collection of corporations (e.g. Booz Allen Hamilton) that make up some 80% of the NSA. The problem is that the executives of those companies have learned that giving large political "donations" to key politicians is probably the best kind of investment they can ever make. As a result, the politicians involved have become heavily dependent on these companies in order to get re-elected and will do anything they are asked in order to keep those donations coming. Every other civilized country recognizes this as corruption, and we used to as well, but unfortunately our laws now say it's legal.

    If you understand this, then you know there is only one solution to this problem: we urgently need to get big money out of politics.

    How can we do that? It would be difficult to do in any other country, but the United States Constitution happens to include Article Five [], which describes an alternative process through which the Constitution can be altered: by holding a national convention at the request of the legislatures of at least two-thirds (at least 34) of the country's 50 states. Any proposed amendments must then be ratified by at least three-quarters (38 States).

    Are we using this yet? Yes we are! WOLF-PAC [] was launched in October 2011 for the purpose of passing a 28th Amendment to the U.S. Constitution that will end corporate personhood* and publicly finance all elections**. Since then, many volunteers have approached their State Legislators about this idea and their efforts have often been met with unexpected bi-partisan enthusiasm! So far, 50 State Legislators [] have authored or co-sponsored resolutions to call for a Constitutional Convention to get money out of politics! Notable successes have been in Texas, Idaho and Kentucky.

    But, if the State Legislators are also corrupt, why are they helping us? Well, maybe they aren't as corrupt as you think. But even if they are, the important thing is that they seem usually to be just as fed up with the Federal government as we are -- so much so that they are quite often happy to help out with this effort. After all, it's a pretty simple proposal that speaks to Democrats and Republicans alike.


    *) The aim is not to end legal personhood for corporations, but natural personhood. The latter became a problem following the Citizens United v. Federal Election Commission ruling, which grated some of the rights of natural persons to corporations and makes it easier for them to lend financial support to political campaigns.

    **) At the State level, more than half of all political campaigns are already publicly financed in some way, so there's nothing strange about doing the same for political campaigns for federal office.

  • by wvmarle (1070040) on Friday December 20, 2013 @11:11PM (#45751415)

    There is probably some secret law hidden deep in a drawer in the far corner of a dark dungeon that legalises this specific contract.

  • by TheGratefulNet (143330) on Friday December 20, 2013 @11:13PM (#45751429)

    if you want security, don't buy anything from US companies

    I'm both sad and PISSED OFF that the nsa has fucked america in such a way.

    this has clearly hurt (and will continue to hurt) our economy.

    isn't the current theme "its the economy, stupid!" ?

    if so, then we really should make the nsa pay for this loss of stature in the world, loss of trust and loss of business.

    dare I say it, its border-line treason. there should be mass jailings for all who had anything to do with SEVERLY DAMAGING OUR ECONOMY in this way.

  • by blackbeak (1227080) on Friday December 20, 2013 @11:14PM (#45751431)

    ...What the NSA is doing is attempting to shore up the government...

    Slight correction: What the NSA is doing is attempting to shore up the ruling class. As far as U.S. citizens are concerned, the NSA is merely a "peacekeeping" tool in this regard.

  • by Mr. Shotgun (832121) on Friday December 20, 2013 @11:20PM (#45751471)

    The NSA is doing everything it can to save your ass.

    No, fuck you. You do not save this country by pissing on the document that created it. Violating the trust and privacy of the citizens is not the way to save them. This country was made great by holding to the standards of freedom and justice, although there were missteps along the way. But we tried to hold firm to that which made us great.

    But lately it has been acting like a scared child jumping at shadows in the kitchen. They have been selling everyone out and violating every protection in the constitution. All for NOTHING. There is no boogy man in the closet, no monster under the bed. The greatest enemy this country faces right now is this "War on terror", because it is destroying us faster and more thoroughly than anyone else could ever hope to do. And apologists like you are helping them right along.

  • by Anonymous Coward on Friday December 20, 2013 @11:24PM (#45751493)

    If necessary, I am sure the Congress will grant retroactive immunity from lawsuits over this, just like they did with AT&T over the warrantless wiretap scandal. Justification: national security.

  • Re:Catastrophic (Score:5, Insightful)

    by swillden (191260) <> on Friday December 20, 2013 @11:29PM (#45751511) Homepage Journal

    Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.

    No RSA product can ever be trusted again.

    Except that RSA destroyed their whole business a couple of years ago when it was found that they'd left the root keys for their SecureID tokens on an unsecured, network-connected machine. After that no one could trust them again.

    But people did, and they'll continue doing so after this, watch and see.

  • by reve_etrange (2377702) on Friday December 20, 2013 @11:44PM (#45751593)

    released every fucking piece of information

    That just isn't true. The news outlets he dealt with have been slowly releasing only the most damning documents in a highly redacted form. Thus far, while some programs have been reported on the basis of these documents, no operational or functional details have been revealed - only generalities.

  • by PlusFiveTroll (754249) on Saturday December 21, 2013 @12:20AM (#45751709) Homepage

    > In fact, I would have to assume that some foreign governments have already retrieved the entire treasure trove of information because news outlets aren't experts on data security.

    I'd assume some foreign government have already retrieved the data before that because the NSA aren't expert's on data security (as shown by said leak).

  • by manquer (1950350) on Saturday December 21, 2013 @12:29AM (#45751737) Homepage

    what makes you think that foreign Governments didn't have already access to the information?,

    if Snowden could get access so easily to so much without getting noticed, what makes you think any state couldn't have just easily bribed any other sysadmin and kept getting the same info?

    You should really question the NSA security policies, for an organization which infiltrates networks regularly to have such poor security is appalling.

    Surprisingly that doesn't seem to come up in this whole dialog about Snowden leaks. Everyone seems to think NSA is some all knowing efficient organization, the perfect big brother.

    To me it seems they are woefully incompetent in even keeping basic access control policies in place.

    Before anyone starts explaining about how it is difficult not to give root access to sys admins etc, it is not exactly rocket science to have peer reviewed access control polices even for sys admins, and alert systems in place depending on the amount of data being accessed over a period of time etc. if I think of 5 different measures of the cuff, I am sure any serious security consultant worth his fees should be able to do much much better.

    I cannot stress this enough if a company losses data like this as happening fairly frequently these days, while worrying, I can on some level understand that it is not their core business, and perhaps they didn't spend enough on security and missed a step or two, but for an organization whose main objective is to do break into networks, this is plain stupid.

  • by TheGratefulNet (143330) on Saturday December 21, 2013 @12:56AM (#45751849)

    Actually, Snowden is the one who damaged the economy

    "that's just, like, your opinion, man."

    its not a truth. its just you being an asshole. or a troll. or both.

    a whistleblower to does not let illegal and immoral acts continue is NOT the one at fault. if you can't see that, you're the one who needs correcting.

    anyone saying that snowden (the messenger) is at fault IS a bootlicker and THAT is a truth you cannot deny with a straight face.

  • by artor3 (1344997) on Saturday December 21, 2013 @01:50AM (#45752053)

    This country was made great by holding to the standards of freedom and justice,


    They teach you that in grade school? Where was the freedom and justice for the natives, or the slaves, or the women, or the non-Protestants? Where was freedom for the interned Japanese, or justice for people accused of Communism during the red scare? Where was the freedom and justice for all the South Americans and Middle Easterners, as they were ruled by our blood-thirsty puppets?

    Fuck, was there ever even a single ten year period in which this country "held to the standards of freedom and justice"?

    No. There never was. This country is great because it was founded by people who could easily slaughter their only nearby opponents. It's great because after slaughtering the natives, there were ample resources to go around. It's great because our ancestors were immoral enough to build an economy on the backs of slaves, and later on the backs of immigrants who worked themselves to death in hopes of attaining a wealth that none would ever see. It's great because we were left nearly untouched while the rest of the developed world was bombed to ash during WWII. It's great by accident.

    Don't blame the NSA for ruining the Land of the Free. That place never existed outside of storybooks. Reality has always been a lot messier, you're just noticing it for the first time.

  • by Concerned Onlooker (473481) on Saturday December 21, 2013 @02:39AM (#45752189) Homepage Journal

    "I don't pay the fucking news outlets to guard my country's secrets."

    No. You pay them to guard your rights and freedoms.

  • Even ignoring the highly questionable aspects of the pledge which you carefully omitted from your quote, nationalism is just the grotesquely overgrown brother of tribalism, itself a badly flawed concept. At least within a tribe, it's hard to keep secrets or conceal abuses of power. It still promotes an unthinking herd behavior, a sense of "us vs. them, and clearly they're worse than us or they'd be part of us". At the national level, it fuels wars and xenophobia. It is the tools of propagandists and of those who would re-write history and get away with it (as you yourself noted, with regard to Jackson).

    I find it disgusting that a nation which arose out of a rebellion against government mistreatment tries to brainwash its children into giving their allegiance to anything so inherently flawed as a human government. Would you have supported colonial children in the 1770s being required to stand up every day in school, and swear allegiance to the Union Jack, and the monarchy for which it stands? Do you think it's cool that there are probably kids right now swearing their allegiance to the People's Republic of [Korea|China|the Congo|whatever] and the glorious freedom and representation that their government bestows upon them?

    Liberty and justice for all? Give me a break! Pure propaganda, and you don't even need to be *that* smart or well-educated to see it for the lie it is; you just need to start from the assumption that the American Way is *not* The One True Way, and look up some facts. Facts like per-capita prison population, or the breakdown of said population relative to the populace at large. Facts like the mere existence of places like Gitmo. Facts like the government's treatment of Snowden, and their hasty effort to scrub from their websites, etc. all mention of the Obama administration's moral and righteous promises to protect and support whistleblowers. Or how about the states where gays, or transgender people, are forced to live as second-class citizens (and, in a handful of very backward parts of the country, criminals)? The very concept that there exists "one nation, under God, indivisible, with liberty and justice for all" is a tremendous lie. Teaching our children that such a thing not only exists, but that they live in it; forcing them to chant those lines every weekday of their young lives to the point that they absorb it before they're even old enough to know that sometimes the things you're taught are wrong? That is beyond the pale. It is despicable and deplorable.

    Now, actually pledging liberty and justice, that's not so awful. It should still be taught as a *concept* and not as a mantra, but pledging to protect liberty and promote justice is a noble and virtuous thing to say. Too bad that's nowhere in the pledge of allegiance as it stands today, though. No, we were told to pledge allegiance to a flag and a nation, not a concept. We didn't even pledge to uphold the constitution, the way so many civil servants are required to do.

  • by Anonymous Coward on Saturday December 21, 2013 @03:12AM (#45752257)

    To pretend that the USA is not facing multiple existential threats every day is naive and childish. While I agree that the NSA has become a rogue agency and needs badly to be reigned in, denying that threats exist is not the way to start a reasoned argument for something better, something that is in keeping with the constitution and at the same time acknowledges that multiple, severe threats are always directed at us.

    Existential? Come again? The threats which *could* threaten the existence of the US all come from the government and their corporate overlords as they loot the country. Please.

  • by anagama (611277) <> on Saturday December 21, 2013 @03:36AM (#45752315) Homepage

    What they don't have their shit together on is being Americans. They're violating the Constitution, breaking the highest law in the land. That makes the NSA one of the largest traitor organizations in the world.

    I wish every non-whistleblowing NSA employee, terminal cancer in the new year. And for bootlickers like you, syphilis.

  • by Anonymous Coward on Saturday December 21, 2013 @04:48AM (#45752443)

    Stop with the bullshit. I'm not sure if you're a shill or just a retard, but either way, nobody actually is going to believe such nonsense.

    Normally that would be considered treason and espionage

    No. No it wouldn't. There's a very good reason that Snowden isn't wanted for treason. That's because it doesn't even come close to fitting the fucking definition. You might as well "consider" it grand theft auto; those two are about equally as accurate to reality.

    Don't forget extortion and blackmail as well with the encrypted data blob handed out.

    Oh, you mean the NSA plan that was exposed where they specifically intended to use the information they gathered for extortion and blackmail of politicians? Is that the extortion and blackmail you're talking about? Surely, it is.

    People will be and probably have been killed by what he did, and not the bad guys either.

    Do I even need to respond to this? The warcrimes committed by our nation have killed millions. Can you even provide one example of how the information from Snowden has lead to the death of anybody?

    Lying hasn't worked out well for the NSA, the president, nor any of the other scumbags in our government. It surely isn't going to work for you.

  • by martin-boundary (547041) on Saturday December 21, 2013 @06:49AM (#45752655)
    Sigh. You're making the mistake of thinking in the short term. Right now, Google only packages and provides (rather than sells outright) data to law enforcement. But unless you've live under a rock for years, or are a newborn, you cannot seriously claim that Google won't package and sell data to ordinary customers in the future. All it takes is a decree from Larry Page, a change in policy, and it's done. With retroactive access to previously collected data.

    All the successful companies do U-turns to stay in business. Bill Gates did a U-turn on the Internet, Steve Jobs did a U-turn on the iPhone. IBM did several U-turns in its long history, they didn't even make computers when they were founded. And that's just U-turns, then there's acquisitions. When Larry Ellison buys Google in the next 10 years, do you think he'll have any qualms about selling peoples' data to anybody?

    Google is Evil because they Built The Dataset. This data is so valuable and comprehensive, and the pioneering of the techniques to do it over and over again, ever more efficiently and cheaply, that people without scruples want it now, will want it in the future, and will eventually control it. That it certain, and you helped make it happen.

  • by WOOFYGOOFY (1334993) on Saturday December 21, 2013 @08:10AM (#45752837)

    Following this. This headline is not exactly true. 1) RSA was paid 10M to make the NSA algo the default in their bSecure product. We have no direct evidence that RSA (now owned by EMC) KNEW the RNG (random number generator) in the NSA compromised algo had been compromised. This is 20/20 hindsight.

    2) at the time, *some* people were suspiious generally of work done by NSA cryptographers for a variety of reason- the NSA had fought for the Clippe r Chip in the 90s ; the NSA was generally hsotile to strong encryption for civiliians etc. However, those opinions were countered by the majority of people who plausibly considered that the NSA had a real interest in seeing real encryption be used by US corporations etc. We now know who was right, the skeptics, but we didn't know that at the time that deal went down.

    This is what's called "plausible deniability" or "cover" in intelligence circles and everywhere else now but that's the point- it IS plausible, entirely, that RSA was taking money (and not a lot to RSA) to make it the default because they believed the NSA.

    Overall, at the time, the people who believed the NSA participated in encryption with the public out of a concern to see it done right were the majority.

    Just keeping the story as straight as possible because what we're interested in is the truth as far as we can discern it, right?

  • by hairyfeet (841228) <bassbeast1968@gma i l . com> on Saturday December 21, 2013 @11:28AM (#45753677) Journal

    Here is what I personally don't get and since I'm not a crypto guy maybe I'm missing something but here looks like all these attacks come from using a RNG that has been rigged to be less than random, but why use their RNG when there are so many sources of randomness in the world?

    There is the background radiation of the universe for starters, and how many webcams are freely accessible in heavily trafficked public places? It shouldn't be hard to write a program that does a quick head count, multiple that by the dollar amount of the biggest box office draw last week. How many letters is in headlines of the top 60 newspapers on the planet? Multiple that by the amount of temp detected by 30 weather stations and divide by the number of folks who went to see the fourth most popular movie yesterday squared by the ratings of the most popular reality show.

    Yes i'm being silly but hopefully I'm being silly with a point, with so much random data for free on the net,everything from how many stocks sold on the NYSE for the top ten stocks to how many people watched The Daily Show it just seems to me it wouldn't be hard to pick a dozen out of a thousand different sources followed by a roulette wheel of multiply/divide/add/subtract and end up with a number that is random without needing to count on any third party program. How many vowels and consonants are in this thread? Divide by punctuation and multiply by number of posts by ACs with a troll label, ought to be pretty dang random.

  • by bingoUV (1066850) on Saturday December 21, 2013 @12:21PM (#45754039)

    1. For preserving randomness from independent sources, multiplication and division are rarely useful. These operations at times reduce randomness - take for example, the well known, multiplication by zero. Otherwise what was very good randomness, is destroyed. Even multiplication by a very small number takes away much of the randomness derived from other sources. If a Slashdot topic is not conducive to AC posting (or any posting at all), there goes all other randomness in the bin.

    Similarly division - division by large numbers have similar effects as multiplication by small numbers.

    XOR is typically better. But then one has to be careful that the "independent" sources have very low correlation - otherwise probability of zero bits increases drastically.

    2. You need random, and you need it quick. The hunger of modern computer systems is difficult to satiate simply by the sources you suggest - at least initially. E.g., if you want to download all these figures from the internet, would you want to download such sensitive stuff in plaintext ? Of course not, you need SSL. For SSL, you need random. So you are stuck with good quality hardware RNG for best results, bad quality randomness without that, or depend on system entropy.

    Once you get SSL, you could store lots of random numbers, but then you get into the problem of people / attack vectors trying to read that store. Performance vs. non-storage is a tough problem to solve.

  • by anagama (611277) <> on Saturday December 21, 2013 @03:48PM (#45755447) Homepage

    Without Snowden, there would be no reform. Hating Snowden and being critical of the NSA are mutually exclusive -- there literally was no other option. Look at how things turned out for Drake, Biney, and Tice and look at how much legislative/judicial change their actions brought about by going through correct channels (hint: zilch although AT&T did get immunity).

    The Executive branch is so fundamentally corrupt, it is incapable of policing itself and the only way change can occur, is from without -- that change can only come when the public actually knows with certainty what is going on. Critics of the NSA have always been subject to being labeled foil-hatters ... but when the assertions are documented, that doesn't work. To get to this point, we needed a Snowden.

    So, a big thank you to Snowden and if you can't figure that out, a big fuck you to you.

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234