Reuters: RSA Weakened Encryption For $10M From NSA 464
Lasrick writes "As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned." Asks an anonymous reader: "If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
RSA sold you out (Score:5, Insightful)
The NSA sold its own customers out to the US government for the price of an NYC apartment.
Re:RSA sold you out (Score:5, Funny)
NSA has customers? Surely not the voters.
Re:RSA sold you out (Score:5, Funny)
NSA has customers?
Not any more.
Re: (Score:3)
NSA has customers?
Not any more.
They probably do have "customers", in a sense: foreign governments with whom they've made deals.
I would like to answer the question asked in OP, though: SSL has weaknesses, but they are not related to this.
Re: (Score:3)
I think they'll even lose their government contracts, as they know there's no honour among thieves. As for SSL and most of the rest of RSA's business, there are better open solutions. Not packaged as nicely, but available.
Re: (Score:3)
I think they'll even lose their government contracts, as they know there's no honour among thieves. As for SSL and most of the rest of RSA's business, there are better open solutions. Not packaged as nicely, but available.
I bed they don't. They (the NSA) will instead get funding boost to "make reforms".
Comment removed (Score:5, Insightful)
Re:RSA sold you out (Score:4, Insightful)
1. For preserving randomness from independent sources, multiplication and division are rarely useful. These operations at times reduce randomness - take for example, the well known, multiplication by zero. Otherwise what was very good randomness, is destroyed. Even multiplication by a very small number takes away much of the randomness derived from other sources. If a Slashdot topic is not conducive to AC posting (or any posting at all), there goes all other randomness in the bin.
Similarly division - division by large numbers have similar effects as multiplication by small numbers.
XOR is typically better. But then one has to be careful that the "independent" sources have very low correlation - otherwise probability of zero bits increases drastically.
2. You need random, and you need it quick. The hunger of modern computer systems is difficult to satiate simply by the sources you suggest - at least initially. E.g., if you want to download all these figures from the internet, would you want to download such sensitive stuff in plaintext ? Of course not, you need SSL. For SSL, you need random. So you are stuck with good quality hardware RNG for best results, bad quality randomness without that, or depend on system entropy.
Once you get SSL, you could store lots of random numbers, but then you get into the problem of people / attack vectors trying to read that store. Performance vs. non-storage is a tough problem to solve.
The RSA they use is different from the RSA we use (Score:5, Interesting)
NSA has customers? Surely not the voters
The other intelligence agencies within the government are considered "customers" of NSA products.
You guys have missed one important aspect of the RSA operation.
NSA gave RSA 10 million to weaken/broken the RSA encryption that they sold to US. The "US" here means the non-NSA non-GCHQ based customers.
And spook agencies such as NSA themselves do need to encrypt their OWN secret files too, and surely they are not that stupid to use the same weaken and/or broken encryption algo on their own files.
In other words, NSA and GCHQ (and some of the "trustworthy" spooks from the other 3 countries in the "five eyes" pact) do employ RSA in their day to day encryption, but THEIR version of RSA is the unbroken/unweaken one - unlike the broken version that the RSA sold to the rest of the world.
Re: The RSA they use is different from the RSA we (Score:3)
How sweet a victory would it have been if RSA had "accidentally" swapped said weakened & hardened encryptions, resulting in the NSA using the compromised method while the rest of the world continued to humm along as usual?
*EMC Corp* now (Score:5, Interesting)
They're owned by EMC now, all that data held on EMC kit and in EMC 'clouds' secured by RSA software. Or rather *not* secured by *NSA* software so the NSA can break in easier.
Wow, that is trillions in damage even before we get to the criminal law book.
TYPO: you mean RSA sold out its customers (Score:5, Informative)
TYPO: you mean RSA sold out its customers
Voting systems too. (Score:5, Interesting)
A while back Ron Rivest (the R in RSA) announced the Three Ballot cryptography for voting systems which was touted a system that would let voters check if their ballot was counted without jeopardizing the anonymity of the secret ballot. The really cool thing about it was that the crypto was a one-way system without any key at all. So it seemed to be uncrackable since there was no trusted key-keeper.
Shortly before the publication was accepted, Andrew Appel at Princeton University and Charles Strauss at Los Alamos National Laboratory published articles showing it was invertable and not anonymous in practical election situations.
http://www.cs.princeton.edu/~appel/papers/DefeatingThreeBallot.pdf [princeton.edu]
http://www.cs.princeton.edu/~appel/voting/Strauss-ThreeBallotCritique2v1.5.pdf [princeton.edu]
Imagine if that had been adopted... Sort of makes you wonder about everything RSA has touched including SSL.
Re:Voting systems too. (Score:5, Informative)
That's a tiny number (Score:5, Insightful)
Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.
Re:That's a tiny number (Score:5, Insightful)
Considering that this kind of revelations could cause massive exodus of all RSA's non-US (and many US) customers, that's a surprisingly low number.
A massive exodus to where exactly?
When an organization like the RSA can be bought, what in the hell makes you think the rest aren't too, regardless of country.
Re:That's a tiny number (Score:5, Insightful)
Re:That's a tiny number (Score:5, Insightful)
if you want security, don't buy anything from US companies
I'm both sad and PISSED OFF that the nsa has fucked america in such a way.
this has clearly hurt (and will continue to hurt) our economy.
isn't the current theme "its the economy, stupid!" ?
if so, then we really should make the nsa pay for this loss of stature in the world, loss of trust and loss of business.
dare I say it, its border-line treason. there should be mass jailings for all who had anything to do with SEVERLY DAMAGING OUR ECONOMY in this way.
Re:That's a tiny number (Score:5, Insightful)
released every fucking piece of information
That just isn't true. The news outlets he dealt with have been slowly releasing only the most damning documents in a highly redacted form. Thus far, while some programs have been reported on the basis of these documents, no operational or functional details have been revealed - only generalities.
Re:That's a tiny number (Score:5, Insightful)
> In fact, I would have to assume that some foreign governments have already retrieved the entire treasure trove of information because news outlets aren't experts on data security.
I'd assume some foreign government have already retrieved the data before that because the NSA aren't expert's on data security (as shown by said leak).
Re:That's a tiny number (Score:4, Insightful)
Without Snowden, there would be no reform. Hating Snowden and being critical of the NSA are mutually exclusive -- there literally was no other option. Look at how things turned out for Drake, Biney, and Tice and look at how much legislative/judicial change their actions brought about by going through correct channels (hint: zilch although AT&T did get immunity).
The Executive branch is so fundamentally corrupt, it is incapable of policing itself and the only way change can occur, is from without -- that change can only come when the public actually knows with certainty what is going on. Critics of the NSA have always been subject to being labeled foil-hatters ... but when the assertions are documented, that doesn't work. To get to this point, we needed a Snowden.
So, a big thank you to Snowden and if you can't figure that out, a big fuck you to you.
Re:That's a tiny number (Score:5, Insightful)
what makes you think that foreign Governments didn't have already access to the information?,
if Snowden could get access so easily to so much without getting noticed, what makes you think any state couldn't have just easily bribed any other sysadmin and kept getting the same info?
You should really question the NSA security policies, for an organization which infiltrates networks regularly to have such poor security is appalling.
Surprisingly that doesn't seem to come up in this whole dialog about Snowden leaks. Everyone seems to think NSA is some all knowing efficient organization, the perfect big brother.
To me it seems they are woefully incompetent in even keeping basic access control policies in place.
Before anyone starts explaining about how it is difficult not to give root access to sys admins etc, it is not exactly rocket science to have peer reviewed access control polices even for sys admins, and alert systems in place depending on the amount of data being accessed over a period of time etc. if I think of 5 different measures of the cuff, I am sure any serious security consultant worth his fees should be able to do much much better.
I cannot stress this enough if a company losses data like this as happening fairly frequently these days, while worrying, I can on some level understand that it is not their core business, and perhaps they didn't spend enough on security and missed a step or two, but for an organization whose main objective is to do break into networks, this is plain stupid.
Re: (Score:3)
Those alert/logging systems only work if users are accessing data through the normal expected ways, they are useless if someone boots the server storing the data from a livecd, or pulls the backup tapes, or any number of other ways.. If you have physical or superuser access to a computer you can always subvert any software based access control that's in place on that device.
In many cases i've seen while there may be a web based system for accessing the data which has all manner of access control and logging
Re:That's a tiny number (Score:5, Insightful)
What they don't have their shit together on is being Americans. They're violating the Constitution, breaking the highest law in the land. That makes the NSA one of the largest traitor organizations in the world.
I wish every non-whistleblowing NSA employee, terminal cancer in the new year. And for bootlickers like you, syphilis.
Re:That's a tiny number (Score:5, Insightful)
"I don't pay the fucking news outlets to guard my country's secrets."
No. You pay them to guard your rights and freedoms.
Re: (Score:3)
He release EVERY FUCKING PIECE of information he had.
Doesn't matter how many times you say it, it's still not going to magically become true. He didn't.
Re: (Score:3, Insightful)
Stop with the bullshit. I'm not sure if you're a shill or just a retard, but either way, nobody actually is going to believe such nonsense.
Normally that would be considered treason and espionage
No. No it wouldn't. There's a very good reason that Snowden isn't wanted for treason. That's because it doesn't even come close to fitting the fucking definition. You might as well "consider" it grand theft auto; those two are about equally as accurate to reality.
Don't forget extortion and blackmail as well with the encrypted data blob handed out.
Oh, you mean the NSA plan that was exposed where they specifically intended to use the information they gathe
Re: (Score:3)
Re:That's a tiny number (Score:5, Insightful)
Actually, Snowden is the one who damaged the economy
"that's just, like, your opinion, man."
its not a truth. its just you being an asshole. or a troll. or both.
a whistleblower to does not let illegal and immoral acts continue is NOT the one at fault. if you can't see that, you're the one who needs correcting.
anyone saying that snowden (the messenger) is at fault IS a bootlicker and THAT is a truth you cannot deny with a straight face.
Re:That's a tiny number (Score:5, Informative)
Well, there's a Federal Judge who just ruled that they engaged in unconstitutional actions and there was a panel of hand-picked sympathizers who just came out with a report that they're breaking the law (nobody expected anything but whitewash -- when the totally owned lackeys still criticize the NSA, you know there's serious shit going on).
Here's Judge Leon's decision:
https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0851-48 [uscourts.gov]
The real meat starts at page 43, heading i. What is really wonderful to see, is how J. Leon eviscerates the Smith v. Maryland case, the case upon which all the NSA's masspionage is based. He distinguishes it and limits it to its facts -- it will be great to see that pillar of the Third Party Doctrine die like it deserves.
Re: (Score:3)
There's a long enough list of abuse of the position of both Bush Presidents without going after granddad for what he wanted to do but couldn't.
Re:That's a tiny number (Score:4, Funny)
I trust the Cub Scouts completely.
Hell, I buy my weed from one.
Re:That's a tiny number (Score:5, Insightful)
Re: (Score:3)
Link in "summary" no longer good. Try this one:
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 [reuters.com]
Re:That's a tiny number (Score:4, Interesting)
That statement stands on its own. $10M? For a company (well, a division of EMC, anyway) whose very existence depends on their reputation and ability to keep secrets safe?
As much as I damn both the NSA and corporate greed in general, I find TFA borderline unbelievable. Now, I find it a lot more believable that the NSA "paid" $10M plus a "gentleman's agreement" to allow the children of the entire executive board of EMC to continue taking in oxygen from the atmosphere...
Re: (Score:3, Interesting)
$10M? For a company (well, a division of EMC, anyway) whose very existence depends on their reputation and ability to keep secrets safe?
RSA was an independent company at the time, and quite small. This was probably a significant deal, especially for the government division.
Plus I believe TFA (can't reload it now) said it was handled by the executives directly; the technical team was not involved. So Jim Bizdos may not even have understood what he was getting into. For if he had I would bet he would have asked for more....
Re: (Score:3)
The $10M is just to compromise the order of the preferred algorithm to use. That this was insecure was blatantly obvious, and the MS researchers pretty much proved it right away.
Next year, we'll find out the real number they paid to compromise the other supposedly secure algorithms.
RSA Stock (Score:5, Interesting)
RSA is publicly traded, is it not? Reuters is giving them a full weekend to come up with a PR response before the markets open on Monday.
-Also, that wasn't my initial reaction. My initial reaction was to pick my jaw up off the floor. And I thought it couldn't get much worse. Edward Snowden for man of the year.
Re:RSA Stock (Score:5, Informative)
RSA is publicly traded, is it not? Reuters is giving them a full weekend to come up with a PR response before the markets open on Monday.
RSA Security, Inc. was acquired by EMC Corporation (http://www.nyse.com/about/listed/lcddata.html?ticker=emc) in 2006 and is now a division of EMC.
Re: (Score:3)
oh, that figures! emc is a bunch of asswipes. what I saw during an interview there made me walk^H, no, run away from that place.
Re:RSA Stock (Score:5, Interesting)
oh, that figures! emc is a bunch of asswipes. what I saw during an interview there made me walk^H, no, run away from that place.
Did you see what they did to the inventor and founder of VMWare? They paid her only 6 figures with no fucking stock options..?!
When she complained and threatened to sue they fired her. They said .. but but we have her a 100k a bonus! Meanwhile the CEO of EMC got huge bonuses from vmware revenue.
What douchbags. I got angry and wished she would ahve hired a better lawyer before the acquisition. But her investors forced in and EMC took advantage. They are greedy self centered assholes.
"We have established what you are, madam. ..." (Score:5, Insightful)
"... We are now merely haggling over the price."
Oh, no, wait, it's $10M.
(apologies to George Bernard Shaw)
P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).
Re: (Score:3)
Oh, no, wait, it's $10M.
More like, 10 million pieces of silver . . . if this is true . . .
Re:"We have established what you are, madam. ..." (Score:4, Insightful)
10 million pieces of (Judas) silver would be about 5 million troy ounces.
That works out to $97,000,000 USD at current exchange rates.
RSA definitely got cheated by not insisting on 2000 year old silver as their payment.
SSL Security (Score:5, Informative)
"If the NIST curves really are broken (as has been suggested for years), then most SSL connections might be too, amirite?"
No. SSL doesn't specify the method to produce random numbers. Why would it? The NIST method is very very slow, so I'd be surprised if any browsers or servers used it as the random number source.
Re:SSL Security (Score:4, Insightful)
The article submitter (or maybe the Slashdot "editors" and I use the term loosely) probably just wanted to link whore by playing a game of Madlibs and associating anything related to cryptography and the big-bad NSA. The elliptic curve thing.. that people already assumed was flawed in 2006 years before Snowden became cool and that nobody used*... is *not* how the NSA would operate if it wanted to be *effective* at spying on everyone.
Remember kids: Snowden said that the NSA hates it when you use cryptography. If the NSA could just click a button and decrypt everyone's traffic, then they wouldn't have gone to the major expense and risk to bypass the encryption that Google/Yahoo/etc. were using, now would they?
* No really, nobody used it. Try to do anything with that RNG in OpenSSL and guess what... your program segfaults because in 7 years nobody even did rudimentary unit tests of the code, much less tried to do anything with it.
Re:SSL Security (Score:4, Informative)
Nobody used? Try a ton of people used.
Commercial products that must be FIPS certified tend to use libraries like BSafe, not OpenSSL. OpenSSL has received FIPS certification, but it's really difficult to ship a product using OpenSSL and keep that certification, because FIPS certification is not just about source code and algorithms.
And I doubt RSA was the only company the NSA approached to use Dual_EC_DRBG by default. I know for a fact that it's used in several other commercial products. And because it's so slow and so suspicious, it's reasonable to believe that these companies were coaxed to use it, too.
Not a surprise, but still... (Score:5, Insightful)
Re:Not a surprise, but still... (Score:4, Insightful)
I mean, what the FUCK? The land of freedom and liberty. That's what I was always taught.
And now you know why they were so careful to teach you that. Because it's a lie. You see, the easiest slave to control is one who doesn't realize he's a slave.
Re:Not a surprise, but still... (Score:5, Insightful)
I cringe every time I see elementary school children reciting the pledge of allegiance.
Start them young...
Re:Not a surprise, but still... (Score:5, Insightful)
The Pledge is an affront to all that school stands for. Unthinking obedience simply isn't compatible with intellectual growth or rational questioning. Obedience to a nation is also incompatible with the international semi-borderless worlds of science and art. Neither paints nor positrons have any respect for local laws or political boundaries. Boundaries exist to maximize the benefits within and minimize contagion from flawed systems, the notion of "loyalty" to any standard is relatively modern as society goes and has been a failure from start to, well, it hasn't finished yet but it's time for philosophers to stop poking at their navels and start thinking about metanations and paranations, how to draw on what has always worked (cooperation across strengths) to derive a notion that is functional, rational, sane and likely to (as an early Megadeth noted) work this time.
Re:Not a surprise, but still... (Score:5, Insightful)
Even ignoring the highly questionable aspects of the pledge which you carefully omitted from your quote, nationalism is just the grotesquely overgrown brother of tribalism, itself a badly flawed concept. At least within a tribe, it's hard to keep secrets or conceal abuses of power. It still promotes an unthinking herd behavior, a sense of "us vs. them, and clearly they're worse than us or they'd be part of us". At the national level, it fuels wars and xenophobia. It is the tools of propagandists and of those who would re-write history and get away with it (as you yourself noted, with regard to Jackson).
I find it disgusting that a nation which arose out of a rebellion against government mistreatment tries to brainwash its children into giving their allegiance to anything so inherently flawed as a human government. Would you have supported colonial children in the 1770s being required to stand up every day in school, and swear allegiance to the Union Jack, and the monarchy for which it stands? Do you think it's cool that there are probably kids right now swearing their allegiance to the People's Republic of [Korea|China|the Congo|whatever] and the glorious freedom and representation that their government bestows upon them?
Liberty and justice for all? Give me a break! Pure propaganda, and you don't even need to be *that* smart or well-educated to see it for the lie it is; you just need to start from the assumption that the American Way is *not* The One True Way, and look up some facts. Facts like per-capita prison population, or the breakdown of said population relative to the populace at large. Facts like the mere existence of places like Gitmo. Facts like the government's treatment of Snowden, and their hasty effort to scrub from their websites, etc. all mention of the Obama administration's moral and righteous promises to protect and support whistleblowers. Or how about the states where gays, or transgender people, are forced to live as second-class citizens (and, in a handful of very backward parts of the country, criminals)? The very concept that there exists "one nation, under God, indivisible, with liberty and justice for all" is a tremendous lie. Teaching our children that such a thing not only exists, but that they live in it; forcing them to chant those lines every weekday of their young lives to the point that they absorb it before they're even old enough to know that sometimes the things you're taught are wrong? That is beyond the pale. It is despicable and deplorable.
Now, actually pledging liberty and justice, that's not so awful. It should still be taught as a *concept* and not as a mantra, but pledging to protect liberty and promote justice is a noble and virtuous thing to say. Too bad that's nowhere in the pledge of allegiance as it stands today, though. No, we were told to pledge allegiance to a flag and a nation, not a concept. We didn't even pledge to uphold the constitution, the way so many civil servants are required to do.
Hardware vs. software implementation...of slavery (Score:3)
You see, the easiest slave to control is one who doesn't realize he's a slave.
"Totalitarian" governments control their populations physically, with chains, clubs, physical restriction. "Democracies" control their populations mentally, with imagery, thoughts, mental restriction.
They're both the same process - one implemented in hardware, the other in software.
Re:Not a surprise, but still... (Score:4, Insightful)
Re:Not a surprise, but still... (Score:5, Interesting)
The very word "secrecy" is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it.
Re:Not a surprise, but still... (Score:5, Insightful)
... And now my FUCKING GOVERNMENT is doing pretty much anything you can conceive of in the name of spying on everybody including the people of the United States. ... I lower my head in FUCKING SHAME as to what has become of this country.
That's exactly how I feel. But, if our representatives in the Federal government no longer seem to be on our side, that's because they aren't. They don't work for us anymore: they work for their donors. Among the latter are a collection of corporations (e.g. Booz Allen Hamilton) that make up some 80% of the NSA. The problem is that the executives of those companies have learned that giving large political "donations" to key politicians is probably the best kind of investment they can ever make. As a result, the politicians involved have become heavily dependent on these companies in order to get re-elected and will do anything they are asked in order to keep those donations coming. Every other civilized country recognizes this as corruption, and we used to as well, but unfortunately our laws now say it's legal.
If you understand this, then you know there is only one solution to this problem: we urgently need to get big money out of politics.
How can we do that? It would be difficult to do in any other country, but the United States Constitution happens to include Article Five [wikipedia.org], which describes an alternative process through which the Constitution can be altered: by holding a national convention at the request of the legislatures of at least two-thirds (at least 34) of the country's 50 states. Any proposed amendments must then be ratified by at least three-quarters (38 States).
Are we using this yet? Yes we are! WOLF-PAC [wolf-pac.com] was launched in October 2011 for the purpose of passing a 28th Amendment to the U.S. Constitution that will end corporate personhood* and publicly finance all elections**. Since then, many volunteers have approached their State Legislators about this idea and their efforts have often been met with unexpected bi-partisan enthusiasm! So far, 50 State Legislators [youtube.com] have authored or co-sponsored resolutions to call for a Constitutional Convention to get money out of politics! Notable successes have been in Texas, Idaho and Kentucky.
But, if the State Legislators are also corrupt, why are they helping us? Well, maybe they aren't as corrupt as you think. But even if they are, the important thing is that they seem usually to be just as fed up with the Federal government as we are -- so much so that they are quite often happy to help out with this effort. After all, it's a pretty simple proposal that speaks to Democrats and Republicans alike.
.
*) The aim is not to end legal personhood for corporations, but natural personhood. The latter became a problem following the Citizens United v. Federal Election Commission ruling, which grated some of the rights of natural persons to corporations and makes it easier for them to lend financial support to political campaigns.
**) At the State level, more than half of all political campaigns are already publicly financed in some way, so there's nothing strange about doing the same for political campaigns for federal office.
Re: (Score:3)
Re:Not a surprise, but still... (Score:5, Insightful)
No. US citizens are not under any real threat, either short term or long -- at least, no threat that isn't in the end posed by our government itself. What the NSA is doing is attempting to shore up the government, which, frankly, I'm beginning to feel would be better off being replaced by people, almost *any* group of people, who simply understand that it is not acceptable to break one's oath, and that the oath to the constitution is designed to, and should, ultimately govern all of our legislation.
Re: (Score:3)
You''ll probably also want to make sure that those people know where the borders are and that 'checkpoints' a couple of hundred miles inland are also not acceptable. As the GP said, WHAT THE FUCK has happened to the US.
Re: (Score:3)
Re:Not a surprise, but still... (Score:4, Insightful)
...What the NSA is doing is attempting to shore up the government...
Slight correction: What the NSA is doing is attempting to shore up the ruling class. As far as U.S. citizens are concerned, the NSA is merely a "peacekeeping" tool in this regard.
Re:Not a surprise, but still... (Score:4, Insightful)
To pretend that the USA is not facing multiple existential threats every day is naive and childish. While I agree that the NSA has become a rogue agency and needs badly to be reigned in, denying that threats exist is not the way to start a reasoned argument for something better, something that is in keeping with the constitution and at the same time acknowledges that multiple, severe threats are always directed at us.
Existential? Come again? The threats which *could* threaten the existence of the US all come from the government and their corporate overlords as they loot the country. Please.
Re:Not a surprise, but still... (Score:5, Interesting)
Not really. The NSA costs more to run than the national debt. Closing it would be one of the most cost-effective ways to save the nation from bankruptcy. Not that the US is anywhere near close. It will be, if it continues to not spend on the arts and sciences, but economies can remain entirely stable when running 110% of GDP, at least for a few years. Nations aren't like personal bank accounts and you cannot run economies as if they were private budgets.
At this point, the NSA has cost the economy not only its own expenses but billions in international trade (plus interest spanning decades), but can produce no evidence of any benefits. Skipjack is broken, as was SHA-0 (the NSA version of the algorithm). Cryptologists ignored Skipjack once it was determined to be faulty and spent a fair bit of time fixing SHA. These are additional costs, created almost certainly as a result of deliberate breakage by the NSA (it's either that or they're incompetent, take your pick).
When you have something very expensive with no direct or indirect return, you generally term it a failure. When something fails on that scale when your economy has been crippled by neocons and kept defunct by Tea Partiers, the sound fiscal move is to cut losses. When a ship is struggling to stay afloat, you dump the deadweight. The NSA is deadweight until or unless it can show value for money.
Re:Not a surprise, but still... (Score:5, Insightful)
The NSA is doing everything it can to save your ass.
No, fuck you. You do not save this country by pissing on the document that created it. Violating the trust and privacy of the citizens is not the way to save them. This country was made great by holding to the standards of freedom and justice, although there were missteps along the way. But we tried to hold firm to that which made us great.
But lately it has been acting like a scared child jumping at shadows in the kitchen. They have been selling everyone out and violating every protection in the constitution. All for NOTHING. There is no boogy man in the closet, no monster under the bed. The greatest enemy this country faces right now is this "War on terror", because it is destroying us faster and more thoroughly than anyone else could ever hope to do. And apologists like you are helping them right along.
Re:Not a surprise, but still... (Score:5, Insightful)
This country was made great by holding to the standards of freedom and justice,
lol
They teach you that in grade school? Where was the freedom and justice for the natives, or the slaves, or the women, or the non-Protestants? Where was freedom for the interned Japanese, or justice for people accused of Communism during the red scare? Where was the freedom and justice for all the South Americans and Middle Easterners, as they were ruled by our blood-thirsty puppets?
Fuck, was there ever even a single ten year period in which this country "held to the standards of freedom and justice"?
No. There never was. This country is great because it was founded by people who could easily slaughter their only nearby opponents. It's great because after slaughtering the natives, there were ample resources to go around. It's great because our ancestors were immoral enough to build an economy on the backs of slaves, and later on the backs of immigrants who worked themselves to death in hopes of attaining a wealth that none would ever see. It's great because we were left nearly untouched while the rest of the developed world was bombed to ash during WWII. It's great by accident.
Don't blame the NSA for ruining the Land of the Free. That place never existed outside of storybooks. Reality has always been a lot messier, you're just noticing it for the first time.
Re:Not a surprise, but still... (Score:4, Interesting)
Where was the freedom and justice for the natives, or the slaves, or the women, or the non-Protestants? Where was freedom for the interned Japanese, or justice for people accused of Communism during the red scare? Where was the freedom and justice for all the South Americans and Middle Easterners, as they were ruled by our blood-thirsty puppets?
Fuck, was there ever even a single ten year period in which this country "held to the standards of freedom and justice"?
As a naturalized citizen of the United States of America, who originally came from China, back in the 1970's, I do need to speak up on this issue.
Yes, you are right. America does fall short of its ideal, of keeping the freedom and liberty for EVERYONE.
But then, what you are trying to get at is a utopian IDEAL that will never exist in the real world that you and I are living in.
The OP has already said that there were several mis-steps along the way - and as a non-Anglo, I can attest to the fact that the America that I used to know, the pre-1993 USA (before the Waco, Texas incident) was a country which was trying to achieve that ideal, however impossible the target turned out to be.
After the Waco incident, things gone south.
I am speaking as a non-native, non-American born, an observer from the outside.
Re:Not a surprise, but still... (Score:5, Interesting)
Maybe if the government spent less money on intelligence, data collection, spying, law enforcement (war on drugs, war on "illegal" fireworks, war on "terrorists" etc), fancy expensive military hardware, bailouts/handouts/subsidies/etc for the big end of town etc and either spent less in total (shoring up the budget) or spent that money on things designed to stimulate the economy and produce stable long term economic growth, the US wouldn't be in so much trouble.
Catastrophic (Score:5, Insightful)
Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.
No RSA product can ever be trusted again.
Re:Catastrophic (Score:5, Insightful)
Wow. With one single contract, RSA just destroyed their whole business. A company in the trust business cannot allow themselves to lose their customers' trust.
No RSA product can ever be trusted again.
Except that RSA destroyed their whole business a couple of years ago when it was found that they'd left the root keys for their SecureID tokens on an unsecured, network-connected machine. After that no one could trust them again.
But people did, and they'll continue doing so after this, watch and see.
Regarding the anonymous reader (Score:5, Interesting)
TLS's current big problems are: /") by a Nation State Adversary in real time; NSA secretly control PCI DSS standard and used the excuse of the BEAST attack (CVE-2011-3389) to push RC4 as solution for PCI compliance, instead of TLS 1.2
- RC4, which is actually crackable given a few bytes of known-plaintext prefix (like "GET
- The CA PKI letting any CA impersonate any and every site; we need at minimum certificate transparency, DANE, and maybe something more
- The unencrypted ClientHello, which is what makes the FLYING PIG metadata trawling possible (nothing you couldn't do with Snort, in fact, it IS done with Snort)
All of these are going to be addressed by the TLS WG going forward: most urgently, RC4, which will be replaced with djb's ChaCha20_Poly1305 ciphersuite, courtesy of agl (live on Google servers and with Chrome dev and canary builds right now). More secure than AES-128-GCM or AES-256-GCM, I think - certainly has a higher security margin against both confidentiality and integrity.
The problem of the curves is a big problem, but what makes those curves (specifically Jerry Solinas @ NSA generated the SHA-1 hash seeds for Certicom) bad is mostly implementation choices: bad random numbers for DSA & ECDSA (hello Sony attack), which this subversion massively helps with, and non-constant-time addition ladders and lack of curve point validation, which can result in practical timing attacks and partial key disclosure leaks. djb & Lange already have a group of Safecurves which avoid all of these attacks and which are incidentally incredibly fast, and EdDSA's nonces are deterministic so no entropy needed during signatures, only keygen.
Oh, and - in similar news, which in other circumstance, I would have submitted, and might if for some crazy reason this gets ignored by the IETF chair, but I doubt it - there have been strong calls for the head of the co-chair of the crypto advisory board at the IRTF. He (openly) works for the NSA, which is now clearly a conflict of interest, and we caught him pushing a similarly-backdoored PAKE standard, which the TLS WG resoundingly rejected.
http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html
Re: (Score:3, Informative)
djb's funded by a NIST grant or two, but they're actually furious that, for example, he's running a crypto competition without telling them. Dude is a professor with tenure, and does what the fuck he wants, and is a great example why such things can sometimes be brilliant for science. (There are plenty of people who don't like him because of his personality and penchant for unusual decisions, but these decisions are often for very sound reasons.) I've checked his stuff out extensively, and this is great.
Sim
seconded. DJB won't do what he's told (Score:4, Informative)
> Dude ... does what the fuck he wants, and is a great example why such things can sometimes be brilliant for science.
> (There are plenty of people who don't like him because of his personality and penchant for
> unusual decisions, but these decisions are often for very sound reasons.
Having had the honor and the curse of working with him, I whole-heartedly agree.
Daniel J Berstein can be counted on to never do what anyone tells him to do.
It's rather annoying. It makes him hard to deal with, and it means if NSA asked him to do something he'd almost surely do the opposite - loudly.
Re:Let me say this from Germany: (Score:4, Informative)
We can't really recommend RSA 3072 bits now, 4096 for being safe. We're approaching the limits where RSA is going to become prohibitively slow - same for standard D-H. If we need more security but keep similar mechanics, representing the discrete log algorithms with a different field is definitely the way to go.
As far as practical quantum computers, it's hard to predict timescales. They'll probably mash all discrete log and polynomial/factoring algorithms into pulp - but we don't have any reason to suspect any NSA is THAT far ahead. That would be a phenomenal cryptanalytic and mathematical advance. I'd estimate we still have 20 years, but I'm plucking numbers out of the air here.
As far as post-quantum encryption goes, we're looking too far ahead, it's not developed enough yet to have anything good to switch to. Hash-based signatures which are a possibility, but two-key ciphers are a big problem: the few which have been proposed are often based, on, say, lattice algorithms (such as NTRU, although I have a hunch the NSA have a hand in that one, purely because it's a public key standard, it's American and it's patented; it's had bad security reviews too, with some key leakage with signatures) and linear codes (like Goppa codes with McEliece signatures, the drawback of these systems being the keys are REALLY BIG). Worst, we don't have any proof quantum computers are actually bad at solving these either: in fact, I think they ought to be really good at solving lattice algorithms, we just don't have an algorithm that we know of that would allow them to do it yet. We need another decade's research; we need something to switch to FOR that decade, first.
Yes, using TLS 1.2's AES-128-CCM or AES-128-GCM or CAMELLIA equivalents or something would have been more rational. That's why NSA convinced PCI DSS to recommend RC4.
I wouldn't recommend Blowfish nowadays, not when Twofish exists, at least. And 3DES? No. Way too old and creaky. Didn't you want to use a cipher they hadn't co-designed?
Re:Let me say this from Germany: (Score:5, Interesting)
Google has an interest in proper encryption. They can only sell your data if the potential buyer cannot acquire it without paying them.
Sigh.
Google does not sell data, at least not in any form other than anonymized and aggregated, and not very much even that way. Google makes money from using your data itself (to target ads to you), not from selling it to others.
FWIW, I work for Google, on crypto security stuff, and Google does have a strong interest in proper encryption, because it's the right thing to do. It allows people to control their data. With respect to Google's business, Google would like you to choose to provide your data because you think it's a good trade for Google's services, but wants you to have the ability to make the choice not to provide your data. To anyone, if that's what you want.
Re:Let me say this from Germany: (Score:5, Insightful)
All the successful companies do U-turns to stay in business. Bill Gates did a U-turn on the Internet, Steve Jobs did a U-turn on the iPhone. IBM did several U-turns in its long history, they didn't even make computers when they were founded. And that's just U-turns, then there's acquisitions. When Larry Ellison buys Google in the next 10 years, do you think he'll have any qualms about selling peoples' data to anybody?
Google is Evil because they Built The Dataset. This data is so valuable and comprehensive, and the pioneering of the techniques to do it over and over again, ever more efficiently and cheaply, that people without scruples want it now, will want it in the future, and will eventually control it. That it certain, and you helped make it happen.
Slashdot or Twitter? (Score:4, Insightful)
"amirite?"
This wouldn't have been posted 10, or even 5, years ago. I don't want to see it. Please don't lower your standards.
Treason and crimes against humanity (Score:5, Insightful)
I'm assuming for the moment that this evidence is, in fact, legitimate. Given how heinous the NSA's actions have been lately, it seems completely in character, which makes that likely a safe assumption. However, just to give them the benefit of the doubt, everyone involved should receive a fair trial. With that said, everyone involved should be tried for high crimes against the United States and its allies. These are accusations of very serious crimes.
Deliberately compromising the secure communications of hundreds of millions of computers all around the world just so a bunch of pencil-dicked asshats can play their little spy games goes so far beyond unconscionability that it borders on a crime against humanity. Such ends-justify-means thinking is fundamentally incompatible with any form of liberty or justice. Our data is fundamentally easier to crack not just by our own government, but also by organized crime syndicates, foreign governments, and even terrorist groups. In all likelihood, even military communications gear is less secure, which means our troops are at elevated risk during a time of war as a direct result of their actions. That's treason, even by the absolute strictest definition thereof. Further, such deliberate weakening of crypto endangers the lives of dissidents in countries with oppressive regimes, many of which are considered our enemies—an act that could also be considered treason.
Their actions, if true, clearly constitute providing material support to terrorists and treason by means of providing material aid to our enemies in a time of war. Therefore, according to U.S. law, everyone involved should be immediately treated as enemy combatants, deported to an appropriate holding facility outside our borders—preferably the one affectionately known as "Gitmo"—and tried before a military tribunal.
In addition to prosecution of individuals, there should be consequences for the groups involved. RSA should be immediately dissolved and all its assets destroyed. Further, at this point, it should be abundantly clear to anyone with even the slightest understanding of crypto that nothing short of the complete and total elimination of the NSA and a constitutional amendment clearly and plainly banning any similar organization from ever existing in the future can even begin to restore trust in cryptography and computers. That organization is fundamentally malevolent, and its very existence is inherently incompatible with the very concepts of security and privacy. No matter what successes they may have had, nothing can possibly even come close to justifying such a heinous breach of the public's trust.
How is this not criminal fraud on RSA's part? (Score:5, Interesting)
Re:How is this not criminal fraud on RSA's part? (Score:4, Insightful)
There is probably some secret law hidden deep in a drawer in the far corner of a dark dungeon that legalises this specific contract.
Re:How is this not criminal fraud on RSA's part? (Score:4, Insightful)
If necessary, I am sure the Congress will grant retroactive immunity from lawsuits over this, just like they did with AT&T over the warrantless wiretap scandal. Justification: national security.
New Strategy (Score:3)
They didn't know! (Score:5, Insightful)
"They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption."
Right, the NSA, known to be codebreakers, paid them $10M to include their "special" algorithm, and no one had any idea that it could be compromised. Right. Why else would they pay them to use it?
Re:They didn't know! (Score:5, Interesting)
A different era. They might have actually thought the NSA were honestly helping. Back then the NSA was probably perceived as being as much about hardening encryption as breaking it.
Re: (Score:3)
If it was better, why would the NSA have to pay them to use it?
Re: (Score:3)
Probably even more so. Remember, for example, DES; the NSA modified the candidate cipher that become DES in a way that many people thought weakened it. Instead, it strengthened it, adding protections against a cryptographic attack that the civilian world would not even discover for years to come. When that technique came to light, and it was discovered how much more vulnerable the pre-NSA version of the then-most-common symmetric cipher suite was than it would otherwise have been, the NSA was hailed as the
This Is Not Acceptable. (Score:5, Interesting)
I've followed the Snowden releases, curious as anyone else as to the ways and means of the NSA. Until now, the only real 'news' for me was the incredible scope of the NSA's reach and their staggering, seemingly unlimited budget. But this crosses the line. This little stunt has mammoth, wide reaching and enduring ramifications. This is beyond just storing "metadata", hooking in to Google's pipes or recording German heads of state. This action by the NSA is egregiously unethical on so many levels. There is no legitimate justification for intentionally weakening security of this nature. They might as well have gone to Schlage and told them that, from now on, they may only build deadbolts out of cheap low-grade plastic with a faux metal finish.
The actions of the NSA carry immense potential risks for millions of people. Exploitation of the RSA weakness could lead to completely unnecessary breaches of privacy, political manipulation, loss of safety or financial loss. All in the name of protecting the country. The burden of risk created by weakening RSA is ultimately placed largely on the public. What benefit do we gain from this?
This is not how I want my country to be governed
It's not the crypto, it's the RNG (Score:5, Informative)
Having worked with pre-2000 versions of RSA BSAFE, the thing that the NSA paid RSA to do was to change the default selection of the random number generator with a weaker one. Nobody had to use the default version--it was just picked if you didn't specify one (or a callback to your own RNG). We had our own multi-threaded rendezvous noise generator thing since this was back before hardware entropy engines.
Oh, and before that, the NSA had unsuccessfully tried to get RSA to tell people that 512-bit keys were safe enough. It wasn't successful mostly because the old guard was still running the company then.
NSA gave them an offer they could not refuse. (Score:5, Interesting)
The sum of money does seem low, but when an agency like the NSA
comes calling, I have a feeling that it they make you a proposal you
cannot refuse.
(Or you can do what Lavabit did, and just shut it down)
Re: (Score:3)
Yes, it was small. But in terms of secure comm, I'd bet that his (PZ's) last release before they busted him, PGP-2.6.2, is probably more secure than any release he has made since.
But really, I think as far as the American Public is concerned, the horse is out of the burning barn now and the NSA as we know it, is likely not to exist 2 years from now.
Just how long do you think RSA will last when its known they sold out? They are supposedly in the business of selling security, and they just sold the family j
Comment removed (Score:5, Informative)
Former RSA employee (Score:4, Interesting)
I am appalled.
RSA had, for a long time, an antagonistic relationship with the NSA; we wanted to push good crypto to the world, and the USG felt otherwise.
I knew the people involved, and I don't think any of the original RSA Labs (which was what the RSA Data Security Inc people became) would have compromised their integrity in this manner. What's more, BSAFE (the SW library compromised), became more or less a dead duck after 2000, when the patent on the RSA algorithm expired; free libraries such as BouncyCastle became much more viable.
After RSADSI was bought by Security Dynamics (which later renamed itself RSA Security), there was a gradual Borgification of RSA Labs, with it being assimilated more and more into the mother company (SecurID was always the main source of revenue, not RSA encryption).
I haven't been able to find the date at which the bribe took place, but 10 million seems very low. If Coviello approved this, I hope he's sued by stockholders.
ce
False and misleading headline (Score:4, Insightful)
Following this. This headline is not exactly true. 1) RSA was paid 10M to make the NSA algo the default in their bSecure product. We have no direct evidence that RSA (now owned by EMC) KNEW the RNG (random number generator) in the NSA compromised algo had been compromised. This is 20/20 hindsight.
2) at the time, *some* people were suspiious generally of work done by NSA cryptographers for a variety of reason- the NSA had fought for the Clippe r Chip in the 90s ; the NSA was generally hsotile to strong encryption for civiliians etc. However, those opinions were countered by the majority of people who plausibly considered that the NSA had a real interest in seeing real encryption be used by US corporations etc. We now know who was right, the skeptics, but we didn't know that at the time that deal went down.
This is what's called "plausible deniability" or "cover" in intelligence circles and everywhere else now but that's the point- it IS plausible, entirely, that RSA was taking money (and not a lot to RSA) to make it the default because they believed the NSA.
Overall, at the time, the people who believed the NSA participated in encryption with the public out of a concern to see it done right were the majority.
Just keeping the story as straight as possible because what we're interested in is the truth as far as we can discern it, right?
Re: (Score:3)
A pretty large amount of what RSA sells could be replaced with simple commodity tech and be an improvement. At best they sell hugely overpriced Enterprise-Ready versions of those same commodity encryption tools, packaged into "appliances". Apparently they didn't even do that right, though.
Re: (Score:3, Interesting)
Their TOTP generator is well known and secure. The problem with TOTP and HOTP systems, though, is that it still requires a shared secret at both ends. The secret in the token is fairly secure, but even if it weren't it doesn't matter much because there's only one secret per token.
The server end, however, needs to store _all_ the secrets. Some dedicated solutions store the secrets on an HSM (hardware security module), which if designed correctly has no way to actually emit the secret--it'll only take a signe
Re:Don't misinform if you don't understand crypto (Score:4, Interesting)
The NIST/SECP curves are NOT safe. They were generated by the NSA, and they need replacing. http://safecurves.cr.yp.to/
We probably don't know the full extent of the 'trapdoors' left by Jerry. What we do know is that unless you're using Brier-Joye's (very, very slow) constant-time short-Weierstrass curve, a timing attack is possible, and probably practical; many of the routines are incomplete or wrongly-implemented, because they're very complex, and the curves aren't complete; some don't even check if the point is on the curve, and if it isn't, we're basically leaking private data; secp256k1 has a complex-multiplication field discriminant of just -3, which may make it more susceptible to one attack and very possible to one extended one we don't know about; and secp224r1 (P-224) definitely has an insecure twist. Something may well be wrong with secp256r1 and the others, but if so, we don't know what it is. Either way, we know the NSA generated it to ostensibly be random but really satisfy some very specific unknown conditions: that alone is reason enough to not trust it.
Re:WHY THE FUCK (Score:5, Interesting)
..do I need an "EC PRNG",if any symmetric cipher and a simple couter is sufficient to generate PR numbers ?
I seriously would like to know !
If that were true, you would not. However, its not established that's true. Some believe iterative hashing is the best way because hashes are explicitly designed to be one-way functions, meaning they are intrinsically not reversible. That is believed to make hash-based PRNGs more resistant to attack. However, on the flip-side cipher-based PRNGs have the advantage that ciphers have been more closely studied, and are likely more resistant to attack because of that. That's why 800-90 specifies both hash-based and cipher-based PRNG algorithms.
The logic behind EC was based on the belief that ECs are more resistant to attack because they are based on different mathematical problems than most hash and cipher algorithms, and therefore are less vulnerable to the current state of the art in attacks designed to attack hashes and ciphers. That assertions seems to be false based on research done in the mid 2000s, but the general answer to your question is that no one is certain that, say, AES-based stream cipher PRNGs are certain to be uncrackable, and so people are always looking for alternatives. In fact, the *strongest* PRNG that I can think of is one that simultaneously generates SHA, AES, *and* EC random streams and XORs them together. To break that random stream, you would have to be able to break all three simultaneously. Even if EC had a backdoor in it, that would not help you at all to break a random stream with its contents XORed into two other generators.
So the general answer to the question of why you'd need anything other than a cipher PRNG is that a) no one knows if your preferred cipher PRNG might be broken tomorrow, and b) having multiple kinds of generators based on entirely different math opens the door to creating stronger generators that are a combination of all of them. And by the way, a cipher-based generator that was the XOR of two different cipher-based generators is not guaranteed to be twice as strong.
EC is a bad candidate in general for this kind of RNG hardening (because of its speed and its poorly understood backdoor possibilities), but we only knew that after it had been studied. If it was faster, and its constants were initialized by another PRNG guaranteed to not include the backdoor, it could serve as a PRNG hardener in theory, since its strength relies on an independent problem from hashes and traditional block ciphers.
Playing Devil's Advocate (Score:5, Interesting)
What if the NSA had gone to RSA in the past to get them to do what this Reuters article claims, and RSA did indeed say no?
And what if, since many things about the NSA are coming out anyway, the NSA went to Reuters (or used some in-between person or persons) to plant the false story that RSA is in NSAs pocket -- in order to punish them for their earlier refusal? Because they know that you, and most others reading this, will believe that RSA products are infected by NSA backdoors, and not use RSA products... whether the backdoors, or weaknesses, or whatever, are there or not. I mean, it's not like Reuters fact-checks their shit anymore, and the press can get a "deal they can't refuse" just as easily as any other company.
In that kind of scenario, RSA could be telling the absolute truth... and no one will believe them.
Re: (Score:3)
I don't see a problem with the statement:
- For $10M, the NSA became a customer
- RSA didn't design or enable back doors, it provided an inferior and more breakable encryption. That's not technically a back door.
Pay attention to the weasel words. No statement gets out unchecked by Legal.
Nuke hystyeria (Score:5, Insightful)
No, it also takes a seller of such weapons. And there aren't any, or we'd have been sweeping up the remains of some city, political center, or major chunk of infrastructure by now. The whole "terrorists and nuclear weapons" is a total mind job done on you and yours by your government. One thing to to keep in mind: Nukes are very difficult and expensive to manufacture, and pretty damned difficult to lose track of.
Civilization isn't likely to die due to nuclear weapons. We've set off well over a thousand of them already, and there's no particular notable effects other than the low hum of hysteria at the intersection of the set of the ill-informed and the paranoid.
Also, Chemical weapons are a lot less "mass" than nukes are, barring very sophisticated delivery systems, which again, aren't available to religious tools. Bacterial weapons are vaguely possible (although still very, very technical), but incorporate the downside of most likely eventually killing everyone everywhere instead of just the target(s), and so not even your average superstition-addled dingbat seriously considers them.
If you are a US citizen, If you want to worry about civilization, you should be worrying about the decay of our government from one authorized by the constitution into a form exclusively controlled by corporate and political groups. Because unlike the "nuclear threat", said decay is real and ongoing and has already screwed things up immensely: almost 100% loss of manufacturing capacity and so also jobs, crippling inflation, loss of citizen's rights, usurpation of article five powers by the judiciary, illegal legislation that spans almost the entire bill of rights to ex post facto laws to the complete inversion of the commerce clause, promulgation of multiple very expensive, ultimately useless wars... the problem isn't terrorists. The problem is our federal government. The whole terrorist thing is to keep the citizens looking the wrong way.
Re:CryptoLocker (Score:4, Insightful)
Because the people behind CryptoLocker (who are probably from Russia or China or some other country that isn't exactly best buddies with the US) are likely smart enough not to trust US-made off-the-shelf cryptography.