yeah, hard to believe that anyone unimaginative to work for them got EVERYTHING wrong.
hahahahahahahahhahahahahahahahahahahahahahahahahahahahahahahahaha.
Mind Blown.
Necessary question: Has anyone actually confirmed that these flaws do exist in the product? Until then, the proper description would be âreportâ or âclaimâ or âassertâ rather than ârevealâ.
Not that I doubt the NSA would be delighted to create a back door, especially in anything destined for export⌠but vaporware and/or âconceptâ documents are easy to create, and donât necessarily mean the idea was practical or implemented. Worth checking, certainly, but I do want to see confirmation before I assume itâs any more real than the Amazon drones.
prove stupid?
actually, no.
There was a research paper from Microsoft in 2008 that showed it was possible to hide a secret key in the Dual EC Random Number Generator that the NSA promoted - if you know the secret key, youâre able to predict the random number generator given only a few bytes of output - an Initialisation Vector for instance - if you donât know the secret key, the bits produced appear random. The complexity (number of guesses) needed to predict the random number generator is ~216 if you know the secret key, and ~280 if you donât.
Around 2008 it was known that there was theoretically a backdoor - but it wasnât clear that the NSA as a whole knew about the backdoor - perhaps they created the random number algorithm by accident and didnât realise it was possible to include a backdoor there - perhaps only one guy in the NSA knew about the backdoor and the rest of the agency was in the dark, etc.
The suggestion at the time was - donât use this algorithm because it could support a backdoor.
The subsequent leaks from Snowden confirmed that a) the NSA does have the secret key for the Dual EC Random Number Generator, and now b) they were paying erstwhile trustworthy companies to use their weakened random number generator as the default way of creating ârandomâ numbers, against the advice of people like Bruce Schneier and the Microsoft researchers who discovered the backdoor originally.
The performance of the Dual EC Random number generator is somewhat worse than other approaches for generating random numbers (e.g. itâs 1000 times slower than named-brand competitors), so thereâs apparently no sensible reason to favour it if youâre in a hurry, but is has the ideal properties for a spy agency: The NSA publish a set of preferred constants via NIST that define the elliptic curve used in the algorithm. If you use their constants, you get a âstrongâ random number generator with good statistical randomness, that the only the NSA knows how to predict. If you throw out the NSA preferred constants and pick your own, you get a weak random number generator thatâs easy for everyone to predict. So in a sense the NSA were protecting people against foreign spying whilst ensuring that they could spy on anyone they chose to target. Elegant.
This revelation is mainly damaging for RSA. They accepted a $10M bribe to use a bugged protocol that they must (or should) have been aware was likely to include a backdoor. It doesnât matter if the NSA duped them into using the backdoored protocol or whether they knowingly accepted the bribe contract - either way RSA is untrustworthy - either because they sold out, or because theyâre incompetent. I personally would never use their products given this revelation.
I suspect the news will wipe more than $10M off the value of their shares - their reputation will be shredded by this - cautionary tale about accepting the NSAâs 30 pieces of silver. I wonder who else was bought off by the NSA?
I think the question on everyoneâs mind now is:
If RSA is compromised, is SSL compromised?
SSL uses public key cryptography which was created in the 1970s, and the comany went bad seemingly post 2000, so no relation here. I donât know if you could use this flaw in your SSL, however.
RSA the company is compromised. RSA the public key encryption algorithm is not.
SSL, however, is awfully broken and has been for years, but the reason is nothing to to with RSA (company or algorithm) - the problem is the simple-minded certificate authority trust model.
I canât help feeling âman thereâs nobody left to trustâ, and I guess that is exactly what the NSA wants me to feel.
If you use the BSafe crypto libraries with software defaults as a basis for your SSL implementation, or if for whatever reason your SSL implementation uses dual-EC-DRBG as its random number source, then yes, your SSL implementation is hosed.
One more reason to use ROT13 or, if you need something really secure, ROT26.
According to the (dubiously veracious; but what else are you going to do?) reports, RSAâs original core team of cypherpunk crypto types was more or less gutted, either left or consigned to smaller roles, as they moved into selling fancy enterprise solutions and eventually folded into EMC.
Iâd be surprised if they were actually told âHey, backdoor your product for $10 millionâ. Thatâs kind of a pathetic bribe; but apparently theyâd been largely brain-drained of the sort of people who made RSA a hotbed of anti-clipper sentiment back in the day, who would have been suitably suspicious of such an arrangement.
(Also, if you want reasons to not deal with RSA, aside from their products, this is arguably Major Fuckup #2: The embarassing little incident where it was revealed that they (A) stored the seed values for all the RSA fobs they sold and (B) had those values stolen by parties unknown, who proceeded to go on a major-defense-contractor owning spree, says all you need to know about the wisdom of trusting their goods. In retrospect, one wonders if those seed values were being storedâŚfor the convenience of certain friendsâŚ)
RSA should just start hiring more lawyers now. Itâs going to be a nasty 2014 for them and I donât think they will survive this.
I find I doubt the completeness of this reporting. It really has little to do with RSA or this latest, though. In 1998, a military friend had attended a conference in VA, and returned telling me he had witnessed a full demonstration of cracking the best encryption available (at that time). We were busy doing some coursework together, and that information flew in the face of everything we were being told. But I trusted his word on that, because we had done other work in common, and I knew others in his outfit.
We had idly wondered one day how certain hackers had been caught so easily, given the tech available. After looking at the information we had available, I posited that identifying information was being stored within Microsoft Office documents they had used without the end-userâs knowledge or consent. That turned out to be the case - and later that year, others noticed and Microsoft got called out on it publicly.
So, I had gotten to know my friendâs manner of thought and knew his skill levels - far better than mine, as security was not my specialty. I believe his story about the encryption demonstration. He had no reason to lie (though every reason to keep it quiet). That was the level of trust. I think there is a good deal more to this than the RSA story alone. What I heard predates RSAâs involvement, so I question NSA having any goal beyond simply making it easier to crack encryption they were already capable of cracking, as another poster had mentioned above. That doesnât let RSA off the hook, but does show that NSAâs intents precede 9-11 by quite a stretch.
Quote from the linked Reuters article:
âThey did not show their true hand,â one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.
End quote.
Hello? Hello? Anybody home? Huh? Think, RSA. Think! A government agency paying you $10M for no apparent reason or not wanting something in return? All that internal paperwork to process the payment just for fun? You didnât really think about that? Did ya? Did ya?
This sort of thing goes back to the times when crypto machines were like typewriters from outer space, i.e. pure hardware.
A lot of smaller countries simply do not have the resources to develop their own crypto infrastructure so they buy it on the open market.
Just one example:
http://cryptome.org/jya/cryptoa2.htm
Like I said, this goes way back and is sort of known, but itâs always nice to get confirmation.
It is laughable to suggest that this isnât real. There hasnât been a single scrap from the Snowden trove that has been proven to be false, and a huge portion of it has been confirmed not just by secondary sources, but by the government itself. The NSA poisoning public crypto is hardly the most damning or unbelievable thing to be revealed. Every sane cryptologist already suspected that RSA had been poisoned just on the pre-Snowden circumstantial evidence alone; the Snowden leak just proves what people had already suspected.
Let me guess you work for the government or in in the âprivateâ sector in the hilariously named âdefenseâ industry? Sorry bro, you are working for the villains. Trash your conscience or get a new job doing something honest.
wut? No, srsly - wut?
TGA has proven many times to be a valuable asset on these forums (to me, ymmv). For example if I would like someone to explain in simple terms why RSA security being compromised is a big deal or not, depending - right, I would be looking for a technogeekagain post among a small number of others. To just launch into tieing anyone into US govt misconduct and painting them with that brush for saying what techno did is laughable.
Craven or inept?
Wait! This is a both/and situation!
The attackers spoofed the e-mail to make it appear to come from a âweb masterâ at Beyond.com, a job-seeking and recruiting site. Inside the e-mail, there was just one line of text: âI forward this file to you for review. Please open and view it.â This was apparently enough to get the intruders the keys to RSAs kingdom.
Details of the RSA Hack - Schneier on Security