Announcement

Collapse
No announcement yet.

The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

    Phoronix: The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

    While Google got the NSA-developed Speck into the Linux kernel on the basis of wanting to use Speck for file-system encryption on very low-end Android (Go) devices, last month they decided to abandon those plans and instead work out a new "HPolyC" algorithm for use on these bottom-tier devices due to all the concerns over Speck potentially being back-doored by the US National Security Agency...

    http://www.phoronix.com/scan.php?pag...ng-Next-Kernel

  • #2
    How could that code include backdoors if it's Open Source - is nobody able to read and understand it?

    Comment


    • #3
      Originally posted by cRaZy-bisCuiT View Post
      How could that code include backdoors if it's Open Source - is nobody able to read and understand it?
      Mathematical back door.

      That is, they know how to break it in a reasonable time, even though currently no attack methods are publicly known.

      Comment


      • #4
        With the P-256 curve debacle, the suspected weakness was in the algorithm, the suspected problem was in the algorithm, it was not a problem in the source code itself, the source code is just dutifully implementing the algorithm and whatever flaws it has. I dont know the particulars about this one, but this has been discussed on many blogs about the sometimes opaque qualities of some of the more dodgy encryption algorithms, where there are certain constants worked into it that you cannot verify the source of, there is also possibilities of strategic weaknesses in the algorithms, such as the P-256 that were used on some curves . A good algorithm is independantly verifiable backwards and forwards to be universally strong with no weaknesses and where there are no opaque constants or structure that cannot be determined what its purpose and source was.

        Edit: Bruce Schneir and Daniel Bernstein have both on their pages discussed the issue of P-256 debacle and EC-DRBG which has been a concern before. Bernstein developed Curve25519 to address the concerns.
        Last edited by jpg44; 04 September 2018, 09:34 AM.

        Comment


        • #5
          Originally posted by cRaZy-bisCuiT View Post
          How could that code include backdoors if it's Open Source - is nobody able to read and understand it?
          There is some explanation here: https://en.wikipedia.org/wiki/NOBUS

          Comment


          • #6
            People seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.

            Comment


            • #7
              Originally posted by some_canuck View Post
              People seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.
              On computers most likely running Intel ME

              Comment


              • #8
                Originally posted by some_canuck View Post
                People seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.
                Then use LibreSSL. RSA is extremely well understood and is used internally by many government including the US. Well, there some suspicions it might be weaker than it appears to be so you'd need longer keys...

                Comment


                • #9
                  Originally posted by c117152 View Post

                  Then use LibreSSL. RSA is extremely well understood and is used internally by many government including the US. Well, there some suspicions it might be weaker than it appears to be so you'd need longer keys...
                  This might be the case since it's not allowed for us citizens to use 4096 bit PGP keys. You know what? LOL! :'D

                  Comment


                  • #10
                    Originally posted by cRaZy-bisCuiT View Post
                    How could that code include backdoors if it's Open Source - is nobody able to read and understand it?
                    crypto both math and code, and yes, actually finding mathematical backdoors in an algorithm is not really viable
                    https://www.theregister.co.uk/2017/1...cal_backdoors/

                    Comment

                    Working...
                    X