Announcement

Collapse
No announcement yet.

The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • oibaf
    replied
    Originally posted by cRaZy-bisCuiT View Post
    How could that code include backdoors if it's Open Source - is nobody able to read and understand it?
    There is some explanation here: https://en.wikipedia.org/wiki/NOBUS

    Leave a comment:


  • jpg44
    replied
    With the P-256 curve debacle, the suspected weakness was in the algorithm, the suspected problem was in the algorithm, it was not a problem in the source code itself, the source code is just dutifully implementing the algorithm and whatever flaws it has. I dont know the particulars about this one, but this has been discussed on many blogs about the sometimes opaque qualities of some of the more dodgy encryption algorithms, where there are certain constants worked into it that you cannot verify the source of, there is also possibilities of strategic weaknesses in the algorithms, such as the P-256 that were used on some curves . A good algorithm is independantly verifiable backwards and forwards to be universally strong with no weaknesses and where there are no opaque constants or structure that cannot be determined what its purpose and source was.

    Edit: Bruce Schneir and Daniel Bernstein have both on their pages discussed the issue of P-256 debacle and EC-DRBG which has been a concern before. Bernstein developed Curve25519 to address the concerns.
    Last edited by jpg44; 04 September 2018, 09:34 AM.

    Leave a comment:


  • marjancek
    replied
    Originally posted by cRaZy-bisCuiT View Post
    How could that code include backdoors if it's Open Source - is nobody able to read and understand it?
    Mathematical back door.

    That is, they know how to break it in a reasonable time, even though currently no attack methods are publicly known.

    Leave a comment:


  • cRaZy-bisCuiT
    replied
    How could that code include backdoors if it's Open Source - is nobody able to read and understand it?

    Leave a comment:


  • The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

    Phoronix: The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

    While Google got the NSA-developed Speck into the Linux kernel on the basis of wanting to use Speck for file-system encryption on very low-end Android (Go) devices, last month they decided to abandon those plans and instead work out a new "HPolyC" algorithm for use on these bottom-tier devices due to all the concerns over Speck potentially being back-doored by the US National Security Agency...

    http://www.phoronix.com/scan.php?pag...ng-Next-Kernel
Working...
X