Announcement

Collapse
No announcement yet.

The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #11
    Originally posted by starshipeleven View Post
    crypto both math and code, and yes, actually finding mathematical backdoors in an algorithm is not really viable
    https://www.theregister.co.uk/2017/1...cal_backdoors/
    I'm not an expert on encryption, but that you cannot find mathematical weaknesses just doesnt pass the smell test for me. It seems like you should be able to if the algorithm is really badly designed. If the algorithms are very well designed, then you probably could not. You made a blanket statement about all algorithms however.
    • Likes 1

    Comment

    • #12
      Originally posted by some_canuck View Post
      People seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.
      RSA, the algorithm is a very simple concept, been studied for years and years. Not much room in it for shenanigans. its unlikely to be vulnerable, but the key length may need to get longer . Many people like RSA because of the simplicity and that it can be understood easily.

      If you meant the company, thats whole other matter and your probably right.
      • Likes 2

      Comment

      • #13
        Originally posted by jpg44 View Post
        I'm not an expert on encryption, but that you cannot find mathematical weaknesses just doesnt pass the smell test for me.
        I said backdoors, not weaknesses. A backdoor is something planted on purpose, and hidden on purpose.

        It seems like you should be able to if the algorithm is really badly designed. If the algorithms are very well designed, then you probably could not.
        Personally, I would not be able to find anything unless the algorithm was truly designed by a child, like Cesar's Cypher from 2 thousands years ago. That's not anywhere near my area of expertise and I suck at complex/pure math.

        As said in the article, the main issue about mathematical backdoors is that to detect them you need a completely different skillset than most security analysts have (they are mostly programmers of some kind), and there is no real history or doctrine of testing against such backdoors so you are left on your own devices if you wish to do so.

        This makes them much harder to find than software backdoors.

        You made a blanket statement about all algorithms however.
        Yes, the issue exists for all algorithms, I didn't single out Speck.

        Comment

        • #14
          Originally posted by cRaZy-bisCuiT View Post

          This might be the case since it's not allowed for us citizens to use 4096 bit PGP keys. You know what? LOL! :'D
          The US government classifies you as as a dangerous extremist if you read things like the Linux Journal.

          Originally posted by Washington Post
          His request set in motion a harrowing sequence. He was confronted by supervisors and accused of mishandling classified information while assembling his FOIA request. His house was raided by the FBI and his family’s computers seized. Stripped of his job and his security clearance, Scudder said he agreed to retire last year after being told that if he refused, he risked losing much of his pension.

          In an interview, Scudder, 51, cast his ordeal as a struggle against “mindless” bureaucracy, but acknowledged that it was hard to see any winners in a case that derailed his CIA career, produced no criminal charges from the FBI, and ended with no guarantee that many of the articles he sought will be in the public domain anytime soon.

          “I submitted a FOIA and it basically destroyed my entire career,” Scudder said. “What was this whole exercise for?”

          Scudder’s case also highlights the risks to workers who take on their powerful spy-agency employers. Scudder’s actions appear to have posed no perceptible risk to national security, but he found himself in the cross hairs of the CIA and FBI.

          Scudder’s attorney, Mark Zaid, described the case as an example of “aggressive retaliation against employees who seek to act in the public’s interest and challenge perceived poor managerial decisions. . . . The system is really broken.”

          The documents sought by Scudder amount to a catalog of a bygone era of espionage. Among them are articles with the titles “Intelligence Lessons from Pearl Harbor” and “Soviet Television — a New Asset for Kremlin Watchers.”

          He discovered about 1,600 articles that were listed as released to the public but could not be found at the National Archives. Further searching turned up hundreds more that seemed harmless but were stuck in various stages of declassification review.

          Scudder said he made numerous attempts to get the trove released but was repeatedly blocked by the Information Review and Release Group, the office in charge of clearing materials for the public. In 2010, Scudder took a new assignment in the CIA’s Counterintelligence Center, but couldn’t forget his unfinished historical collections business. Filing a FOIA, he thought, might force the agency’s hand.

          Scudder’s FOIA submissions fell into two categories: one seeking new digital copies of articles already designated for release and another aimed at articles yet to be cleared. He made spreadsheets that listed the titles of all 1,987 articles he wanted, he said, then had them scanned for classified content and got permission to take them home so he could assemble his FOIA request on personal time.

          On Nov. 27, 2012, a stream of black cars pulled up in front of Scudder’s home in Ashburn, Va., at 6 a.m. FBI agents seized every computer in the house, including a laptop his daughter had brought home from college for Thanksgiving. They took cellphones, storage devices, DVDs, a Nintendo Game Boy and a journal kept by his wife, a physical therapist in the Loudoun County Schools.

          The search lasted nearly four hours, Scudder said. FBI agents followed his wife and daughters into their bedrooms as they got dressed, asking probing questions. “It was classic elicitation,” Scudder said. “How has Jeff been? Have you noticed any unexplained income? Cash? Mood changes?”
          So, yeah, get raided and destroyed for outdated information, asked for by a FOIA request. Even using lawful means is enough to be ruined.
          • Likes 4

          Comment

          • #15
            Originally posted by jpg44 View Post

            I'm not an expert on encryption, but that you cannot find mathematical weaknesses just doesnt pass the smell test for me. It seems like you should be able to if the algorithm is really badly designed. If the algorithms are very well designed, then you probably could not. You made a blanket statement about all algorithms however.
            When IBM developed the DES algorithm in 1974, NSA when performing an audit of the algorithm replied back with some changes to the S-Boxes. Since involvement by the NSA in such a direct way cautioned many back then cryptographers of the time spend countless hours on figuring out why the values where changed and if the community could create new safe non-NSA-involved S-Boxes.

            It wasn't until 1990 when Differential Cryptanalysis was discovered that cryptographers understood that the NSA had changed the S-Box values to protect against this very attack.

            Now crypto-analytics have improved a lot since then and the gap between the community and the NSA is probably way way smaller than it was back in the 70:ies but this example still shows just how hard it is to find deliberate changes to crypto algorithms if they are done by a competent agent.

            Comment

            • #16
              Religion and nationalism are corrupt, regardless of the brandings. They're also rather irrelevant to the larger problem here. That problem is that even people who are following the law are destroyed. There is no room for idealism. That's true of the corporate world, too. Steve Schmidt mocked Google's "Don't be evil" motto, saying it was the stupidest thing he had ever heard. And, it was — because corporations aren't about being moral. They're amoral by definition because they're about selling things for more than they're worth, convincing the majority of customers, via marketing, to give more of their life (money) than the product provides back to them in life enhancement. He asked what evil is and said the only time he'd heard of it is in the Bible, which implies that it's an irrelevant anachronism. Which it is, when it comes to corporations and our global plutocracy. Plutocracy is about the goodness of an individual being determined by their net worth (mainly how large their financial wealth is). How good that person is is also largely determined by how well they defend the privilege of other elites.

              Anyone who is seen as a danger to elite privilege runs afoul of the law because law is, principally, designed to foster that privilege. That is why people who behave lawfully, as Mr. Scudder did, end up being destroyed. There is nearly zero tolerance for idealism. It is also why people who make the effort to stand up for their interests (by reading things like the Linux Journal and understanding security enough to not be as easily passively exploited) are also branded as bad apples.
              • Likes 2

              Comment

              • #17
                I would say nationalism is anticorrupt not corrupt.
                • Likes 1

                Comment

                • #18
                  Originally posted by some_canuck View Post
                  People seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.
                  That is why openssl is not safe.

                  Comment

                  • #19
                    Originally posted by cRaZy-bisCuiT View Post

                    This might be the case since it's not allowed for us citizens to use 4096 bit PGP keys. You know what? LOL! :'D
                    Yup that's my concern as well. I guess they have some ASIC cluster brute forcing 2k RSA in reasonable times that would be rendering impractical going 4k.

                    Comment

                    • #20
                      Originally posted by jpg44 View Post

                      RSA, the algorithm is a very simple concept, been studied for years and years. Not much room in it for shenanigans. its unlikely to be vulnerable, but the key length may need to get longer . Many people like RSA because of the simplicity and that it can be understood easily.

                      If you meant the company, thats whole other matter and your probably right.
                      Speck is very simple algorithm too. It is also not something revolutionary new (typical ARX).

                      I don't think Speck is backdoor-ed, but it could have a bit more rounds. I think it is more about politics than actual fear of backdoor.
                      I like Speck, but I don't care, if they remove it since it is easy to implement anyway.
                      Last edited by LightBit; 06 September 2018, 02:57 PM.

                      Comment

                      Previous 1 2 3 template Next
                      Working...
                      X