Originally posted by starshipeleven
View Post
Announcement
Collapse
No announcement yet.
The Controversial Speck Encryption Code Will Indeed Be Dropped From The Linux Kernel
Collapse
X
-
- Likes 1
-
Originally posted by some_canuck View PostPeople seem to forget that the NSA has their fingers in openssl and RSA as well, both of which almost everyone uses on a daily basis.
If you meant the company, thats whole other matter and your probably right.
- Likes 2
Comment
-
Originally posted by jpg44 View PostI'm not an expert on encryption, but that you cannot find mathematical weaknesses just doesnt pass the smell test for me.
It seems like you should be able to if the algorithm is really badly designed. If the algorithms are very well designed, then you probably could not.
As said in the article, the main issue about mathematical backdoors is that to detect them you need a completely different skillset than most security analysts have (they are mostly programmers of some kind), and there is no real history or doctrine of testing against such backdoors so you are left on your own devices if you wish to do so.
This makes them much harder to find than software backdoors.
You made a blanket statement about all algorithms however.
Comment
-
Originally posted by cRaZy-bisCuiT View Post
This might be the case since it's not allowed for us citizens to use 4096 bit PGP keys. You know what? LOL! :'D
Originally posted by Washington PostHis request set in motion a harrowing sequence. He was confronted by supervisors and accused of mishandling classified information while assembling his FOIA request. His house was raided by the FBI and his family’s computers seized. Stripped of his job and his security clearance, Scudder said he agreed to retire last year after being told that if he refused, he risked losing much of his pension.
In an interview, Scudder, 51, cast his ordeal as a struggle against “mindless” bureaucracy, but acknowledged that it was hard to see any winners in a case that derailed his CIA career, produced no criminal charges from the FBI, and ended with no guarantee that many of the articles he sought will be in the public domain anytime soon.
“I submitted a FOIA and it basically destroyed my entire career,” Scudder said. “What was this whole exercise for?”
Scudder’s case also highlights the risks to workers who take on their powerful spy-agency employers. Scudder’s actions appear to have posed no perceptible risk to national security, but he found himself in the cross hairs of the CIA and FBI.
Scudder’s attorney, Mark Zaid, described the case as an example of “aggressive retaliation against employees who seek to act in the public’s interest and challenge perceived poor managerial decisions. . . . The system is really broken.”
The documents sought by Scudder amount to a catalog of a bygone era of espionage. Among them are articles with the titles “Intelligence Lessons from Pearl Harbor” and “Soviet Television — a New Asset for Kremlin Watchers.”
He discovered about 1,600 articles that were listed as released to the public but could not be found at the National Archives. Further searching turned up hundreds more that seemed harmless but were stuck in various stages of declassification review.
Scudder said he made numerous attempts to get the trove released but was repeatedly blocked by the Information Review and Release Group, the office in charge of clearing materials for the public. In 2010, Scudder took a new assignment in the CIA’s Counterintelligence Center, but couldn’t forget his unfinished historical collections business. Filing a FOIA, he thought, might force the agency’s hand.
Scudder’s FOIA submissions fell into two categories: one seeking new digital copies of articles already designated for release and another aimed at articles yet to be cleared. He made spreadsheets that listed the titles of all 1,987 articles he wanted, he said, then had them scanned for classified content and got permission to take them home so he could assemble his FOIA request on personal time.
On Nov. 27, 2012, a stream of black cars pulled up in front of Scudder’s home in Ashburn, Va., at 6 a.m. FBI agents seized every computer in the house, including a laptop his daughter had brought home from college for Thanksgiving. They took cellphones, storage devices, DVDs, a Nintendo Game Boy and a journal kept by his wife, a physical therapist in the Loudoun County Schools.
The search lasted nearly four hours, Scudder said. FBI agents followed his wife and daughters into their bedrooms as they got dressed, asking probing questions. “It was classic elicitation,” Scudder said. “How has Jeff been? Have you noticed any unexplained income? Cash? Mood changes?”
- Likes 4
Comment
-
Originally posted by jpg44 View Post
I'm not an expert on encryption, but that you cannot find mathematical weaknesses just doesnt pass the smell test for me. It seems like you should be able to if the algorithm is really badly designed. If the algorithms are very well designed, then you probably could not. You made a blanket statement about all algorithms however.
It wasn't until 1990 when Differential Cryptanalysis was discovered that cryptographers understood that the NSA had changed the S-Box values to protect against this very attack.
Now crypto-analytics have improved a lot since then and the gap between the community and the NSA is probably way way smaller than it was back in the 70:ies but this example still shows just how hard it is to find deliberate changes to crypto algorithms if they are done by a competent agent.
Comment
-
Religion and nationalism are corrupt, regardless of the brandings. They're also rather irrelevant to the larger problem here. That problem is that even people who are following the law are destroyed. There is no room for idealism. That's true of the corporate world, too. Steve Schmidt mocked Google's "Don't be evil" motto, saying it was the stupidest thing he had ever heard. And, it was — because corporations aren't about being moral. They're amoral by definition because they're about selling things for more than they're worth, convincing the majority of customers, via marketing, to give more of their life (money) than the product provides back to them in life enhancement. He asked what evil is and said the only time he'd heard of it is in the Bible, which implies that it's an irrelevant anachronism. Which it is, when it comes to corporations and our global plutocracy. Plutocracy is about the goodness of an individual being determined by their net worth (mainly how large their financial wealth is). How good that person is is also largely determined by how well they defend the privilege of other elites.
Anyone who is seen as a danger to elite privilege runs afoul of the law because law is, principally, designed to foster that privilege. That is why people who behave lawfully, as Mr. Scudder did, end up being destroyed. There is nearly zero tolerance for idealism. It is also why people who make the effort to stand up for their interests (by reading things like the Linux Journal and understanding security enough to not be as easily passively exploited) are also branded as bad apples.
- Likes 2
Comment
-
Originally posted by cRaZy-bisCuiT View Post
This might be the case since it's not allowed for us citizens to use 4096 bit PGP keys. You know what? LOL! :'D
Comment
-
Originally posted by jpg44 View Post
RSA, the algorithm is a very simple concept, been studied for years and years. Not much room in it for shenanigans. its unlikely to be vulnerable, but the key length may need to get longer . Many people like RSA because of the simplicity and that it can be understood easily.
If you meant the company, thats whole other matter and your probably right.
I don't think Speck is backdoor-ed, but it could have a bit more rounds. I think it is more about politics than actual fear of backdoor.
I like Speck, but I don't care, if they remove it since it is easy to implement anyway.Last edited by LightBit; 06 September 2018, 02:57 PM.
Comment
Comment