[146816] in cryptography@c2.net mail archive
Re: [Cryptography] MITM source patching [was Schneier got spooked]
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Sun Sep 8 11:56:01 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 8 Sep 2013 13:47:37 +0200
From: Eugen Leitl <eugen@leitl.org>
To: cryptography@metzdowd.com
In-Reply-To: <CAGSRWbiPzxFccKhjSS4mNSwMDuwcfNxHiD0RiM-nh3TnigNEFg@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4260472232077282852==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="VjpKO6h983+pAmpQ"
Content-Disposition: inline
--VjpKO6h983+pAmpQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Sep 07, 2013 at 07:42:33PM -1000, Tim Newsham wrote:
> Jumping in to this a little late, but:
>=20
> > Q: "Could the NSA be intercepting downloads of open-source
> > encryption software and silently replacing these with their own version=
s?"
> > A: (Schneier) Yes, I believe so.
>=20
> perhaps, but they would risk being noticed. Some people check file hashes
> when downloading code. FreeBSD's port system even does it for you and
> I'm sure other package systems do, too. If this was going on en masse,
There is a specific unit within NSA that attempts to obtain keys not in
the key cache. Obviously, package-signing secrets are extremely valuable,
since they're likely to work for hardened (or so they think) targets.
For convenience reasons the signing secrets are typically not secured.
If something is online you don't even need physical access to obtain it.
The workaround for this is to build packages from source, especially
if there's deterministic build available so that you can check whether
the published binary for public consumption is kosher, and verify
signatures with information obtained out of band. Checking key=20
fingeprints on dead tree given in person is inconvenient, and does=20
not give you complete trust, but it is much better than just blindly=20
install something from online depositories.
> it would get picked up pretty quickly... If targeted, on the other hand,=
it
> would work well enough...
--VjpKO6h983+pAmpQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJSLGPZAAoJEPRuNImsiU7FI0YP/01vuT8dpat2rUk7ylTH8v06
IawTtcgp1vGKtmOvSJO5pZCK6oh8neHJUZPYbIwQfH2jkOCHfNO1nfZ5hxdW4+QL
FWLCTP6d7IyIjTMGLHefo/idvtvBSzgBYldiBIHSe5gcvhDWNyHDXOnVWprEjE/P
iZqN7GZnervPxJiB4TNUcwHh6l6KIYqEp+37Rcxd3V1nXpZTaTo3Lrg5mcTOs4FN
sOJ0t0Y3ydrWdJvC0NAWS7nYuW6A4FTAy1DHfZadT2kCyIPtGpUebPEpFxaBm9y1
353w3vfcd6m9ZJe5A3MTlkZpnDxUzC0oWuX161qFCbqQfTQ2W+2pCG1rlSwR8qkc
VpaapEh5ctLIfAw39QQe9yCElk71jqzUpdh+VLWg/LjnbDZi/CVwnpKj7MAc2asl
+K6h/rx1unxfeuBMKAXx8hPia/KEMpFTK9MLxEA7qNzA6iV3V+edZ2yaA19lXs1y
s7Xb/TeWnNTEnYbyz5dDXzIDfqjh/kd9lW/GR8ZZJlR+/x8LVGP4SnXaj90ms/Bt
KBysicAJpbRT4XK/R4mlIW1p/U/su/A9VOsK7lkTWxfejaD69/yBE+HAeHGJE4gp
wHR+wAUNQG/8C3MTuCmlyxXPRoe1bo5W8RVRCdDhONQNDrvc4UVLlLEz+sHFMDeA
d20ck2DEWb/mBrW+FreL
=AHdl
-----END PGP SIGNATURE-----
--VjpKO6h983+pAmpQ--
--===============4260472232077282852==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4260472232077282852==--
