[148406] in cryptography@c2.net mail archive
Re: [Cryptography] Kindle as crypto hardware
daemon@ATHENA.MIT.EDU (ianG)
Wed Dec 11 13:19:50 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Dec 2013 16:17:38 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <CAMm+LwiE41H12d+L_=tyEG8GdFbJe9pwfHBh579b6TFvar2kxQ@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 6/12/13 01:53 AM, Phillip Hallam-Baker wrote:
> On Thu, Dec 5, 2013 at 4:23 PM, Theodore Ts'o <tytso@mit.edu
> <mailto:tytso@mit.edu>> wrote:
>
> On Thu, Dec 05, 2013 at 08:01:04PM +0100, Lodewijk andr=E9 de la porte
> wrote:
> >
> > It's a joke. Noise patterns from hardware are a serious concern
> though.
>
> A few years ago, people who suggested that NIST might issue a standard
> sabotaged by the NSA would be a joke and/or the paranoid ravings of
> the tin foil hat crowd...
I think that point bears repeating, especially by those of us who were =
paranoid ravers :)
> I don't think that is what DUAL_EC_DRNG started as.
>
> It would make perfect sense to have a mechanism that allowed the NSA to
> check cryptohardware to see if the random number generator has been
> bongoed. And one way to do that is to put a backdoor in it so you can
> dump out the random number seed being used and check.
>
> The point at which the spec was released was just after a leadership
> change at the NSA and at a time when the military thought itself
> completely above any form of accountability.
>
> I don't think they would have done that before because the people inside
> the agency saying 'this is going to be found out' would be listened to.
> And I am pretty certain that there were such people because they are not
> stupid. Like the numerous analysts at the CIA telling the administration
> that there was no evidence of WMD in Iraq or collusion with Al Qaeda,
> the experts were ignored by a bunch of arrogant showboats.
I agree that the intervention likely didn't start as more than an =
incremental tweak to programmes already in existence for other purposes. =
Step by baby step.
But now it is policy. The DUAL_EC_DRBG is just the one we have the more =
or less complete picture on. A reasonable observer should be able to =
conclude that the SSL/PKI debacle is in the NSA's best interests, and =
this puts all of the PKIX and TLS and HTTPS-everywhere efforts under a =
cloud [2]. As is cloud :)
Hardware encryption is regularly targeted. Commercial software crypto =
is compromised. We have no "evidence" that they interfered in each =
case, but we've long suspected it and the expectation should now switch =
to a probable.
As in, probable cause, good enough for an arrest, if we could identify =
the crime. Yesterdays news: they targeted game communities, without =
any evidence! While it is interesting to figure out how it happened, =
that's really the topic of history. It happened.
Security must concentrate on the here and now -- how do we defend? Do =
we? Can we? How much to pay?
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography