[148537] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Dec 19 17:57:56 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52B152D9.1080507@iang.org>
Date: Thu, 19 Dec 2013 17:39:31 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: ianG <iang@iang.org>
Cc: John Kelsey <crypto.jmk@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Theodore Ts'o <tytso@mit.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5089567156695794745==
Content-Type: multipart/alternative; boundary=f46d04426f1cc843a104edead550
--f46d04426f1cc843a104edead550
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Dec 18, 2013 at 2:46 AM, ianG <iang@iang.org> wrote:
>
> Yep. I think mine was grad level but I did it as undergrad. And, yes, we
> built a computer, and wrote a microcoded instruction set. A lot of fun.
> I'll admit my knowledge is way out of date tho, this was back in '83, the
> sophistication of what is now done in microcode has way eclipsed my
> understanding.
Some chips have microcode on microcode. The DEC Alpha even let the
operating system write instructions into the microcode (this allowed the
chip to emulate the VAX four ring security system).
It would be difficult to smuggle code to bork the RNG into the microcode.
But getting a backdoor in there that could allow the O/S to do the borking
might be rather easier. In fact that is the only way that a mass
manufactured chip could credibly bork a RNG whose design might be changed
after the chip went to fab.
It is a long time since I read an instruction set for a CPU and I suspect I
am not alone in that. Auditing a system down to the bare metal would be a
big challenge.
> As to whether the secret can be held, consider the story of DUAL_EC. That
> was a secret that Snowden knew, a contractor.
Do we know this?
I thought that the evidence we had was an elliptic comment in a powerpoint
slide that we have interpreted as being a smoking gun for the already
suspect DUAL_EC_NRRNG (Not Really Random Number Generator)
> I draw from that, that a lot of people knew about the project. I also
> think that a certain amount of hubris affected the secrets sharing of the
> NSA over the last decade, they have done things that they promised would
> never come to light, and have been found out. E.g., somewhere it was
> reported that they got authorisation from Obama for Stuxnet on the promise
> that the secret would never come out.
>
The code word is NOBUS 'Nobody But US'.
But I have it on authority that Snowden has changed the calculation. The
insider risk means that the risk of disclosure is now very high, possibly
as high as 1.0. That means far fewer NOBUS plans can be approved.
> Consider also Olympic Games. That secret must have been shared by many
> hundreds, perhaps thousands, across multiple agencies & countries. Yet,
> the only way we found out was when the darn furriners found the samples and
> decided to ask around what they were.
And might not have found out at all if the Israelis had not relaunched
STUXNET with their own payload, or at least that is one story that NSA
sources have tried to push.
Talking of which, one of the more surprising disclosures is that the NSA
handed raw intercept traffic to Israel. So does this mean that US political
organizations that are opposed to the Likud party policies have been spied
on by their own government and the intelligence passed to their political
enemies?
It certainly seems that the NSA didn't consider that possibility when they
handed over the data.
It seems very likely to me that the NSA has been effectively intervening in
domestic US politics and sabotaging the efforts of the Boycott, Sanctions
and Disinvestment movement.
What other political causes are they using their powers to tip the scales?
Mexico is pretty unhappy with the lack of US gun control laws, is the NSA
sharing raw intelligence with Mexico to help fight the war on drugs? Which
other countries are in the 'swapsies' club.
During the Reagan administration the CIA handed Saddam Hussein a list of
the major opposition leaders who were promptly murdered. Handing over raw
intelligence seems to me to be a way to achieve the same effect with more
plausible deniability.
--
Website: http://hallambaker.com/
--f46d04426f1cc843a104edead550
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, Dec 18, 2013 at 2:46 AM, ianG <span dir=3D"ltr"><<a href=3D"mailto:i=
ang@iang.org" target=3D"_blank">iang@iang.org</a>></span> wrote:<br><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex">
<div class=3D"im"><br></div>
Yep. =A0I think mine was grad level but I did it as undergrad. =A0And, yes,=
we built a computer, and wrote a microcoded instruction set. =A0A lot of f=
un. =A0I'll admit my knowledge is way out of date tho, this was back in=
'83, the sophistication of what is now done in microcode has way eclip=
sed my understanding.</blockquote>
<div><br></div><div>Some chips have microcode on microcode. The DEC Alpha e=
ven let the operating system write instructions into the microcode (this al=
lowed the chip to emulate the VAX four ring security system).</div><div>
<br></div><div>It would be difficult to smuggle code to bork the RNG into t=
he microcode. But getting a backdoor in there that could allow the O/S to d=
o the borking might be rather easier. In fact that is the only way that a m=
ass manufactured chip could credibly bork a RNG whose design might be chang=
ed after the chip went to fab.</div>
<div><br></div><div>It is a long time since I read an instruction set for a=
CPU and I suspect I am not alone in that. Auditing a system down to the ba=
re metal would be a big challenge.</div><div><br></div><div><br></div><div>
=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde=
r-left:1px #ccc solid;padding-left:1ex">
As to whether the secret can be held, consider the story of DUAL_EC. That w=
as a secret that Snowden knew, a contractor. =A0</blockquote><div><br></div=
><div>Do we know this?</div><div><br></div><div>I thought that the evidence=
we had was an elliptic comment in a powerpoint slide that we have interpre=
ted as being a smoking gun for the already suspect DUAL_EC_NRRNG (Not Reall=
y Random Number Generator)</div>
<div><br></div><div>=A0<br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I draw from=
that, that a lot of people knew about the project. =A0I also think that a =
certain amount of hubris affected the secrets sharing of the NSA over the l=
ast decade, they have done things that they promised would never come to li=
ght, and have been found out. =A0E.g., somewhere it was reported that they =
got authorisation from Obama for Stuxnet on the promise that the secret wou=
ld never come out.<br>
</blockquote><div><br></div><div>The code word is NOBUS 'Nobody But US&=
#39;.=A0</div><div><br></div><div>But I have it on authority that Snowden h=
as changed the calculation. The insider risk means that the risk of disclos=
ure is now very high, possibly as high as 1.0. That means far fewer NOBUS p=
lans can be approved.</div>
<div>=A0<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex">
Consider also Olympic Games. =A0That secret must have been shared by many h=
undreds, perhaps thousands, across multiple agencies & countries. =A0Ye=
t, the only way we found out was when the darn furriners found the samples =
and decided to ask around what they were.</blockquote>
<div><br></div><div>And might not have found out at all if the Israelis had=
not relaunched STUXNET with their own payload, or at least that is one sto=
ry that NSA sources have tried to push.</div><div><br></div><div>Talking of=
which, one of the more surprising disclosures is that the NSA handed raw i=
ntercept traffic to Israel. So does this mean that US political organizatio=
ns that are opposed to the Likud party policies have been spied on by their=
own government and the intelligence passed to their political enemies?</di=
v>
<div><br></div><div>It certainly seems that the NSA didn't consider tha=
t possibility when they handed over the data.=A0</div><div><br></div><div>I=
t seems very likely to me that the NSA has been effectively intervening in =
domestic US politics and sabotaging the efforts of the Boycott, Sanctions a=
nd Disinvestment movement.=A0</div>
<div><br></div><div>What other political causes are they using their powers=
to tip the scales? Mexico is pretty unhappy with the lack of US gun contro=
l laws, is the NSA sharing raw intelligence with Mexico to help fight the w=
ar on drugs? Which other countries are in the 'swapsies' club.</div=
>
<div><br></div><div><br></div><div>During the Reagan administration the CIA=
handed Saddam Hussein a list of the major opposition leaders who were prom=
ptly murdered. Handing over raw intelligence seems to me to be a way to ach=
ieve the same effect with more plausible deniability.</div>
<div><br></div><div><br></div></div><div><br></div>-- <br>Website: <a href=
=3D"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>
--f46d04426f1cc843a104edead550--
--===============5089567156695794745==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5089567156695794745==--
