Skip to main content

View Diary: NSA Built the Back Doors and Made Them Standard (158 comments)

Comment Preferences

  •  exactly (10+ / 0-)
    It means that the security conventions used globally for encrypting data are compromised by the NSA and compromisable by others. This backdoor is probably already being used by Chinese hackers to harvest data from the global communications network.
    The Dual_EC_DRBG bit was known to be herky since 2006, and was largely abandoned.  But how many other encryption methods (SSL, TLS, 3G/4G, AES, TKIP, WEP, etc) were also created with NSA back doors?

    No one knows, but are you willing to bet the company on these protocols NOT being compromised already?

    And the last known truely independant computer encryption (PGP) is so old (20+years), its pretty compromised as well.

    this has instantly crippled a lot of hardware backbone companies... no major company or foreign government wants their stuff

    We have no desire to offend you -- unless you are a twit!

    by ScrewySquirrel on Thu Sep 12, 2013 at 10:15:00 AM PDT

    [ Parent ]

    •  How is PGP compromised? (4+ / 0-)
      Recommended by:
      DRo, whenwego, AoT, duhban

      The article says that backdoors were inserted into this standard, not that encryption based on factoring large numbers is obsolete.

      I'm not trying to argue; I'm hoping you know something I don't.

      To believe that markets determine value is to believe that milk comes from plastic bottles. Bromley (1985)

      by sneakers563 on Thu Sep 12, 2013 at 10:32:30 AM PDT

      [ Parent ]

      •  Its old. (0+ / 0-)

        and long in use.  Most people in Crypto are as sure its been broken, just from long effort. SSL is similarly broken -- with a large enough pool od data, you can eventually break the code

        We have no desire to offend you -- unless you are a twit!

        by ScrewySquirrel on Thu Sep 12, 2013 at 11:37:45 AM PDT

        [ Parent ]

        •  PGP is NOT broken (9+ / 0-)

          Who are these people who consider PGP is broken? Snowden himself would not communicate with Greenwald until the latter starting using PGP.

          PGP is a protocol of encrypting e-mails and creating a public-key infrastructure a.k.a. the PGP web of trust.

          PGP uses multiple cryptographic techniques, such as AES to symmetrically encrypt the data, RSA to asymmetrically encrypt the (symmetric) message encryption key and SHA-2 hashes to create cryptographic signatures of the message.

          For each of these steps you can use alternatives if you think the defaults are insecure.

          It is true that some components in this chain that were previously used as the default are now considered insecure (but not necessarily broken) by the cryptographic community. For example, 10 years ago the maximum key size of a public/private key pair was 1024 bit, which today a well-funded adversary (read: the NSA) can crack by brute force. The same keys size is also used overwhelmingly in SSL so it is similarly vulnerable. However, there is a simple fix: doubling the key size increases the difficulty of cracking it exponentially. Today the maximum key size in PGP is 4096 bit and the creation of even bigger keys is possible by simply recompiling the program.

          TL;DR:

          PGP is NOT cracked.
          SSL is also not cracked (but the trust model is broken and always has been).

          •  Correct me if I'm wrong, but isn't it game (3+ / 0-)
            Recommended by:
            hesk, DRo, cville townie

            over if the physical hardware is hacked into or confiscated wherein the private key lies?  

            •  Physical/remote access is the ultimate backdoor (3+ / 0-)
              Recommended by:
              AoT, gooderservice, cville townie

              If they can access your system, either physically (by breaking into your home or taking your phone at the airport) or remotely (by planting a trojan on your system), then they can intercept the cleartext before it is ever encrypted.

              Even then, previously encrypted data would still be protected if the key is large enough and you use a good passphrase: https://xkcd.com/...

              However, with PGP there is a possibility to minimize the threat of an adversary stealing your key when they confiscate your equipment at an airport. It goes like this:

              1. You create a master private key on a machine that is never ever connected to the network (called an airgap).
              2. You create subkeys which you use daily for encryption.
              3. You copy the subkeys from the airgapped machine to your phone.
              4. If you think your subkeys have been compromised (e.g., you had to give up your phone for a while at the airport), you use the master private key on the airgapped machine to create a revocation certificate for the compromised subkeys and start over with step 2.

              More info can be found here: https://wiki.debian.org/...

              This procedure is for the really paranoid. In reality it should be enough if more people simply start using PGP regularly. Then, encryption would no longer be suspicious but normal. It would also defeat some of the surveillance systems (e.g., keyword scanners, but not meta data analysis) and make it generally more expensive (the NSA keeps encrypted data forever).

              •  Thank you. (4+ / 0-)
                Recommended by:
                maxschell, hesk, DRo, sneakers563

                But I really have no idea what this means:

                1. You create a master private key on a machine that is never ever connected to the network (called an airgap).
                2. You create subkeys which you use daily for encryption.
                3. You copy the subkeys from the airgapped machine to your phone.
                4. If you think your subkeys have been compromised (e.g., you had to give up your phone for a while at the airport), you use the master private key on the airgapped machine to create a revocation certificate for the compromised subkeys and start over with step 2.
                I kind of get gist... maybe, or maybe not.

                But thank you for responding.  I will follow your links and read up on it.  Thanks again.

                •  Basically that means (1+ / 0-)
                  Recommended by:
                  DRo

                  that you generate all your encryption keys on a machine that's not connected to a network (airgapped) and then manually copy them machines that are.  If you install software on the airgapped machine that is known to be good, it can't be hacked without someone physically entering your home, so you can be reasonably confident in the keys it produces.  You then only use those keys on your connected devices.  If you have reason to suspect that your connected device has been compromised, you replace those keys with a new set from the airgapped computer.

                  That said, that process is a bit of a PITA.  That's really the problem here.  It is possible to maintain strong privacy, but you have to be really committed and diligent.  Most people decide (perhaps wrongly) that it's not worth it.

                  To believe that markets determine value is to believe that milk comes from plastic bottles. Bromley (1985)

                  by sneakers563 on Thu Sep 12, 2013 at 04:30:49 PM PDT

                  [ Parent ]

                  •  First question, and then if you are kind enough (2+ / 0-)
                    Recommended by:
                    DRo, sneakers563

                    to answer this, I have a second question.

                    What does airgap mean?

                    •  The computer isn't connected to a network (2+ / 0-)
                      Recommended by:
                      gooderservice, DRo

                      It's a euphemism, meaning it's separated from every other computer, as if there was a gap of air between it and them.

                      To believe that markets determine value is to believe that milk comes from plastic bottles. Bromley (1985)

                      by sneakers563 on Thu Sep 12, 2013 at 04:38:43 PM PDT

                      [ Parent ]

                      •  Do I understand you correctly that I create (1+ / 0-)
                        Recommended by:
                        sneakers563

                        a private key on a machine that is not connected to the Internet, and I copy it onto a machine that is connected when I want to use it, that without someone physically entering my home or office, they will never have access to the private key?

                        And "third" question, how do you copy the private key from a machine that's not connected to the internet over to one that is?  thumb drive?  And one does that whenever one wants to send an email?  is that what you're saying?  

                        Thank you.

                        •  That's close (1+ / 0-)
                          Recommended by:
                          gooderservice

                          Give me a few mins to look at that debian wiki entry to make sure I understand what they're describing.

                          To believe that markets determine value is to believe that milk comes from plastic bottles. Bromley (1985)

                          by sneakers563 on Thu Sep 12, 2013 at 05:00:16 PM PDT

                          [ Parent ]

                        •  Alright - hopefully Hesk will chime back in (1+ / 0-)
                          Recommended by:
                          DRo

                          because i'm not sure I understand all the implications of what he/she's saying, but this is my best interpretation.  I apologize for the length.

                          Basically, you can do two things with a key, you can either digitally sign something, so that everyone knows it was generated by you and no one else, or you can decrypt a message sent to you.  To do these two things, you need two different types of key, a private key and a public key.  

                          To digitally sign something, all you need is a private key.  As long as no one else has access to it, it would be very hard to reproduce, and therefore gives a guarantee that something signed by it is from you.  Signed does not mean encrypted, though.

                          Encryption requires two keys, a private and a public.  Messages are encrypted with the public, and decrypted with the private.  Therefore, to send someone else an encrypted message, you need their public key.  If someone sends you a message encrypted with your public key, you decrypt it with your private key.  

                          Alright, so what this means is that in order to decrypt something on your phone, for instance, you need to have a private key on it.  This puts it at risk.  So what you do is you make a master private key that you keep on a disconnected computer.  You then generate a set of subkeys that you sign with the master private.  That way anyone sending you encrypted info knows that public key is actually from you.  Those keys are the ones you then put on your connected devices.  If they get compromised in some way, you can then use your master private key to revoke the old subkeys (mark them as invalid), and generate a new set for use instead.  Again, because both the revokation and the new issuance are signed by your master private, everyone knows that neither are faked.

                          OK, so back to your questions:
                          1) If the master private stays on the disconnected computer, then no one will have access to it unless they have physical access to the computer.  However, the private subkey gets copied to a connected device, so it could, in theory, be compromised.  It's regarded as somewhat sacrificial in that regard.

                          2) Yes.  However, you wouldn't do that whenever you use your email.  You would keep using it until you thought it might be compromised.  In that case, you would issue a new subkey from the master, and use that instead.  Also, keep in mind that you are using the private key to decrypt messages sent to you.  If you wanted to send an encrypted message, you would need the public key of someone else.  They would have their own private key that they would use to decrypt it.

                          As you can see, this gets quite complicated.  PGP (or the open-source version, GPG) handles a lot of the details for you.

                          One last thing: the private key is itself often encrypted.  What this means is that even if someone were to acquire your private key, they would not necessarily be able to use it.  In that sense, I think what Hesk is proposing is more along the lines of ensuring that the keys are generated correctly, and allowing you to revoke keys reliably, so that in the worst case where someone acquired your old private subkey and broke the encryption, you could be confident that future communications are protected by a new subkey.

                          To believe that markets determine value is to believe that milk comes from plastic bottles. Bromley (1985)

                          by sneakers563 on Thu Sep 12, 2013 at 05:31:49 PM PDT

                          [ Parent ]

              •  Here's an informative podcast from Steve (3+ / 0-)
                Recommended by:
                maxschell, hesk, DRo

                Gibson from grc.com

                Hosts: Steve Gibson with Leo Laporte

                LastPass and the NSA, MyOpenID, Patch Tuesday, NSA versus encryption, and more.

                Security Now (a weekly podcast)

                Steve Gibson is the security guru and is the first person to discover spyware and name it such.

                The transcript from Episode 421 has not yet been posted.

        •  Well (2+ / 0-)
          Recommended by:
          sneakers563, AoT
          Most people in Crypto are as sure its been broken, just from long effort.
          Can you provide a citation for that? I have heard no such talk from cryptographers I respect, though I admit I haven't been following the field as closely as I used to.
    •  AES256 does not have backdoors (2+ / 0-)
      Recommended by:
      cyberKosFan, T100R

      And is basically uncrackable. It's just pure algebra and there is just no way to do it. Cracking AES would be  comparable to implementing cold fusion or perpetual motion.

      You'd basically need to discover an entire field totally unknown today.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site