The NSA and its British counterpart defeat encryption technologies by working with chipmak...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
The NSA and its British counterpart defeat encryption technologies by worki
ng with chipmakers to insert backdoors, or cryptographic weaknesses, in the
ir products  

This backdoor--discovered in September--affects the 'seed' that is used as  
a basis for encryption and explains how NSA can 'spy' on encrypted traffic,
 even if the don't have a key to Google servers (which they do, but that's  
another exploit).

Also of interest is that Linus Trovalds is completely wrong if he thinks he
 can stop this by using extra 'off-chip' random sources to thwart this.  Th
is is explained in some of the comments to this story and others at arstecn
ica.

RL

http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip
-based-crypto-freebsd-developers-say/


This post was updated on December 16 to make clear that for most of FreeBSD
's history, it wasn't possible to use RDRAND and Padlock as the sole source
 of random numbers fed to the /dev/random engine.

Developers of the FreeBSD operating system will continue preventing users f
rom trusting processors manufactured by Intel and Via Technologies as the s
ole source of random numbers needed to generate cryptographic keys that can
't easily be cracked by government spies and other adversaries.

That decision, which will be effective in the upcoming FreeBSD version 10.0
, comes three months after secret documents leaked by former National Secur
ity Agency (NSA) subcontractor Edward Snowden said the US spy agency was ab
le to decode vast swaths of the Internet's encrypted traffic. Among other w
ays, The New York Times, Pro Publica, and The Guardian reported in Septembe
r, the NSA and its British counterpart defeat encryption technologies by wo
rking with chipmakers to insert backdoors, or cryptographic weaknesses, in  
their products.

Re: The NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products

RayLopez99 submitted this idea :

[...]

Quoted text here. Click to load it

Could you elaborate?



Re: The NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products

On Monday, December 23, 2013 3:03:22 AM UTC+8, FromTheRafters wrote:  
Quoted text here. Click to load it
s he  
Quoted text here. Click to load it
 This  
Quoted text here. Click to load it
nica.

Yes, the seed for the random number generator built into the Intel chip is  
widely believed to have been compromised by NSA.  So Torvalds claims to get
 the seed for Linux? servers not only from the 'built in' Intel RNG, but al
so "off-chip" like for example going to Random.org and getting a seed there
, or concatenation of system time with the compromised seed, #no. of recent
 mouse position movements, recent keystrokes, etc.  However, learned cyptog
raphers say, contrary to Torvalds claim, that such off-site efforts only ob
scure and don't really do away with the claimed vulnerability.

That's the best I can do without providing links, which I've lost. Given th
at Torvalds is a bit of a blowhard, like our fiend Dustin, my gut sides wit
h the critics of Torvalds.

RL

Re: The NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products

Dustin wrote:  

Quoted text here. Click to load it

Hell, even US companies that design chips and have them made in China
have discovered they didn't get what they ordered.  

You can't trust the Chinese, the US government, or even RSA security! Who
the fuck can be trusted?

--  

They who can give up essential liberty to obtain a little temporary safety,
 deserve neither liberty nor safety. - Ben Franklin

Site Timeline