Pages:
Author

Topic: NSA might be behind weakening of Android Random Number Generator problem (Read 4522 times)

legendary
Activity: 1442
Merit: 1000
Antifragile
Don't be so sure that you can't plant backdoors in open source software.

I used to pretty much assume that every time I run "yum update" or "yum upgrade" a CIA officer could be in some RedHat (or mirror site) office telling some techie "Yes, that's the guy. He gets the worm/trojan".

Basically that they could target, everyone else getting a perfectly normal copy of whatever thing they wanted me to have a backdoored copy of while I get the backdoor.

-MarkM-


Some interesting ideas in this thread and this one seems quite believable. Keep it "open source" but plant upgrades into certain IP addresses. Do people have access to the upgrade systems of these open source software companies? Seems like a trusted download site would be a bit more secure, but anything is possible - man in the middle type of things are always there.

I imagine though, that the orders come from few and it certainly looks like the empire is having its challenges (e.g. Syria) to expand it's bringing of "Democracy" and "Stability", particularly the latter. All these wars now seem to be less about "winning" and more about just bringing instability. Not to go off tangent but I get the feeling, things are connected somehow. The software issue is probably key for very obvious reasons. And as others have mentioned, we can't forget hardware. (And how does one even look into it?)

It's About Sharing
legendary
Activity: 1106
Merit: 1026
BTW hiding RNG faults in an open source OS is a really bad idea. The worst faults were in Jellybean, released end of 2012. Less than a year later the Bitcoin community discovered the issue. If that's the NSA's plan to undermine public crypto, they suck at it.

Assumed they achive to implement a flaw and keep it secret for almost a year within one of the most popular mobile phone operation systems.. I'd say that is pretty impressive.

Google, Apple, Yahoo and many more are directly involved. Microsoft seems to be completely compromised (ref #1, ref #2, ref #3) and this is only the tip of the iceberg. The situation is much worse. And there are many points of failure and possible attack vectors on almost every level. Just imagine how many different pieces of software and hardware are in use at the same time/frequently. Only one successful exploit might be enough to do something naughty, even if 139 others fail. Understanding this is absolutely critical. It doesn't matter how long one of them in particular lasts, if they constantly plant new seeds everywhere.

I'm aware that I'm mixing different topics right now, but I felt like this needed some special attention. Smiley
legendary
Activity: 2940
Merit: 1090
Well its not like I never heard of the use of coloured hats as a symbolism, nor am ignorant of what lurks in Virginia.

I stuck with RedHat for much the same reason that I never moved my strategically important domains (knotwork.com and knotwork.net) from the original NIC when it changed its name to, or at least migrated the DNS services to, Network Solutions.  (One of the most expensive DNS providers, possibly Amway's might cost more but I think that is just itself Network Solutions too.)

Non-sequitur: I noticed today that we (brits, canucks, yanks, aussies and kiwis) are the new Groaci Cheesy Shocked !!!

-MarkM-
legendary
Activity: 1596
Merit: 1100
Quote

I used to pretty much assume that every time I run "yum update" or "yum upgrade" a CIA officer could be in some RedHat (or Mirror site) office telling some techie "Yes, that's the guy. He gets the worm/trojan".

Basically that they could target, everyone else getting a perfectly normal copy of whatever thing they wanted me to have a backdoored copy of while I get the backdoor.

Sure, they have the signing key after all.

There is a highly secured (note I did not say "secure") signing robot that signs packages after they are built on a build farm.

As long as you are "inside the moat" and appear to be a build machine passing along properly built RPMs, your packages will be robo-signed.

Same goes for most, if not all, other distros.  The signing takes place somewhere in the automated build system apparatus.



legendary
Activity: 2940
Merit: 1090
Don't be so sure that you can't plant backdoors in open source software.

I used to pretty much assume that every time I run "yum update" or "yum upgrade" a CIA officer could be in some RedHat (or mirror site) office telling some techie "Yes, that's the guy. He gets the worm/trojan".

Basically that they could target, everyone else getting a perfectly normal copy of whatever thing they wanted me to have a backdoored copy of while I get the backdoor.

The only answer is extensive review and building robust systems which are not as vulnerable to single points of failure.  (On this regard, I'm kind of sad that none of the first wave of hardware wallets will target doing multisignature…)

As I went to post now though I wondered why I had "just assumed" they could do that, because of course they would need, for most packages, the developer to sign it, and presumably my system would expect whatever key it already has for that developer to match?

But think about it, surely somewhere in all the packages I install there must be at least one which RedHat "itself" signs?

So despite momentarily second-guessing myself (been awake too long I guess, bedtime soon for me I think) isn't yum an autobahn whereby RedHat can compromise my system to heck and gone any time the right agency persuades them the right way?

NOTE: In RedHat distros, "yum" is their equivalent of what other distros call "apt" or "apt-get": an auto install/update/upgrade too for installing packages.

-MarkM-

kjj
legendary
Activity: 1302
Merit: 1026
Anyway. Once the full details are made public you can review them and decide for yourself. Occam's Razor and all that. BTW hiding RNG faults in an open source OS is a really bad idea. The worst faults were in Jellybean, released end of 2012. Less than a year later the Bitcoin community discovered the issue. If that's the NSA's plan to undermine public crypto, they suck at it.

This (visibility) is the key point.

(I had more commentary, but the forums ate it.)
legendary
Activity: 2940
Merit: 1090
Some cryptos proposed for approved use by agencies other than the actual NSA itself and maybe various "codeword" operations or agencies that administer such operations had/have mysterious "magic numbers" in them that caused some mathematicians to wonder whether those numbers were actually keys themselves. That is, authors can claim the number happens to be one carefully prepared to make the rest of the algo optimal but maybe only optimal if you (and everyone else) do not know its keypair partner (maybe in some completely classified/codeword not-published clever keypair scheme).

I googled these links:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

His face looks familiar so I think his site might be where I had read about backdoors built directly into crypto algorithms a while ago.

Haven't checked out who he really is though, is he a FUDdite or a respected cryptographer doing important work?


According to Tom Clancy novels it is normal to pay software developers to put backdoors into code, heck the one I just re-read introducing President Jack's grown up son has him spying on banking system all over Europe thanks to all the banks using super secure stuff the NSA/CIA had at least a small hand in.

Heck after the terrorists nuked Denver would you even blame them? Its an undeclared war, afterall...


Which is stranger, truth or fiction?

Which would it take to justify such things, world wars I and II, the cold war, the nuking of  denver, 9/11 or the 2012 embassy attacks? What if all those were real history? Or most of them, even?

-MarkM-
member
Activity: 87
Merit: 12
Why bother with software when you can just stuff hardware backdoors into the cpu.

I've been thinking about this too.  Does anyone here have sufficient expertise to comment on the likelihood or practicality of cryptographic exploits built into off-the-shelf hardware (CPU's, motherboards, etc.)?
legendary
Activity: 3430
Merit: 3080
it is a fact that TLA's employ vast amounts of mathematicans, which suggest they are a few years advantage than the unwashed masses.

Sure, security services employ them, but the implying of their advanced capabilities is both unprovable and told to us by an unreliable actor. They have a strong motivation that the vast majority of us finding ourselves unable to prove their claims should be led to believe these unfalsifiable suggestions.

"Errors are generally only fixed if someone complains about it. (QA or customers)" - this is the part where it becomes interesting to look at bitcoin. people DO complain when their money gets stolen. the world can thank us later.

I am very fond of this observation. Nothing will concentrate so many minds on the base mathematics of ECDSA and SHA-2, and their algorithmic implementations, like a successful cryptocurrency system run on a worldwide public network. Something tells me that, and forgive me for making what seems like a prosaic observation, that this is very much the beginning of the story of the developing world financial infrastructure. We have a spectacular design to build on for now, but even those that can see far and wide with respect to world developments never predicted the importance of something like the cryptocurrency concept, even the science fiction writers gloss over any details of systemic changes, they just assume there will be a change and treat the design concepts and popular movements that could propagate them as given, that they could never warrant their own story or have a revolutionary impact to explore in their fiction.  
newbie
Activity: 57
Merit: 0
Yes, I agree. NSA and dictator Obama are behind this.

My real point, if it is not clear, is EXTREME EFFORT should be spent in looking at these interfaces between our the cryptographic security (e.g. SHA256) and it's technical implementation.
The "back doors" or "weak points" will be in plain site and easily overlooked. e.g. - The android random number generator.
We patch these weak points or saboteured areas, and we will be good.

IAS


The problem is that these backdoors could be hidden in plain sight, and we may never find them.

Why bother with software when you can just stuff hardware backdoors into the cpu.
hero member
Activity: 668
Merit: 501
I am very suspicious about this issue.
My assumptions:

Very large bodies of software are written badly. Even an absolute majority of software. this is not a conspiracy, it's a sad fact of life.
Errors are generally only fixed if someone complains about it. (QA or customers)
Various TLA are actively looking for flaws in crypto systems.
If they find one, they exploit it secretly and do not report it, so the flaw can stay there for a long time.
a semi-weak RNG is the best angle, short of a root backdoor, to total control, especially if you already sit on a big pipe, listening, because it makes all crypto futile.
a semi-weak RNG is better than completely broken, because powerful TLA's can break it, random hacker guy can't. so it is still perceived as secure.
it is a fact that TLA's employ vast amounts of mathematicans, which suggest they are a few years advantage than the unwashed masses.
-----------
my personal conclusions:
don't trust any hardware RNG exclusively.
DO audit the full stack of RNG and crypto libs, if you see something say something, even if you think it sounds stupid.
hardware "accellerators" for crypto, AES or RNG - provide a very obvious angle for attack, use software alternatives if possible.
don't assume "it is a NIST standard, so it must be OK"
---------
"Errors are generally only fixed if someone complains about it. (QA or customers)" - this is the part where it becomes interesting to look at bitcoin. people DO complain when their money gets stolen. the world can thank us later.
hero member
Activity: 511
Merit: 500
Hempire Loading...
NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.
The public would never know if this tool reports everything it finds, or if it keeps certain bugs to itself:

https://scan.coverity.com/

Quote
Coverity Scan™ was initiated with the U.S. Department of Homeland Security in 2006 to help improve open source software quality and security. Coverity now manages the project as a free service to the open source community.

Correct me if I'm wrong...but this page seems like Coverity is overwhelmingly closed source...->

http://www.coverity.com/end-user-licenses/index.html

Which would indicate to me that the post above could very well be accurate...the checks and balances program has no open source checks and balances, thus the directives given could have built-in loopholes that a developer wouldn't even be aware they were introducing.  Reminds me of that movie...the net, except smarter than being the anti-virus company...it's the anti-virus company's anti-bug company, a wholly owned subsidiary of HS/NSA.  Which to most people means shit-all...which is the point.
legendary
Activity: 1400
Merit: 1013
NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.
The public would never know if this tool reports everything it finds, or if it keeps certain bugs to itself:

https://scan.coverity.com/

Quote
Coverity Scan™ was initiated with the U.S. Department of Homeland Security in 2006 to help improve open source software quality and security. Coverity now manages the project as a free service to the open source community.
legendary
Activity: 2053
Merit: 1356
aka tonikt
I think it is unlikely that people working for NSA would have discovered an exploitable bug, before people who don't work for NSA.
Personally I don't find the kind of people that work for intelligence agencies as particularly intelligent - if they were intelligent, they would have had an honest job.
So IMO, NSA employees have much lower chance to find security holes in open source code than the rest of the world.

I disagree completely with this assessment.

So much so that it makes me wonder about bitcointalk PsyOps Smiley

You might be right. As they say; everyone perceives others through who they are themselves.

From my perspective, I consider myself smart enough to not need being any spy agency whore.
But others - they might find it as a noble occupation, especially if it pays well... Smiley

I must say that I personally don't know any people who would admit working for a secret service, so I have no statistical data whatsoever to support my thesis that they are all stupid.
But at the other hand I know a few people who are definitely smart and would never agree to work for a secret service nor a military industry.
full member
Activity: 177
Merit: 101
This is something we (now) have to consider, if you already hadn't. In the interview a few weeks or month back on Let's Talk Bitcoin with the computer scientist who discovered the low entropy of the android based random number generator that was generating 9 bits (and not 256, if I remember correctly) of entropy he stated he found 2 points of weakness and it was VERY suspicious to him.

No, it was 64 bits of system wide entropy. It is quite different thing compared to 9 bits.
legendary
Activity: 1596
Merit: 1100
I think it is unlikely that people working for NSA would have discovered an exploitable bug, before people who don't work for NSA.
Personally I don't find the kind of people that work for intelligence agencies as particularly intelligent - if they were intelligent, they would have had an honest job.
So IMO, NSA employees have much lower chance to find security holes in open source code than the rest of the world.

I disagree completely with this assessment.

So much so that it makes me wonder about bitcointalk PsyOps Smiley

legendary
Activity: 2053
Merit: 1356
aka tonikt
Did the NSA plant the flaw?  Seems unlikely.

Were they aware of the flaw, and could have included it in their suite of tools?  Absolutely.  NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.
I think it is unlikely that people working for NSA would have discovered an exploitable bug, before people who don't work for NSA.
Personally I don't find the kind of people that work for intelligence agencies as particularly intelligent - if they were intelligent, they would have had an honest job.
So IMO, NSA employees have much lower chance to find security holes in open source code than the rest of the world.

Therefore, I still think that a more likely theory would be that they planted a backdoor there, just making it look like a bug - such a thing does not requite a lot of skills.
Though it is quite possible, as gmaxwell suggested, that they would do it through a planted employees, and not necessarily by pushing on Google from the top, or bribing it.
Not because Google is so honest that it would not let them, but rather because hiding it would have been much harder then.

Either way, as the bitcoin users, it taught us a good lesson - I think what we've learned from it was totally worth it.
It will make us much more careful in a future with trusting third party software, especially such that comes from US based corporations.
And yet I am still using CryptGenRandom in my bitcoin wallet software... Tongue
legendary
Activity: 1526
Merit: 1134
The good news about the NSA is they do have fear. Apparently when Phil Zimmerman announced Silent Circle they circulated an email titled "This can't be good". It does seem that done properly strong crypto still works, modulo this super mysterious 2010 "breakthrough" they made.

Whilst Silent Circle is proprietary, RedPhone and TextSecure are not anymore thanks to Twitter. I installed them both a few days ago. I didn't get RedPhone working yet unfortunately, but both apps get good reviews and are slickly implemented. More importantly they're doing end to end crypto. I think we'll see more of that kind of thing in future - people are starting to recognise now that end to end crypto is important, it's not just for tinfoil hatters, and also that building something secure that has poor usability is a waste of time.

The next stages of this game will be very interesting indeed. I anticipate much more aggressive moves from both attackers (NSA/GCHQ) and defenders (the wider software/internet engineering community).
staff
Activity: 4284
Merit: 8808
Don't be so sure that you can't plant backdoors in open source software.  Some of the mistakes I make on non-released code would be really awesome ultra-subtle backdoors.

... but it really doesn't matter.  We need to be vigilant in auditing the tools we use, and we need to use open tools which can be audited.  This will catch both intentional back doors as well as honest mistakes.

At the end of the day if we want secure systems this is what we must do... because no matter how trustworthy a vendor is, everyone can make mistakes.

Short of more leaked NSA documents, I suspect we'll never know if most possible backdoors were intentional or accidental. If google is gaining backdoors like that I'd put a bigger bet on it being via planted employees than on it being company policy: the former is a lot easier to keep secret than the latter.  ... and that same kind of weakness could exist anywhere— in google things, in community developed things, anywhere.

The only answer is extensive review and building robust systems which are not as vulnerable to single points of failure.  (On this regard, I'm kind of sad that none of the first wave of hardware wallets will target doing multisignature…)

legendary
Activity: 1190
Merit: 1004
I would be more concerned with proprietary software than open-source software. Mike is right in that the NSA would find it easier to hide back-doors in proprietary software. This is a good reason to switch to open-source. Indeed problems with open-source software will remain there until somebody discovers it but the point is it's still easier to hide in proprietary software. Though I don't deny that the NSA might have been behind this and it's absolutely disgusting that they have and do get away with things like this.
Pages:
Jump to: