Topic: NSA might be behind weakening of Android Random Number Generator problem - page 2. (Read 4538 times)

Yes, this subject was covered here:

     http://www.reddit.com/r/Bitcoin/comments/1lt8tt/speculation_are_bitcoin_thieves_revealing_nsa/

Did the NSA plant the flaw?  Seems unlikely.

Were they aware of the flaw, and could have included it in their suite of tools?  Absolutely.  NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.

And ironically, bitcoin thieves are working to help secure us from NSA software backdoors.  

But I am, not accusing Mike of anything.
I am accusing Google of collaboration with NSA.

Considering today's headlines, shouting about NSA being able to break all kind of cyphers, thanks to exploits planted in all kind of software - why would we not assume that Android is on their list?
Just think about all the circumstances around this specific problem and its alleged fix that introduced "even worse set of bugs"...

Is Mike's explanation plausible - yes, it is.
But is it more plausible then an NSA designed backdoor theory - IMO, no!

Piotr_n, show some civility!

Mike isn't an android developer, he's not Google CEO, this isn't his mistake.  The new bug, which has not yet been disclosed by Google, is apparently an entirely different bug than the old one.  I have no doubt that they tested the fix for the old bug and were confident that it was fixed... but a test for an old bad behavior doesn't always show the new one.

In any case, I'm not subject to any Google confidentiality agreements and have no privileged access to the bug information in this case, and I think other people know about this class of weakness already... so I suppose I can tell you what my guess of the bug is:  I think android was seeding the OpenSSL RNG at start and then forking more processes and, in the coarse of doing so, copying the RNG's state. OpenSSL has automatic seeding of its internal state from the OS, but it only fires once. If you aren't careful with the use of fork you can end up with processes that have duplicate copies of the RNG state.  I don't know that this was the case on android, but it's a bug other people have had before, which the workaround proposed for android would have fixed.  But it is entirely unlike the harmony bad RNG problems, and while you can always fault someone for making a critical security mistake, this isn't one that would have resulted from a straight up sloppy QA practice.

I think we all understand your explanation, but some of us just don't quite believe that the alleged broken fix has not been an NSA approved "solution".

I don't know how you guys work there in Google, but all the companies I have worked in, when they fix a bug, they also create test cases, to make sure that the problem has actually been fixed.
And you are saying that they fixed such a critical security issue, basically a backdoor, though without realizing that they didn't actually fix it...

Well, it would mean that either Google is lamer than a drunk teenage girl, or somebody is just trying to sell us some fairy tales.

Sigh. The fault described in the RSA paper was in the pre-Jellybean version of the RNG. It was "fixed", unfortunately the fix involved replacement of the bad RNG with one that had a different and even worse set of bugs, which were not publicly reported until the Bitcoin event.

Maybe because Google was initially funded by people with clear ties to the NSA?

Obviously.
The question is: why they don't want to take action?
I mean, they cannot be so stupid to not understand that not taking the action is basically leaving an open backdoor in their encryption libraries.
So why do they willingly keep the backdoor open?

Perhaps they don't want to take action unless there is a risk of them losing users/money.

Bad idea that obviously worked - all the Android systems had been exposed to crypto attacks for years.
And they would probably still have been exposed, if not for the bitcoins users alerting the whole world.

Let me remind you that this weakness was publicly reported at least few months before Google fixied it.
And they fixed it only after some people lost their money, so Google was facing lawsuits.

Are we supposed to believe that Google just did not know about the RNG problem, before bitcoin users reported it?
Yeah, right..
Well, I don't believe it.

What mike says....believe me...if the times comes the btc becomes a threat to USA, the NSA will come up with something to destroy all blockchains with a type of virus or wurm...but I don't see that happening...we would all just move to anc or zerocoin backed...but then "that" coin is just a matter of time to be targeted...peraps an alt that is percieved to be anonymous will be the coin that has the conspiracy backdoors we rave of.

No it wasn't me in the interview.

The first set of RNG problems (pre-Jellybean) weren't even made by Google. They were inherited from Apache Harmony.

Thanks for the information Mike.

Again, my point is just to lock down the weak points. Whether or not the NSA did anything is not so much the point (though it is a possibility and an attention grabber / worst case scenario that we should be open to.)

Were you the guy in the interview? Why say "I realise that you can see me as a part of the wider conspiracy"? The man in the interview was clear that it looked suspicious (2 weak points and not 1).

Point taken though,
Thanks again,
IAS

I suspected this might come up.

So, I realise that you can see me as a part of the wider conspiracy, but I have more knowledge of exactly what went wrong with the Android RNG than is currently public (full details will be released at some academic conference in the coming months, I believe). The failure modes involved are quite straightforward and the kind of mistake that's very easy to make, given Android's architecture. No cleverness or NSA conspiracy is required - it's the kind of bug anyone could introduce accidentally without realising they'd done anything wrong.

Let's look at it another way. The NSA targets RNGs because it's possibly for them to break in subtle ways without anyone noticing for a long time. Evidence: the Debian OpenSSL fiasco that was obvious to anyone who simply reviewed the patches applied to their fork. No way was that an NSA covert op because it was so freaking obvious, it escaped detection for a  long time simply because nobody bothered to check that Debian wasn't doing something stupid.

Anyway. Once the full details are made public you can review them and decide for yourself. Occam's Razor and all that. BTW hiding RNG faults in an open source OS is a really bad idea. The worst faults were in Jellybean, released end of 2012. Less than a year later the Bitcoin community discovered the issue. If that's the NSA's plan to undermine public crypto, they suck at it.

The problem is that these backdoors could be hidden in plain sight, and we may never find them.

My real point, if it is not clear, is EXTREME EFFORT should be spent in looking at these interfaces between our the cryptographic security (e.g. SHA256) and it's technical implementation.
The "back doors" or "weak points" will be in plain site and easily overlooked. e.g. - The android random number generator.
We patch these weak points or saboteured areas, and we will be good.

IAS

Yes, I agree. NSA and dictator Obama are behind this.

This is something we (now) have to consider, if you already hadn't. In the interview a few weeks or month back on Let's Talk Bitcoin with the computer scientist who discovered the low entropy of the android based random number generator that was generating 9 bits (and not 256, if I remember correctly) of entropy he stated he found 2 points of weakness and it was VERY suspicious to him.

Snowden released some more information and what I'm seeing is that SHA256 is indeed secure but the weakness would be in implementation and such. The NSA is becoming a Saboteur of implementation it seems.

The latest article regarding this (Sept 5) is here:
Latest Snowden revelation: NSA sabotaged electronic locks
http://www.latimes.com/opinion/opinion-la/la-ol-nsa-introduced-vulnerabilities-into-encryption-snowden-reveals-20130905,0,2218463.story

Snippet:

I wish I could add my help but I'm not a programmer. Hopefully bringing things like this to the attention of those capable of discovering these "flaws" will allow for their correction.

It's About Sharing