Pages:
Author

Topic: NSA might be behind weakening of Android Random Number Generator problem - page 2. (Read 4513 times)

legendary
Activity: 1596
Merit: 1100
Yes, this subject was covered here:

     http://www.reddit.com/r/Bitcoin/comments/1lt8tt/speculation_are_bitcoin_thieves_revealing_nsa/

Did the NSA plant the flaw?  Seems unlikely.

Were they aware of the flaw, and could have included it in their suite of tools?  Absolutely.  NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.

And ironically, bitcoin thieves are working to help secure us from NSA software backdoors.  Smiley

legendary
Activity: 2053
Merit: 1356
aka tonikt
But I am, not accusing Mike of anything.
I am accusing Google of collaboration with NSA.

Considering today's headlines, shouting about NSA being able to break all kind of cyphers, thanks to exploits planted in all kind of software - why would we not assume that Android is on their list?
Just think about all the circumstances around this specific problem and its alleged fix that introduced "even worse set of bugs"...

Is Mike's explanation plausible - yes, it is.
But is it more plausible then an NSA designed backdoor theory - IMO, no!
staff
Activity: 4284
Merit: 8808
I think we all understand your explanation, but some of us just don't quite believe that the alleged broken fix has not been an NSA approved "solution".

I don't know how you guys work there in Google, but all the companies I have worked in, when they fix a bug, they also create test cases, to make sure that the problem has actually been fixed.
And you are saying that they fixed such a critical security issue, though without realizing that they didn't actually fix it...
Well, it would mean that either Google is lamer than a drunk teenage girl, or somebody is just trying to sell us some fairy tales.
Piotr_n, show some civility!

Mike isn't an android developer, he's not Google CEO, this isn't his mistake.  The new bug, which has not yet been disclosed by Google, is apparently an entirely different bug than the old one.  I have no doubt that they tested the fix for the old bug and were confident that it was fixed... but a test for an old bad behavior doesn't always show the new one.

In any case, I'm not subject to any Google confidentiality agreements and have no privileged access to the bug information in this case, and I think other people know about this class of weakness already... so I suppose I can tell you what my guess of the bug is:  I think android was seeding the OpenSSL RNG at start and then forking more processes and, in the coarse of doing so, copying the RNG's state. OpenSSL has automatic seeding of its internal state from the OS, but it only fires once. If you aren't careful with the use of fork you can end up with processes that have duplicate copies of the RNG state.  I don't know that this was the case on android, but it's a bug other people have had before, which the workaround proposed for android would have fixed.  But it is entirely unlike the harmony bad RNG problems, and while you can always fault someone for making a critical security mistake, this isn't one that would have resulted from a straight up sloppy QA practice.
legendary
Activity: 2053
Merit: 1356
aka tonikt
I think we all understand your explanation, but some of us just don't quite believe that the alleged broken fix has not been an NSA approved "solution".

I don't know how you guys work there in Google, but all the companies I have worked in, when they fix a bug, they also create test cases, to make sure that the problem has actually been fixed.
And you are saying that they fixed such a critical security issue, basically a backdoor, though without realizing that they didn't actually fix it...

Well, it would mean that either Google is lamer than a drunk teenage girl, or somebody is just trying to sell us some fairy tales.
legendary
Activity: 1526
Merit: 1134
Sigh. The fault described in the RSA paper was in the pre-Jellybean version of the RNG. It was "fixed", unfortunately the fix involved replacement of the bad RNG with one that had a different and even worse set of bugs, which were not publicly reported until the Bitcoin event.
legendary
Activity: 1442
Merit: 1000
Antifragile
Perhaps they don't want to take action unless there is a risk of them losing users/money.
Obviously.
The question is: why they don't want to take action?
I mean, they cannot be so stupid to not understand that not taking the action is basically leaving an open backdoor in their encryption libraries.
So why do they willingly keep the backdoor open?

Maybe because Google was initially funded by people with clear ties to the NSA?
legendary
Activity: 2053
Merit: 1356
aka tonikt
Perhaps they don't want to take action unless there is a risk of them losing users/money.
Obviously.
The question is: why they don't want to take action?
I mean, they cannot be so stupid to not understand that not taking the action is basically leaving an open backdoor in their encryption libraries.
So why do they willingly keep the backdoor open?
b!z
legendary
Activity: 1582
Merit: 1010
BTW hiding RNG faults in an open source OS is a really bad idea.
Bad idea that obviously worked - all the Android systems had been exposed to crypto attacks for years.
And they would probably still have been exposed, if not for the bitcoins users alerting the whole world.

Let me remind you that this weakness was publicly reported at least few months before Google fixied it.
And they fixed it only after some people lost their money, so Google was facing lawsuits.

Are we supposed to believe that Google just did not know about the RNG problem, before bitcoin users reported it?
Yeah, right.. Smiley
Well, I don't believe it.

Perhaps they don't want to take action unless there is a risk of them losing users/money.
legendary
Activity: 2053
Merit: 1356
aka tonikt
BTW hiding RNG faults in an open source OS is a really bad idea.
Bad idea that obviously worked - all the Android systems had been exposed to crypto attacks for years.
And they would probably still have been exposed, if not for the bitcoins users alerting the whole world.

Let me remind you that this weakness was publicly reported at least few months before Google fixied it.
And they fixed it only after some people lost their money, so Google was facing lawsuits.

Are we supposed to believe that Google just did not know about the RNG problem, before bitcoin users reported it?
Yeah, right.. Smiley
Well, I don't believe it.
legendary
Activity: 1456
Merit: 1018
HoneybadgerOfMoney.com Weed4bitcoin.com
Thanks for the information Mike.

Again, my point is just to lock down the weak points. Whether or not the NSA did anything is not so much the point (though it is a possibility and an attention grabber / worst case scenario that we should be open to.)

Were you the guy in the interview? Why say "I realise that you can see me as a part of the wider conspiracy"? The man in the interview was clear that it looked suspicious (2 weak points and not 1).

Point taken though,
Thanks again,
IAS

What mike says....believe me...if the times comes the btc becomes a threat to USA, the NSA will come up with something to destroy all blockchains with a type of virus or wurm...but I don't see that happening...we would all just move to anc or zerocoin backed...but then "that" coin is just a matter of time to be targeted...peraps an alt that is percieved to be anonymous will be the coin that has the conspiracy backdoors we rave of.
legendary
Activity: 1526
Merit: 1134
No it wasn't me in the interview.

The first set of RNG problems (pre-Jellybean) weren't even made by Google. They were inherited from Apache Harmony.
legendary
Activity: 1442
Merit: 1000
Antifragile
Thanks for the information Mike.

Again, my point is just to lock down the weak points. Whether or not the NSA did anything is not so much the point (though it is a possibility and an attention grabber / worst case scenario that we should be open to.)

Were you the guy in the interview? Why say "I realise that you can see me as a part of the wider conspiracy"? The man in the interview was clear that it looked suspicious (2 weak points and not 1).

Point taken though,
Thanks again,
IAS
legendary
Activity: 1526
Merit: 1134
I suspected this might come up.

So, I realise that you can see me as a part of the wider conspiracy, but I have more knowledge of exactly what went wrong with the Android RNG than is currently public (full details will be released at some academic conference in the coming months, I believe). The failure modes involved are quite straightforward and the kind of mistake that's very easy to make, given Android's architecture. No cleverness or NSA conspiracy is required - it's the kind of bug anyone could introduce accidentally without realising they'd done anything wrong.

Let's look at it another way. The NSA targets RNGs because it's possibly for them to break in subtle ways without anyone noticing for a long time. Evidence: the Debian OpenSSL fiasco that was obvious to anyone who simply reviewed the patches applied to their fork. No way was that an NSA covert op because it was so freaking obvious, it escaped detection for a  long time simply because nobody bothered to check that Debian wasn't doing something stupid.

Anyway. Once the full details are made public you can review them and decide for yourself. Occam's Razor and all that. BTW hiding RNG faults in an open source OS is a really bad idea. The worst faults were in Jellybean, released end of 2012. Less than a year later the Bitcoin community discovered the issue. If that's the NSA's plan to undermine public crypto, they suck at it.
b!z
legendary
Activity: 1582
Merit: 1010
Yes, I agree. NSA and dictator Obama are behind this.

My real point, if it is not clear, is EXTREME EFFORT should be spent in looking at these interfaces between our the cryptographic security (e.g. SHA256) and it's technical implementation.
The "back doors" or "weak points" will be in plain site and easily overlooked. e.g. - The android random number generator.
We patch these weak points or saboteured areas, and we will be good.

IAS


The problem is that these backdoors could be hidden in plain sight, and we may never find them.
legendary
Activity: 1442
Merit: 1000
Antifragile
Yes, I agree. NSA and dictator Obama are behind this.

My real point, if it is not clear, is EXTREME EFFORT should be spent in looking at these interfaces between our the cryptographic security (e.g. SHA256) and it's technical implementation.
The "back doors" or "weak points" will be in plain site and easily overlooked. e.g. - The android random number generator.
We patch these weak points or saboteured areas, and we will be good.

IAS
newbie
Activity: 28
Merit: 0
Yes, I agree. NSA and dictator Obama are behind this.
legendary
Activity: 1442
Merit: 1000
Antifragile
This is something we (now) have to consider, if you already hadn't. In the interview a few weeks or month back on Let's Talk Bitcoin with the computer scientist who discovered the low entropy of the android based random number generator that was generating 9 bits (and not 256, if I remember correctly) of entropy he stated he found 2 points of weakness and it was VERY suspicious to him.

Snowden released some more information and what I'm seeing is that SHA256 is indeed secure but the weakness would be in implementation and such. The NSA is becoming a Saboteur of implementation it seems.

The latest article regarding this (Sept 5) is here:
Latest Snowden revelation: NSA sabotaged electronic locks
http://www.latimes.com/opinion/opinion-la/la-ol-nsa-introduced-vulnerabilities-into-encryption-snowden-reveals-20130905,0,2218463.story

Snippet:
Quote
The latest Edward Snowden-powered exposé published by the New York Times, ProPublica and the Guardian is, to me, the most frightening. It reveals that the National Security Agency has moved beyond its historic role as a code-breaker to become a saboteur of the encryption systems. Its work has allegedly weakened the scrambling not just of terrorists' emails but also bank transactions, medical records and communications among coworkers.

Here's the money graf:

"The NSA hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world."

I'd be disappointed if the NSA hadn't figured out how to do that hacking trick. But adding vulnerabilities to standard encryption techniques? That's just making the job easier for hackers to make sense of the scrambled data they steal.

I wish I could add my help but I'm not a programmer. Hopefully bringing things like this to the attention of those capable of discovering these "flaws" will allow for their correction.

It's About Sharing
Pages:
Jump to: