Topic: Schneier in the Guardian: all your coinz is belong to them? (Read 2826 times)

Articles also mention hardware backdoors and other weaknesses being implanted by the NSA agents. This is in addition to purposefully weakened crypto standards, examples of Windows OS backdoor (_NSAKEY), backdoored "standard" PRNG (dual_EC_DRBG), etc.
It appears that NSA is not in the business of national security, but in the business of mass surveilance and subversion of good, public crypto. Their "recommendations" of any specific constants or crypto techniques should be seen in this light.
I don't think they particularly care about Bitcoin - they might if it ever becomes significant in the international trade - but Bitcoin may become a collateral damage if secp256k1 was in any way influenced by the NSA shills at SECG. If secp256k1 does not include nothing-up-my-sleeve numbers, we have every reason to ask for an expert review.

It can be useful to have a windows test version installed on your laptop as dual boot default.
If somebody is very insistent to see your laptop (a family member, a friend or border control) you can make default start and let him see the windows test version which cannot see the ext3 and ext4 partitions(without additional drivers).
Using windows on a VM can be also useful if you need a program which doesn't exist as native linux.

Thanks for the link.. but I'm not sure that's what he was talking about in the Guardian piece.  It seems he was referring to assymetric encryption or digital signature algos.. at least, I'm not aware of a standard random number generator that uses discrete logs.

I'm surprised there aren't any DSA altcoins yet.

 

In any case, my apologies for the overly provocative subject title.

I would not say that categorically.  The NSA and more generally elements of the US's intelligence, military and diplomatic bodies need secure tools and methods as much as anyone.  That said, they also have more reason than, say, academics to wish to subvert and exploit the communications and systems of others so I would treat everything they've influenced with a _large_ degree of suspicion.

This reminds me of one of the more amusing ways to detect if one's systems have been hacked:  Security issues are miraculously and inexplicably fixed.

I also do not think it is a stretch for a lot of people to earnestly believe that they are doing good and necessary work by subverting systems on behalf of the US government.  For many others it's probably just a job or some combination of the two factors.  I disagree at this point in my life that the kind of subversion that the NSA is accused of is a net positive in part because I think the results are almost certain to be used for nefarious purposes and to the detriment of most of the population at some point, but I didn't always feel that way.

The latest revelations makes either choice unwise.

The NSA cannot be trusted to be acting in good faith in ANYTHING it produces. Mathematicians/engineers who have done this kind of subterfuge should be deeply ashamed with themselves, producing error-ridden material and/or knowingly broken mathematics as your "best effort contribution to human progress" is about as low as you can go on the scientific ethics scale.

Bitcoin uses standard, NIST (and likely NSA) recommended curve parameters. Are these chosen based on some rationale, or just chosen, ahem, randomly by, ahem, unknown people? Was there any obvious danger in using different constants?

I would trust Free Software / Open Source code written by the NSA or some other government agency long before trusting any propriety software particularly that written by Microsoft or Apple.

Ironically there is a far greater chance of an NSA backdoor in propriety software from Microsoft or Apple than in SE Linux or Security Enhancements for Android.

^^ Well if you want to go there there is always se linux:

http://en.wikipedia.org/wiki/Selinux

Another NSA contribution.

Just as I suspected. The NSA pretends to be "helpful" while biasing systems to their favor (when possible). I imagine their contributions to the Android OS are similarly motivated.

The NSA Has Inserted Its Code Into Android OS, Or Three Quarters Of All Smartphones

The reason he mentions constants and EC is because of this:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

That statement is not an allegation. He says "prefer," not "omg public key cryptography is hacked!" It is well-established that public-key cryptography requires much larger keys than symmetric cryptography to achieve comparable levels of security.  Further, many public key systems rely on centralized databases to distribute public keys, which are vulnerable to man-in-the-middle attacks. That is the trade-off you pay for the convenience of encrypting something that can be decrypted by someone you may never have met (and therefore never have had the opportunity to securely trade the key necessary for symmetric encryption).

Bitcoin is very resistant to the latter, as the "database" is a public ledger distributed on every computer running a node. As for the former, it is a matter of perspective - very unlikely that the NSA has a practical (i.e., worth the effort) method of cracking a single address in a timely fashion, and every time you move bitcoins they would have to start from scratch with a new address.

I'm not suggesting these people would want riches beyond comparison, that's what the kind of deal that the incumbent system is trying to convince them they are looking for, but, before cryptocurrency gave us a financial system that is difficult to control, there was no permanent and reliable method of getting recompense to technologists who might want to break out. And like I said, the whole design ethos behind the Satoshi-model of cryptocurreny just exudes the ideological basis of a self-reliant, self determining developmental movement. It resonates with the purpose and the intent of a movement like that.

This is a good point in some ways, though 'kernel hacker' seems a bit out of place in this context Windows being closed source.  Even when Microsoft does source licenses I doubt that the recipient gets the whole ball of wax that is compiled into an official distro.  Several points:

 - I've done some cursory pcap analysis of my network and there is a lot of stuff floating around.  Someone who was more dedicate may or may not discover more...if there is anything much to discover that is.

 - It took a surprisingly long time for someone to discover Carrier-IQ.  It was not even very well hidden.  If the data were cloaked even a little it may have remained undetected to this day.  Relatedly, on the source code front, when Microsoft forgot to strip their service pack and released 'NSA_KEY' (and a researcher seemed to confirm things in binary search analysis) that was about as explicit as one could wish to see, yet it was still largely ignored by Joe Sixpack.  That was like 10 years ago IIRC.

 - I've run across stories of certain of the systems being used with kid gloves and much moderation due to the potential for detection.  I would not expect such systems (if they exist at all) to be activated except under high value target events and with significant care.

 - At this point we are likely in a stage where the chess pieces are being placed on the board and the game has not yet even begun.  It would be silly to tip one's hand at such a stage.  I'll bet that a lot of the more interesting capabilities lay completely dormant at this point.

 - FOSS OS's have been around long enough for it to be clear that OS-based back-doors were distinctly limited and for more robust possibilities to be under development for work against vaguely interesting adversaries.

Not really. Most people don't imagine they are being surveilled or have reason to be suspicious of their own equipment. Consider the article I linked above about the NSA keys being found in Windows:


It might be risky for the NSA to use some of its most invasive techniques, but not so much if nobody is expecting it. I think a lot of what the NSA was doing was based on a premise of an unaware/ignorant populace for targeting. I think they over estimated their ability to be perfectly discreet, though. They didn't expect one of Microsoft's developers to forget to strip the debugging label "NSAKEY"; they didn't expect Edward Snowden to leak documents. This doesn't surprise me. Governments are often inefficient/incompetent, and more so the bigger they are.

What Snowden has done is put everyone on guard, and as both he and Schneier point out in the article there are ways to defend effectively against this sort of thing. You just have to know to do it and how to do it.

I'd say that Bitcoin is important in so far as it got more people thinking more deeply about the distributed and p2p aspects of systems, and how they fit into what I believe Schneier was alluding to when he said "The fundamental fabric of the Internet has been destroyed."

As for outspending TPTB, I doubt that there is much hope.  Indeed, probably the best thing that could happen for 'our side' is to have many smart people exposed to the inner workings of the machine.  It is a fast-track way to master the technology.  A certain (small) fraction will break out and become the most valuable players on the side that I favor.  That percentage can be increased if the dangers inherent in the surveillance apparatus which is being constructed are brought to the fore, and if it is seen as a generally good thing to lend strength to the 'right side' of a tug-of-war around these issues.  I doubt a profit motive is going to be a big factor for the more truly productive of these folks anyway.

Considering how many Windows kernel hackers(good ones) there are, surely they would've noticed any backdoors by now!? Or running Windows in a VM and listening for strange outgoing connections?

And cryptocurrency is arguably an important part of our nascent toolkit, in that: how do you motivate talented engineers and programmers to abandon or avoid altogether the lure of working for totalitarian-centric central planners with only the long term rewards of decentralised, individually chosen networks as their payment? Payment in a form that encapsulates the ethos of these self-determinism enabling design goals that many would like from our new technology solutions would be ideal. We can't help but tempt the talented technologists away from the controlling classes as the crypto-currency meme is spread in a way that the underlying motivation of such a system is understood, it's self reinforcing as it succeeds.

Yes, a better word for me to use there would be proprietary, which is what I'm most concerned as the the NSA can easily (apparently) intimidate companies to include backdoors.


Yep. I feel that's Snowden's biggest accomplishment. I don't think anybody has really been surprised about what type surveillance is possible; it's more that we now have factual evidence of the extent to which things are done that's making people take notice and say wow.

I took it to mean that he thinks that symmetric algorithms are less susceptible to publicly unknown attack vectors than elliptic-curve algorithms are. EC is newer and less well understood/analyzed, and he specifically mentioned that some of the selected constants used in the EC algorithms may have been intentionally weakened.

Not at all.  It is not worth the hassle and bother to protect much of the work that any normal person does.  A person who has some understanding of the various threats will be perfectly comfortable using systems such as Windows OS, Google geo-tracking, etc, most of the time.  If not all of the time.

An interesting thing about the surveillance state apparatus is that it is actually counter-productive in the very few instance when it might be useful to attack a worthy (and thus dangerous) opponent.  This because someone who knows what they are doing can probably fool the algorithms and produce data which will discriminate them out of a suspect pool.  But the surveillance state apparatus is not probably so much about catching 'bad guys' as it is about mass intimidation of the general population.  Snowden assisted in this whether it was his goal or not...and I'm glad he did no matter what his motivations.  So far there have been no big surprises to those of us who have been paying attention over the years and take a conservative approach to security threats.

A relatively modest group effort to fight against state sponsored privacy attacks would be easy and effective I suspect.  It would involve an understanding of the systems through some combination of whistle-blowers and reverse engineering, and fucking with the system by poisoning it with bogus data.  We ('freedom fighters' if you will) do need a ground-up open-source set of solutions which spans the spectrum of hardware, firmware, and software though.  I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.