Author

Topic: The NSA can decrypt any encryption created with intel's Ivy Bridge or newer (Read 2645 times)

b!z
legendary
Activity: 1582
Merit: 1010
Bitcoin unaffected. Correct?

Android had weak enough number generation to break Bitcoin security. In this case, only NSA with the secret keys would be able to get your key. That assumes the Intel hardware number generator is used; which would likely be OS dependent.

First step is to ask Intel what random number generator they actually use.


Why would they tell the truth? :-)
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
Bitcoin unaffected. Correct?

Android had weak enough number generation to break Bitcoin security. In this case, only NSA with the secret keys would be able to get your key. That assumes the Intel hardware number generator is used; which would likely be OS dependent.

First step is to ask Intel what random number generator they actually use.

Edit: OP's wikipedia link says "The generator uses an on-processor entropy source, which passes the randomly generated bits to an AES (in CBC-MAC mode) conditioner to distill the entropy into non-deterministic random numbers." -- which does not sound like the back-doored random number generator. However, Theodore Ts'o is quoted in that same article pointing out that all Intel has to do to add a back-door is encrypt the random numbers with a key known to the NSA. You could defeat this by re-encrypting the output of the random number generator with your own encryption key (derived from an independent source).
Edit2: the above back door would only work if the true entropy source before scrambling is predictable enough.
hero member
Activity: 613
Merit: 500
Mintcoin: Get some
Bitcoin unaffected. Correct?
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
The document in question specified 4 algorithms; only one is back-doored.

OP seems to be using the code-name coincidence to claim that Intel deliberately chose the slower, back-doored one.

I stopped trusting Intel after "Intel Insider" was introduced with the Sandy Bridge (appears to be DTCP with the latency restriction of the first hop relaxed).

Edit: wait: DTCP uses AES. Can we decrypt "premium content" if the OP's claims are true?
b!z
legendary
Activity: 1582
Merit: 1010
the NIST 800 series document are Guidance documents for federal computer systems.  A federal agency may adopt this as a standard if they choose to comply with the security requirements under FISMA.  The document in question is not secret and can be found at http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
There is whole series of these documents at http://csrc.nist.gov/publications/PubsSPs.html

These guidance documents do not compel private companies to do anything.

i think he is saying that intel + nsa are working together to add encryption backdoors.
b!z
legendary
Activity: 1582
Merit: 1010
Is there any proof yet that there is a back door? or is it just speculation?
newbie
Activity: 4
Merit: 0
i would appreciate if this was moved to the Development & Technical Discussion forum
newbie
Activity: 4
Merit: 0
in 2007 two researches from Microsoft discovered the NSA has put a PRNG with a backdoor in it in an NIST standard called Special Publication 800-90.
just having the first 32 bytes of the PRNG sequence would give whoever has the keys to the backdoor the entire random stream, which is used to derive encryption keys.
every TLS handshake begins with the client sending in plaintext 32 bytes of random data so if the NSA sniffs that data, they can get the encryption keys for that session.

according to the Snowden leaks around 2010 the NSA has gained new "Cryptanalytic capabilities"

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
http://www.forbes.com/sites/dougschoen/2013/09/07/the-threat-at-home-the-nsa-and-the-golden-age-of-spying/

in 2011 production of intel's Ivy Bridge architecture begun.
it includes a new feature, a hardware random number generator which conforms to the NIST SP800-90 standard.
the same standard the NSA has managed to put their backdoor in.
https://en.wikipedia.org/wiki/RdRand

the code name for this random number generator is Bull-Mountain, the code name for the NSA's cipher breaking capabilities according to the Snowden leaks is Bull-Run.
it seems obvious to me Intel is in bed with the NSA, and any encryption library which uses intel's hardware random number generator is worthless.

Jump to: