Pushy People are a Security Risk
Yeah, it's that simple. The more you push, the more we infosec bods investigate you and the garbage you try to push through.
Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior. The "Simon" and "Speck" cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a …
Reap the fucking whirlwind America!!! You sowed this shit simply by mushrooming your allies. Now from NSA slyness to Facebook + CA + Palantir sleaziness, we don't trust you anymore. Our once great ally is now dead! Frankly, you can trust China more than the US now. Because we know they can't be trusted, but they have an economic awareness of potential fallout too, so China is more cautious about being pushy!
Really. Like trolls on Slashdot, then ?
First they get all their shiny toys stolen from under their noses, now they reveal themselves as the fucking trolls they are.
Well I do hope that this will long be remembered. Nothing proposed by the US should be approved for a very long time.
Don't forget : it takes time to build trust, but only an instant to lose it.
And you just lost, NSA.
Big time.
When some of the design choices made by the NSA were questioned by experts, Ashur states, the g-men's response was to personally attack the questioners, which included himself, Orr Dunkelman and Daniel Bernstein, who represented the Israeli and German delegations respectively.
But what has NSA encryption got to do with Climate change?
But what has NSA encryption got to do with Climate change?
Hypothetically, if scientists started to discuss Climate Change when using this "security", the NSA could pass the content on to the rich sociopaths in the USA who PRETEND that it is not real.
Oh come now. Who has been foolish to trust the NSA in the past decade or three or six and half? They probably know full well that they can't lose what they don't have and figured they might as well be as boorish as they please. Remember, these are the guys who regularly lie to congress with impunity.
http://lists.infradead.org/pipermail/linux-arm-kernel/2018-April/573548.html
Eric Biggers points out that there is no alternative block cipher suitable for low power processors to support dm-crypt or fscrypt filesystem encryption, and the alternative is no encryption at all.
Bruce Schneier's opinion is Personally, I doubt that they're backdoored
I'd be interested to see Daniel Bernstein's opinion.
DJB offers us a cautionary tale.
July 2008: big headlines in all the mainstream media (I heard it on BBC radio headlines): Internet address system is horribly broken and dangerous. CERT have it here.
... yet ...
July 2001: DJB points out the same thing.
Seven years, no-one listened. Except those of us who already believed DJB, and used djbdns for our own servers.
The time to question someone's credentials is before you submit something to be evaluated by them, not afterwards, otherwise it is hard to dispel accusations of sour grapes.
If you think the evaluation was performed poorly, you are free to raise cogently argued and well-evidenced objections, citing examples, rather than attacking the credentials of the evaluation team.
With regard to the NSA, it is entirely possible that "Simon" and "Speck" are cryptographically sound (i.e. no cryptographic back door), but are vulnerable to poor implementations. It is suspected that the NSA supported the use of AES because it is easy to mistakenly make a software implementation vulnerable to side-channel attacks [1], [2], [3], especially as the Snowden papers reference NSA and GCHQ projects to subvert encryption (BULLRUN and Edgehill respectively [4]). It is worth remembering that Snowden said "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." The NSA and other agencies are suspected to have worked quite hard to enable poorly implemented strong encryption to be widespread.
People are a great deal more aware of side-channels now, and look at using constant time algorithms, being careful about use of caches, making power consumption analysis more difficult, and using multiple sources of entropy, and not just a single hardware RNG provided on die by the manufacturer when generating required random numbers for nonces etc. Certifying an algorithm on its own is only one step of the process, as you also need to think about identifying implementation pitfalls to avoid.
No doubt there will be recriminations and fall-out from this decision. It will be interesting to see what happens next, as low-power IoT things do need some form of good encryption available to them. The show will go on.
It would be counterproductive to include anything as blatent as a mistake in an encryption algorithm which is going to be studied by many independent cryptologists.
But if you know that your codebreakers have skills in a particular area, it makes sense to suggest algorithms which may be more vulnerable to attacks using those skills rather than others...
It would be counterproductive to include anything as blatent as a mistake in an encryption algorithm which is going to be studied by many independent cryptologists.
A deliberate vulnerability in the algorithm isn't always necessary. Often the mathematics provide a way to insert a backdoor.
That was the case with Dual_EC_DRBG. No one who knows how the stock curve parameters were arrived at has spoken up - and you couldn't trust anyone who did. If they're backdoored, the only way to find out is by a computationally-infeasible brute-force search (unless you have an algorithm, or very large and reliable QC, that breaks ECC, in which case we have bigger worries).1
Cryptographers were suspicious of Dual_EC_DRBG because no one could tell whether it might be backdoored, and because it had no advantages over other CPRNGs.
DES is another example. The NSA tweaked the S-Boxes to be resistant to differential cryptanalysis, which was not yet publicly understood. They didn't adjust them to resist linear cryptanalysis. Had they also not yet discovered linear cryptanalysis, or did they leave DES (mildly) vulnerable to it as a backdoor?
1Of course the Dual_EC_DRBG specification tells you how to generate your own parameters, so there was never any reason for anyone to use the ones specified by NIST. Yet, somehow, RSA did in BSAFE. Incompetence or malice? We'll probably never know.
"low-power IoT things do need some form of good encryption available to them."
You were doing so well till you made that particular claim..
Back to basics:
* Who says any of us *need* IoT things? 'need' and 'want' are different, remember.
* Who says these things need implementations to be low power? What does 'low power' mean anyway in this context? E.g. x86-class power consumption? DAB-radio class power consumption? RFID-tag (or remote vehicle 'unlocking') class power consumption?
* Who says these things need to be able to securely communicate sensitive data at reasonable speed?
Examples welcome, but based on the recorded history of IoT stuff so far, and the demonstrable absence of "continuous product and service improvement", the less IoT stuff there is in critical roles in the world around us, the more secure (in some broader sense of the word 'security') most of us will be.
* Who says any of us *need* IoT things? 'need' and 'want' are different, remember.
I would consider your fridge ordering a fresh pint of milk to not require a particularly strong encryption, never mind that your fridge is mains-powered and not running on button cells. But for an implanted health-monitoring device (which these days also falls under the IoT label) you need as strong encryption as you can get while consuming next to nothing.
"I wouldn't like one that could be manipulated from outside and pushed until it catches fire."
Back in the 20th century, people in various fields used to understand the difference between something designed to be purely observed (e.g. a temperature sensor, a blood sugar monitor, vehicle speed sensor, etc), and something involved in some kind of control process (e.g. a thermostat controlling heating or cooling system, drug pump, vehicle braking system, etc).
When did people start to get seriously confused about the difference between read-only access to systems and data (mostly harmless, except from a confidentiality point of view) with read-write (potentially catastrophic in some cases)?
When software became the king of them all, so you if you can get control of a system you can feed the wrong sensor data to a control system because it's all software controlled, and make it work the wrong way. Weak or backdoored encryption can help to get into a system.
"When *crap* software became the king of them all" surely?
Any file/storage/device accesscontrol system that couldn't distinguish between "no access", "read only" access, and "read write"access would have been laughed out of the industry in the late 20th century. Why are such systems now acceptable?
"Weak or backdoored encryption can help to get into a system."
So can total lack of meaningful access control in a 'modern' OS/application combination. Especially where the software and systems provideres seem more interested in slurping personal information than actually providing useful relevant and secure StuffThatWorks.
"Fridges are the cause of many house fires."
Primarily because no one ever bothers to clean around the working parts of it. (And before anyone points fingers, I'm guilty as charged; I did mine last year and pulled ~5 years of collected cat fur, dust, and other detrius off the running gear, which ran about two inches think in some parts. The prompt for this? The fan was making noise. It's running a lot better now. :) )
There are an awful lot of ip cameras floating around on the net. Remember the massive DDOS attack launched from them? The NSA probably wouldn't mind looking through them all to supplement the existing CCTV systems they have access to.
Strongly encrypted streams sounds like a pretty good idea to me.
Interesting. Of course, the phantom downvoter *could* be you, making a story for yourself. Have a downvote, in support of your thesis, and for posting anonymously.
"Except one" in your post is meaningless: it could just be, for example, a post made after the "downvoter" had been and gone.
The ‘nonsuchagency’ got that which they deserved. Unfortunately both USA and Russia have blotted their copybook trying to run roughshod over us, the great unwashed engineer.
Trust as said before is earned and not gained in schoolyard namecalling - maybe the upcoming Ivy League leavers will learn a lesson from this. When you are told no by the experts, no amount of temper tantrums or threats will faze any professional who knows their tomatoes. I.e. we couldn’t give one shit you are NSA, CIA or FBI - your power outside your borders is limited so up yours you bunch of bullying turds.
Good on you to all those who told them where to get off.
That's what NSA does gets the low down on you so they can undermine you later, ie. by challenging your qualifications. Hi paranoia - Do not trust any one - A secret is not secret if any others know it.
Encryption :- many cannot see the Gorilla in the room and it's now dancing with the Elephant. so who needs encryption, few of us. Much electronics and security can be a distraction that costs individuals and countries much in order to 'cyber up' whilst the Gorilla just walks by the window.
Do Not Put Valuables on the Internet.
Convenience is the enemy of security, Overcome your need for convenience and you will be more secure.
For encryption to truly work you need a new different one every time, and then it's for the short term, just to hold out until D-day.
Linux:~ hahahahaha, there is so much junk in the Linux kernel you'd probably find DOS in there too.
The "west", and I'm including Japan and SKorea here, are pushing like crazy to get your fridges, tellys, and crappers onto the internet. And which countries have limited or severely constrained internet access? Russia, China, NKorea. Notice anything peculiar? But remember, even tho' a net is just a bunch of holes held together with string it's perfectly safe to hold your privates.
"It explicitly mentions the 1st Battalion of Ikea corps too. No, not a joke either."
Errr, not a joke no, but it is fictional. The real giveaway is the text that says "Science Fiction" in the top left.
Um, Voland old chum, you do understand the difference between fiction and reality right?
Um, Voland old chum, you do understand the difference between fiction and reality right?
I do. I also understand how close can be fiction to reality when it is about the fallout from BrExit, Transatlantic Partnership treaty and a few other things.
While the book is much weaker than the phenomenally brilliant Children of Time and nowhere as horrifying as Dogs of War, this is yet another place where Chaikovski's fiction is well rooted into the present. It is a possible future (and not a particularly far fetched one). Including the 1st Battalion of Ikea.
When I was co-chair of MQTT at OASID we had a small privately owned member company try to push these same two suspect standards into MQTT 3.1.1 on behalf of a third party. It all smelt very fishy. Seems that said company was being dangled a carrot n terms of juicy contracts.
"In my professional experience Israelis, especially Israeli academics, are easily pushed around by simple bullying."
Given the extent to which the US and Israel are tied together on intel and military matters, a stand by one good man will not last. Israel receives (publicly) about $4bn a year in defence subsidies from the US. Add that to the fact that TLAs never ever admit they are wrong, and we can expect the Israelis to choose a different representative soon, somebody more acceptable to the lying, cheating, anti-democratic forces of the NSA and others.