Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Encryption Security

Ex-NSA Analyst Warns Of NSA Security Backdoors 205

jagger writes: "In this ZD-Net article ex-NSA analyst Wayne Madison has issued a warning about many proprietary software packages coming bundled with NSA backdoors. This must be very troubling for non-US governments, because it means that they have no security against anyone knowing the backdoor. " This is one of the reasons China has cited in wanting to use Open Source and home-cooked solutions.
This discussion has been archived. No new comments can be posted.

Ex-NSA Analyst Warns Of NSA Security Backdoors

Comments Filter:
  • I wonder if this is the first ex-NSA analyst to make this statement. Wonder how long it is before he gets sued or taken out.
  • by clinko ( 232501 )
    I found this line interesting.

    Software companies including Microsoft have in the past been accused of colluding with the NSA to provide backdoors into their applications.

    Am I the only one that doesn't find this surprising?

    Did i spell surprising right? Oh well, spell check on slashdot doesn't really matter anyway.
  • It scares me that big corporations would agree to allow the NSA to place these backdoors into their software, especially with the very bad press this would generate if the rumors were ever substantiated. How much do you think Mirosoft is payed or what informaion are they given acess to in exchange for this service?
  • Why is this not surprising at all? The U.S government is probably the most paranoid government in the world.
  • by krich ( 161944 )
    Non Secure Application
  • After M$'s use of backdoors in Frontpage, i wouldnt trust anything without proof that it didnt have any little tricks up its sleave. (hence why i dont use M$)
  • by AdamHaun ( 43173 ) on Tuesday September 26, 2000 @10:40AM (#752477) Journal
    If you read the article more carefully, you'll see that this guy has been "ex"-NSA for a long time. He probably has no idea of what the current position on software is inside the agency itself. If he did, he certainly wouldn't be allowed to release it.

    If anyone has any actual hard evidence for or against NSA backdoors in commercial software, I'd be very interested in seeing it. Meanwhile, it looks like we'll have to put up with the usual conspiracy stuff.
  • Sheesh, I would have been surprised if the NSA wasn't doing this.

    Maybe this is how the DOJ will settle with Microsoft. Put this little password into your server software and we'll forget we saw any anti-trust violations.

    Don't call it paranoia, call it realism!

  • Why is this not surprising at all? The U.S government is probably the most paranoid government in the world.

    No, pick any dictatorships, and you would find a government who is more paranoid.

  • Finally our government does something fairly intelligent, even if it was evil, morally corrupt, and leaked prematurely.
  • No Such Assurance
  • I see nothing that indicates how long he has been out of the NSA.
  • If anyone had actual hard evidence about NSA backdoors, they would either be under the control of the NSA, or they would be DEAD.
  • by Zico ( 14255 )

    "Software companies including Microsoft have in the past been accused of colluding with the NSA to provide backdoors into their applications." Am I the only one that doesn't find this surprising?

    Uh, nobody finds that surprising. There probably isn't a negative thing remaining that Slashdot hasn't accused Microsoft of having done.


    Cheers,

  • Now the NSA can get into my Windows 95 (1st|2nd|3rd|4th ed.) box! Or into my MacOS 7.(5,6,7) box! And they'll do.... they'll do.... gee, I can't exactly figure out what they're going to do with it. Because all of my important data is encrypted and stored in an ultra-secure stoarge room (namely, under my bed) when I'm not using it.

    Note to the humour impaired: Win95 2nd ed=Win 98, Win 95 3rd ed=Win 98 se, Win 94 4th ed=Win Me, MacOS 7.6=MacOS8, MacOS7.7=MacOS9

  • that the NSA is sending one of their own out there to send a message to all governments in the world that they should not resist the american government's intrusion into their internal affairs.

    Resistance is futile, we have backdoors to get into your backyard, so why bother?

  • After M$'s use of backdoors in Frontpage [...]

    Okay, I'm up for a good conspiracy theorist laugh. Please explain what on earth you're talking about.


    Cheers,

  • by shutdown -h now ( 206495 ) on Tuesday September 26, 2000 @10:48AM (#752488)
    This is not exactly new news, many people may remember how a certain Melissa virus author was tracked due to some serial number in the Microsoft software he was using. (if memory serves correct)

    And while I think this is a valid reason to use open source, we should remember that unless we compile the software we use ourselves from our own source that we ourselves have checked, then we can never be sure if there exists a backdoor into our software. I speculate most people are not willing to wade through literally millions of lines of source and compile by hand each program they use to ensure that the "man" is not watching them. However, the article (which refers to the NSA agent as a "spook") does not mention why he is an ex NSA agent. What is the reason he is no longer with the NSA and why is he so freely admitting these facts. Having had clearance in the past I know very well you need to sign many numerous agreements that state you can be imprisoned indefinitely without trial if you violate said agreements. You basically sign over your rights as a US citizen to obtain that kind of security clearance. This story raises some good issues about how much we as citizens should trust our government and our software, as well as raise the ire of many foreign nations using US software. But there is always a nagging doubt in my head when we hear stories from ex employees and there is no knowledge given about why they are ex-employees.

    But in general this news is not really new. The government has had backdoors in software as long as software has been around. And this has been shown in the press before to be true.

    I do think however this presents those of us in the open source world with a strong argument in favour of open source software with respect to dealing with trusted programs.

    Regards...
  • by Anonymous Coward

    Nice that the person writing the comment couldn't even read, his comments make it sound as if Wayne had personal information about these backdoors or even any backdoors, but the actual news items states:

    Wayne Madison warned privacy groups Friday that a growing number of proprietary commercial software applications may have backdoors allowing the security services to carry out surveillance activities.

    Notice the 'may'.

    Next the article states:

    The regulations were relaxed after pressure from industry but Madison believes that this may have driven the NSA to find ways to carry out surveillance. "They're not going to give in over exporting strong cryptography without getting something in return," he says.

    These are just GUESSES from Wayne, not any hard proof. The article never states that he has seen this, only very indirect evidense. I bet alot of people will get irate without even reading the original article.

  • This was just waiting to happen since the 1st
    desktop PC hit the 1st desk.

    Now, with all of this cooperation with the NSA and
    what not, one has to figure... why is Bill Gates
    in so much trouble? Now, I don't mean to be
    so paranoid, but I can't help it... but it seems to
    me that the government has a very distinct
    interest in taking down Microsoft... and I
    certainly can see the reason why they would be
    considered a monopoly (hell, I consider them one)

    But what if one of the driving forces behind this FINALLY
    occuring was Microsoft refusing to cooperate with
    the NSA?

    Just something to keep you up and night..

  • I think dictatorship kind of implies paranoia; why otherwise would there be dictatorship?
  • Printed in Denmark nov. 26. 1999.

    "In 1985, their long-term goal was "total hearability", i.e. the
    capability to listen in on all communication around the world."

    EX-AGENT TO DANISH MINISTERS: YOU ARE BEING MONITORED
    Former Echelon agent warns Danish politicians against confidential
    conversations over the phone.

    The Echelon system not only listens in on private persons, companies and
    interest groups, Danish politicians and ministers are also the target of
    the NSA's extensive espionage, reveals Wayne Madsen to Ekstra Bladet, who
    meets him in Washington D.C. Wayne Madsen was once a spy for the National
    Security Agency NSA - the intelligence service behind Echelon - but he has
    severed connections with his former employer.
    We are crossing the border into the state of Maryland. Behind us lies
    Washington D.C., the US capital - and somewhere in front before us lies
    Fort Meade in neighbor-state Maryland. 'The Fort' is the headquarters for
    world-wide espionage and the workplace for 38,613 of the most talented
    secret agents in the world.
    Wayne Madsen is very familiar with Fort Meade. For several years, it was
    his clandestine workplace. He has a pistol in the glove compartment of his
    car. Loaded. Wayne Madsen is always armed wherever he drives.
    "I don't carry a gun because I think it's cool to have a pistol. But based
    on the sources I still have in the NSA, I know there are people in the
    intelligence services who do not care for people who talk about the secret
    services. Since they are armed, I had better be prepared, too."
    Wayne Madsen is an experienced man in regards to secret projects and
    surveillance. Since 1975, he has been operating the most sophisticated
    computer technology in existence. First as a marine in the US Navy, then
    as an agent for the National Security Agency, NSA, and most recently as an
    employee at two of the NSA's partners, RCA and the Computer Science
    Corporation.
    "Whenever anyone criticizes the NSA, it is important to remember that they
    have done a lot of important work, too. Both during the Second World War
    and the Cold War, when they were talented at breaking the codes of the
    Nazis and the East Bloc countries respectively."

    TOTAL HEARABILITY
    To prove to us that the NSA does more than just 'black work', Wayne Madsen
    wants to show us an unusual museum, the NSA's Center for Cryptologic
    History.
    "Since it is located at the same address as NSA headquarters, Fort Meade,
    we can see the buildings I worked in at the same time -from the outside at
    least."
    Just before we get to Fort Meade, Wayne Madsen points down an access road.
    "I went through a lie-detector test and a voice-test analysis over there,
    before I was approved by the NSA," Wayne tells us with a faint, shy smile.
    He was a lieutenant in the Navy at the time with ten years of experience
    in tracking Soviet U-boats and monitoring computer security.
    What is the role of the NSA now that the Cold War is over?
    "Primarily, they have a global network of computers known as Echelon. The
    computers are connected with their intelligence satellites and listening
    posts all over the world. And they still do military work. The difference
    is, however, that today they monitor everything and everyone. Politicians,
    organizations, companies, private individuals, even friends in allied
    countries. In 1985, their long-term goal was "total hearability", i.e. the
    capability to listen in on all communication around the world."

    MINISTERS MONITORED
    Is Denmark part of this system?
    "Yes. Denmark is a third-party partner in the surveillance agreements. On
    the other hand, however, Danish ministers and politicians must assume that
    they are under surveillance."
    What?
    "Yes, that is part of the way they work. At their embassies, they have
    groups called 'Special Collection Elements' that monitor local
    low-frequency communication. Anything of interest is forwarded here to
    Fort Meade where it is analyzed."
    "If something can't be intercepted from the embassies, they try to
    intercept it from the listening posts in the various neighboring
    countries. So is it very risky for Danish ministers to talk on cellular
    and satellite telephones alike," says Wayne Madsen as we enter the NSA
    museum.

    SPY TO EX-SPY
    Inside the museum, Wayne Madsen asks whether Jack Ingram is at work today.
    A moment later, a tall man appears. Ingram has been an NSA spy for many
    years. Now he administrates the museum. He shakes hands with Wayne, and
    the pair quickly strike up a conversation about common acquaintances at
    various intelligence agencies and companies.
    Shortly after, we walk around looking at the NSA's exhibits of cast-off
    super-computers and code deciphering equipment - debris from more than
    fifty years of intensive espionage in world-wide communication. Wayne
    Madsen continues:
    "Denmark doesn't get very much out of being a third party, because NSA is
    the first party and decides which information the other countries receive.
    So obviously, whenever they monitor specific politicians or companies in a
    certain country, they naturally don't tell the local government about it.
    The information they give to Denmark is something that promotes their own
    interests or something they themselves consider to be a threat. For
    example something about Tamilians or the PKK, the Kurdish resistance
    movement. If it involves information which promotes their own financial
    interests, then naturally they use it for their own benefit."
    Do you have specific examples of what you are saying?
    "Mike Frost, who worked for Canada's intelligence service, which also
    participates in Echelon, has personally monitored both politicians and
    companies in other countries. He told me among other things about
    monitoring the Chinese embassy in Canberra, Australia. All the information
    was forwarded here, to Fort Meade. The Australians never saw the
    information because the US could use it to control the world wheat trade.
    Although I write books and articles about the NSA, I still have good
    contacts in intelligence circles at present," states Wayne Madsen.
    As we drive back to Washington, he turns briefly toward Fort Meade's
    parabolic antennas with a serious look on his face:
    "The problem is that the NSA has lost sight of its purpose. It's not right
    that taxpayers' money is used to help major shareholders in large
    corporations to earn huge profits. Or for that matter the fact that the
    NSA puts ordinary people, legal organizations and politicians under
    constant suspicion."

    EXTRA FACTS
    In a joint council in September, Minister for Defense Hans Hækkerup
    admitted that Denmark cooperates with other countries on surveillance.
    However, Hans Hækkerup would not reveal which countries and intelligence
    agencies Denmark cooperates with. It does appear, however, in the archives
    left behind by the former head of the Danish Defense Department's
    Intelligence Service, Commander Mørch.
    Sources in Mørch's archives show that Denmark entered into an agreement
    with the US on surveillance cooperation all the way back in 1947 - the
    same year that the UKUSA - the pact behind Echelon - was established. The
    UKUSA pact is controlled by the National Security Agency in the US, in
    which the Australian, Canadian, New Zealand and British intelligence
    services participate as second-party partners.
    Most NATO countries - including Denmark - officially entered the pact as
    third-party partners in 1950.
    According to documents in the possession of Extra Bladet, the National
    Security Agency has now confirmed that it has third-party partners.

    BY BO ELKJÆR AND KENAN SEEBERG
    COPYRIGHT 1999: EKSTRA BLADET - COPENHAGEN, DENMARK
  • by Gurlia ( 110988 ) on Tuesday September 26, 2000 @10:52AM (#752494)

    *sigh* I can understand why the NSA wants to be able to monitor Internet traffic. National security and all that.

    BUT.

    There is wayyy too much room for abuse.

    1. You have the problem of who guards the guardians. The backdoors are OK as long as the NSA can be trusted not to abuse them by exploiting them when not appropriate. But can you trust the guardians? Who guards the guardians?
    2. You have the problem of leaked information -- how do you know whether some terrorist group or something like that has obtained leaked information about these backdoors? They could be abusing these backdoors to their own ends.
    3. OK, the terrorist part may be overly paranoid. But what stops people from exploiting these backdoors to, say, violate your privacy by keeping logs of what websites you visit?
    4. If things like this become too popular, we might see the day when we're required to only use software that has these backdoors...

    I, for one, wouldn't want my software to be sending data to NSA or any other place without my knowing.

    I'm glad that Open Source is where it's at today. It would be our worst nightmares if Open Source hadn't gained enough widespread acceptance and entities like the NSA lobby for outlawing Open Source software for "security reasons". I mean, it's very conceivable that your local ISP will only grant you access if you install their proprietary software which contains who knows what kinds of backdoors. Good thing open source systems like Linux is so widely available, and not locked into any proprietary vendor, so that ISPs *have* to allow for users to not use their software.

    Thank God for open source software...

    OTOH, I think NSA is shooting themselves in the foot. Foreign goverments aren't gonna put up with this backdoor nonsense in *their* software. So open source is going to become even more attractive, which will be good for all of us.
    ---

  • It's crap like this NSA stuff that open source development can prevent. I really wonder though about the 128-bit RSA debacle, what was the point? As far as data transfer goes, the Internet makes international boundaries pretty much irrelevant, so why'd the govt even bother banning it? It's not like some geeks in (say) Norway couldn't have hacked up some equivalent code.

    I sure as hell wouldn't want anyone from a government looking at my stuff, just on general principle - therefore I will never have a proprietary system running the security on any network I run. I want to check out the code for all the daemons I run, the TCP/IP stack, the ethernet drivers, the login stuff. You can't get much more secure than that.

    --

  • Tom Clancy's newest book explores this concept, too... in that case, a CIA operative uses something that was programmed for the government that images the hard disk, compresses it, and sends it out to America from a Chinese government official's personal system. It sounded plausible last week in the book, it sounds plausible now...although I wonder about this guy's motivation and timing.
  • by Anonymous Coward
    This article appears to be devoid of any real evidence or facts to back up the assertions made.

    The only example given was Carnivore, which has nothing to do with backdoors in software, and doesn't appear to have anything to do with the NSA.

  • by gtx ( 204552 ) on Tuesday September 26, 2000 @10:55AM (#752498) Homepage
    you know that there's a problem when CHINA gets it right...
  • I've seen innumerable diatribes against government access to private communication, but it is extremely rare to see acknowledgement of the underlying problem (Bad Guys Doing Bad Things In Secret), much less suggestions for alternative solutions.

    If law enforcement could not get access to the Bad Guys' goodies, it would be an absolute disaster for everyone -- our freedoms would be confiscated not by the government but by crimelords and other unaccountable groups like multinational corporations. Is this really what people want? On the other hand, of course, unrestricted government access would be an equally severe disaster.

    The existing U.S. system of requiring a court warrant is a compromise that allows some public scrutiny (after the fact, which is usually good enough to ensure the health of the system if not of every case).

    Unfortunately, things like Carnivore are a kind of end-run around that system, which is why they are so distressing. But it meets the real, legitimate need of detecting crime in the first place, much like we have policemen running a beat to observe and prevent crimes rather than dispatching them after the fact.

    So what is the real compromise? How do we resolve these issues? Neither extreme is acceptable.


    ----
    -- Bandannaman

  • I found one article that said he started in the spy business in 1975.

    I found another article that said he worked for the NSA for 20 years.

    My incredible deductive powers have allowed me to determine that he left the NSA 5 years ago.

    (knock knock)

    Ummm. Folks, I have to go now. It seems that I have impressed more people than just myself and thou. Some men wearing nice suits are offering me a job. Bye.

  • From the article:

    "The regulations were relaxed after pressure from industry but Madison believes that this may have driven the NSA to find ways to carry out surveillance. "They're not going to give in over exporting strong cryptography without getting something in return," he says."

    Although nothing concrete is stated in this article, it's good to remember the tendency government agencies have to never turn back from their goals. Any time you think you have won a victory for free-speech, or privacy rights, or whatever, and that that big, bad evil government has been beaten, realize that they probably just made it look as if they were beaten. Meanwhile, they made a quid-pro-quo agreement to backdoor their way around the defeat. We then don't hear about this alternative method until years down the road. At which point they are actively working on yet another method of achieving their goals.

    Never assume the government is as powerless or as clueless as they may appear.
    ________________

  • To hide the fact that they broke into my pot of chicken noodles.

    Seriously, treat ANY statement by the NSA as potential disinformation, potentially mistaken and potentially correct.

    In short, stop judging and treat it as you would a claim by any stranger on the street - with a pinch of skeptisism (NOT cynicism) and LOTS of salt.

  • Well. Let's give a hand then to the people (like myself) who use open source software and linux! That's right. We can SEE the source code. Think about it this way. It's hard to install a backdoor in something without the user knowing if the user has the sourcecode.

    On the subject of MS and NSA security holes.... I want to know why they still haven't fixed any of the nuke problems.... hmmm... Why would they want to be able to get into open ports on a computer... Seems strange..

    Bill Gates is God

    Hey Wait a second!!!! I didn't write that!

  • I'm not a GPL freak. Linux is not my main OS. To me, OpenSource is little more than a buzzword. BUT, I do know one thing. If you want to protect your data, if it is that sensitive to you, you should NEVER for any reason use a 3-rd party encryption which you can not see the source yourself. NEVER.

    1. You have no idea if those coders are l337 h4x0rZ by night now walk in on their own backdoors and snoop around.

    2. You have no idea if they even uses the advertised encryption.

    3. You have no idea if that encryption does exactly as advertised.

    4. You have no idea who is watching.

    It is clear, you ONLY choices for security are:

    1. Code it yourself.

    2. Use publicly available source.

    Then and ONLY then you will know what you are getting into.

  • by barooo ( 72078 ) on Tuesday September 26, 2000 @11:00AM (#752505)
    Even if you have the source, that isn't a 100% guarantee that there aren't any back doors. Surely everyone remembers the famous Ken Thompson article [acm.org] about the back door in login with support in the C compiler, which is even referenced in the Jargon File [tuxedo.org].
  • by Anonymous Coward on Tuesday September 26, 2000 @11:00AM (#752506)
    Microsoft cut me off at the intersection of 4th and Main this morning.

    Microsoft always leaves the toilet seat up.

    Microsoft chews with its mouth open.

    Microsoft left its cell phone on during a movie, and answered it when it rang.

    Microsoft snores in bed.

    ...

  • The government looking at our private information what a shock
  • by "Zow" ( 6449 ) on Tuesday September 26, 2000 @11:03AM (#752508) Homepage

    Oh yah - let's see we've got:

    • The NSA
    • Export restrictions on crypto
    • Microsoft
    • Open Source
    • The FBI
    • Carnivore and
    • Echelon

    all in one story. It's like the story was written to be posted on /. for crying out loud!

    Furthermore, it lacks any real meat. This Madison guy isn't saying that they are doing it: "Ex-spook believes", "applications may have backdoors" (emphasis mine). It's nothing definite - just this one guy's beliefs. And if he used to be an analyst, shouldn't he know this rather than sucumb to conjecture? The article got one thing right though: he's "fuelling conspiracy theories".

    Now I hate MS as much as the next guy, but I also believe in the principle: Don't subscribe to mallice what can be explained by stupidity. I think they gave a reasonable explaination of the whole NSA key thing back when that happened. They also made the very valid point that it's not in their best interests to do something like that because if a foreign nation found out, MS would be skinned alive. Furthermore, I think people give the NSA too much credit - despite all the talented people they have, they're still a government agency and as such tend to resource limited. Can you imagine how much computational power would be required for Echelon to actually do everything that people claim it can? Do you think even the US Government has that type of money and could spend it in a covert manner even if it did? If you do, I think you give bureaucracy too much credit.

    Standard disclaimer - these opinions are entirely my own. My employeer may well disagree with me - I can't speak for them.

    -"Zow"

  • Do a search on Google. You'll find nearly identical articles going back at least two years. Is anyone really surprised that the NSA is strongarming software companies into giving them backdoors?

    The question is, how will the NSA try to fight open-source backdoor-free software? Don't think that they won't. They tried for a long time to keep crypto export restrictions. Having lost that, they are not just sitting there -- "oh woe is me, the open-source guys beat us!" Remember, these are the Echelon guys. They don't send cease-and-desist orders through a bunch of lawyers. They bug your house and tap your phone. They're working on the way to open up strong encryption like a can of tuna.

    -------------
  • by Detritus ( 11846 ) on Tuesday September 26, 2000 @11:04AM (#752510) Homepage
    The USA and the UK provided rotor machines to many countries after World War II. They neglected to inform the recipients that the machines had been cracked.

    In later years, the NSA and other NATO intelligence agencies arranged for subtle defects to be added to the systems sold by Crypto AG.

    I wouldn't doubt that the NSA is still trying to get backdoors installed in commercial software. How successful they've been is an open question.

    Xerox provided the Soviet embassy in Washington with a photocopy machine that had a "special feature", a well hidden camera that photographed every document that was copied.

  • we should remember that unless we compile the software we use ourselves from our own source that we ourselves have checked, then we can never be sure if there exists a backdoor into our software.

    This reminds me of Ken Thompson's Reflections on Trusting Trust [acm.org] Basically, he was talking about the login program in Unix.

    How do you know that there isn't some special login that's universal? Ok, you say, "well, I'll just compile the source & run it myself".

    His response would be, "how do you know that I didn't put something in gcc that figured out if it was compiling the login program and automatically added that one entry into the code?"

    You would respond "So, I'll just recompile gcc"

    And of course he'd say, "How do you know that I haven't put code into the compiled gcc that checks to see if your compiling gcc & add that code into the gcc binary?"
  • president bomb nsa terrorist libya iran plane explosive congress usa senator bribe cash cocaine drug money assassinate kill destroy

    Hmmmmm.... and since the link in my .sig [firehead.org] isn't working properly, why don't I post my IP address [129.7.141.74] for now.

    Wait... I just realized, you can track me down to the very room using this information! Uh-oh...

    *hears tapping at the door*

    AAAAAAAAAHHHHHHH!!! OHHH NO!!! THE NSA IS DRAGIN ME FROM THE KEYB

    -----
  • The NSA get to crack all the good software, but don't reply to the Slashdot interview.

    I'm sorry, but you've insulted the wrong guys. For the Slashdot Side of the Force is With Us!

    I call on a Slashdotting of their webserver, until they bow to the mightiness of our geekdom!

  • by afc ( 12569 )
    And there's probably never been a case of somebody accusing Microsoft of doing bad things (falsely or not) without Zico frantically jumping at their defence consumed with rage against the Linux zealots.

    But the AC that replied before me showed a much greater sense of humor, certainly a lot more than you deserve. Too bad he's not yet (moderators - wink, wink, nudge, nudge) visible at +1.
    --

  • by gunner800 ( 142959 ) on Tuesday September 26, 2000 @11:07AM (#752515) Homepage
    In big, bright letters on the package: "Now 97% backdoor free!"

    In small print, printed on the backside of the seal you have to break, thereby agreeing to the EULA, "contains less than 3% backdoor code; percentage measured by volume and may not apply to this release as code does not occupy space".


    My mom is not a Karma whore!

  • See this article on Crypto AG [mediafilter.org], a Swiss company that sold cryptographic devices. According to this article, the machines had backdoors installed by the NSA and its German counterpart; these were apparently used to eavesdrop on Iran (which arrested and tortured a Crypto AG sales rep when it realized what was going on), Ireland, and Argentina.
    --
  • Nice in concept.

    Have you actually read the source? Understood it? All of it?

    I personally don't have the time to read through each new version of, say, glibc, to find that it's clean. Now, I happen to believe that it's fine, but that's a faith-based opinion, not a knowledge-based one. And it only takes a few lines of source buried deep in some function to open up a back door.

    In any case, you've got a better shot at finding backdoors with Open Source, but it's not like a back door'll jump out at you and wave, just because it's in an Open Source program.

    Eternal vigilance, etc...

    -
    bukra fil mish mish
    -
    Monitor the Web, or Track your site!
  • What about a country, like China, that thinks maybe they might want to go to war with us some day? The NSA would of course take an interest in that country's plans to bomb embassies, airports, and government buildings. Even our allies might want to keep their own intelligence activities from being known by the NSA, or why else we they even bother conducting intelligence?

    Put another way, imagine we had had modern computers in the years leading up to WWII: would you have counselled that the US buy closed-source software from German vendors, knowing that the German government had all kinds of backdoor access to those products? Of course not. You would insist on open-source products that you could modify to your satisfaction, or home-grown closed source products. It's not surprising that security-conscious foreign governments find software to which the American NSA might have a master key a bit distasteful.
  • Note from the humor impaired:

    MacOS 7.6 was a real, shipping operating system. MacOS 8.0 was originally slated to be 7.7, not 7.6. Mac OS 9 is just that, Mac OS 9. It appeared on the roadmaps way after the whole Copland/Gershwin debacle...

    I get what you're saying, but i'm just trying to remind you that there are a whole lot more differences between the cores of Mac OS 7.5 and 9.0 than between Win 95 and Win ME...
  • I'm not saying that the NSA and the DOJ are the same thing. I'm not saying they aren't, either.



    What I'm saying is that this type of behavior isn't limited to just the NSA. Almost every government agency acts in some sort of underhanded way. Just look at the FBI and Carnivore. That whole project smells of the NSA.

  • I've seen this argument pop up a couple of times before in Slashdot, and it got me thinking: it's a bunch of crap.

    First, I'd have to know what the source code "looked" like for every version of every compiler. So instead I make sure that the binary that gcc compiles to using gcc will have this code put in.

    But what if I use cc from Sun or HP to cross-compile gcc? or make gcc the first time on that system? Now I need to go to each company and convince them to include a rather large and ugly piece of code that recognizes all of these compilers.

    Now, what about all the software projects in undergraduate and graduate courses that build compilers? Do I now have a "universal compiler checker?" Is it even possible to tell what a piece of code will do?

    So now we're in the unique position that the compiler we would be using would have to be what most people would call "Artificially Intelligent."

    So now I've built a piece of Artificially Intelligent code that watches compilers for compilings of compilers to watch for compilings of login prompts. Yeah. I can certainly believe in that happening.

  • you make it sound like a group of MS programmers got together and wanted to program in a back door. What you are referring to is yet another MS security hole that exists if someone doesn't setup their sites correctly. I'm sick and tired of Slashdot readers always bashing MS with such knee jerk reactions. Any distro of Linux straight out of the box has holes as well - but you have to fix it. Everyone just shrugs and says "oh, well, yeah, that happens - just fix it and no prob" - but MS does it and everyone freaks out and calls them worthless. I'm no big fan of them, but at least pick the proper things to pick on.
    --------------------------------------------- -----
  • by Anonymous Coward
    This is not a conspiracy theory. This is reality. It is also not new, and shouldn't be a surprise.

    After all, the laws governing crypto in this country give the NSA authority to approve or disapprove cryptographic systems incorporated into commercial products. Companies like Microsoft are pretty much at the mercy of NSA demands if they want their products approved. There have been numerous news stories (and one or two slashdot articles) in the past pointing out that NSA has demanded back doors be placed in commercial software that contains crypto.

    Also, there is nothing secret about this fact. Microsoft and other companies have made public releases in the past that acknowledge they have been required to incorporate back doors and reserve special keys for the NSA in order to get approval.
  • by Vassily Overveight ( 211619 ) on Tuesday September 26, 2000 @11:14AM (#752524)
    If anyone has any actual hard evidence for or against NSA backdoors in commercial software, I'd be very interested in seeing it


    Here's some reading:
    This thread [slashdot.org] on SlashDot.
    This article [freedomforum.org] on Freedom Forum.

    It's also been reported that the NSA requires U.S.-made communications satellites to be equipped with intercept devices that can be used to transmit copies of their traffic to the NSA for analysis. Don't have a link at present, but I'm sure you could find a source if you're interested enough.

  • TRANSISTORS SUCK [geekculture.com] Why does this think insist on putting spaces in my links? DAMN!
  • by blogan ( 84463 ) on Tuesday September 26, 2000 @11:17AM (#752526)
    seineeweraseipsteivos
  • by zlite ( 199781 ) on Tuesday September 26, 2000 @11:23AM (#752530)
    As a journalist, I can tell you that this smells as fishy as they come. I say the guy's a self-promoter hyping himself by exploiting paranoia. If he's brave (and informed) enough to go public with this kind of imflammatory charge, he should be brave and informed enough to be able to name a single app that has such a backdoor (and, no, Carnivore doesn't count. Sheesh!).

    I'll call him on it. Name 'em or shut up.
  • No compromise is required, only very strict enforcement of Constitutional rights.

    Let me explain. What if Carnivore was authored in such a way that it could only sniff a particular person's e-mail? Further, what if it could only do this if law enforcement could prove to the system that a warrant had been issued, perhaps via an incredibly strong digital signature that even Moore's Law wouldn't bring into the realm of crackability for centuries? And finally, what if Carnivore would not function at all, not even passively watching the data stream, if there were none of these "proofs of warrant" active in the system (the only functionality still available, in other words, would be to put proofs of warrant into the system to unlock the remaining functionality)? And, as a crowning touch, what if the Carnivore system were Open-Source, so it could be inspected, and also put through formal verification to ensure no exploits either from hackers or law enforcement trying to hack around the security to do a little illegal surveillance)? Oh, yes, and make it an embedded system (no Windows NT to introduce exploits of its own).

    Once that mechanism is in place, it's guaranteed that it cannot be abused. And if Carnivore can, by these means, be proven conclusively to be unabusable, then I no longer have any problems with it. But as the situation is now, I very much doubt any of the measures I mentioned above are in place.
    ----------
  • by Vassily Overveight ( 211619 ) on Tuesday September 26, 2000 @11:30AM (#752540)
    This is a hard story to believe. If there are backdoors, then there has to be a way for the NSA to transfer the information gleaned. Surely someone would have noticed activity like this. RealAudio certainly didn't get away with it for long. Not to mention the likelihood that someone in one of the companies is going to notice and talk. His hedging language ("may have backdoors"), means he has no direct knowledge. If that's the game, I can warn of lots of things the NSA "may" be doing as well. Did you know that the NSA may be secretly running SlashDot? (And apparently deliberately botching the job ...)
  • If I were the NSA (and I'm not), except for something big and common like Windows 2000, I wouldn't bother sticking backdoors in every bit of software out there. For one thing, it's too likely that someone will open their big mouth, and the general public won't like it much.

    I'd go online, and find me a small group of talented crackers and script kiddies, and offer them the job of their dreams: cracking into every bit of software and computer system on the planet and getting paid for it. Not to mention the added perk of being cool spys. Even open source software has the occasional security hole, and if the hole is patched, my team could simply find another one. Microsoft's software is so riddled with silly security holes, and so popular, that it would not be difficult to have an in on most of the computers in the nation, if not the world. Plus, Microsoft sometimes never fixes known bugs because fixing bugs doesn't give them market dominance, so the holes might stay open longer.

    As for the "ex-NSA employee", I pretty much take what he is saying with a grain of salt the size of Utah. Ex-employees shoot off their mouths for two reasons: to make the former employer look bad, or because the former employer wants them to say what they are saying. Sometimes it is just as effective to make people think you are watching them, and it is certainly easier on the budget.

    Another thought: did you ever consider that this might be a big piece of FUD against proprietary software? Perhaps the NSA prefers open source. ;)
  • by Shotgun ( 30919 ) on Tuesday September 26, 2000 @11:40AM (#752545)
    Extremely bloated commercial software may contain full fledged flight simulators and pictures of the software designers. It is also suspected that some software may harbor dancing blue elephants.

    Seriously folks, does it take 30Megs of software to read email. Not only is it likely that large software houses are cooperating with the US gov, it is probable.

    I was working at an AT&T plant as a technician several years ago, and one of our projects was a device about the size of a Palm Pilot. You plug your handset into it, then plug it into your telephone. The person on the other end used a similar device, and with one button press you got instant voice encryption. We built hundreds. I tested a large portion personally. Then I personally helped tear them apart and install the clipper chip after the FEDS moved in. Funny, but we didn't build anymore after that.

    We also built another telephone. It's the one that Harrison Ford uses on Air Force One. Not the little satellite phone, the big white desk phone. We had to count the ICs that did the cryptography for that every morning and evening. The phones had to stay under lock and key at all time. Not that it has any relevancy here, just to note that the FEDs will control cryptography and if you trust anything they approve of, you're going to be tracked.

  • Perhaps 1% of the /. population could.

    I'm sure a higher percentage could probably apply a patch and recompile, but that's not too much different than applying a MS hotfix - except

    a) the patch comes quicker
    b) the hotfix is usually "delete this dll unless you really need this functionality"
  • by seaan ( 184422 ) <seaan&concentric,net> on Tuesday September 26, 2000 @11:42AM (#752548)
    My former company was the USA market leader for hardware security modules (HSM) that perform back-end encryption for banking ATM transactions. I was the chief software architect, and can categorically state that there is no NSA backdoor in that product.

    That is not to say that the NSA did not have some influnce on the design (back before the rules changed and put the FBI and State Department in charge of export procedures). The NSA really discouraged (using the export license stick) the use of triple-DES. The fact they discouraged certain designs types is pretty much public knowledge.

    What is less known, is that the NSA did a through examination of the product. In order to get an export license, the NSA also had to review the product - all specifications, code, manufacturing diagrams, samples devices. They also requested and got our future product plans. It is my impression that the NSA did this future product research everywhere they could.

    So this means the NSA knew all details of any crypto product that was being exported. They knew the specifications, and in some cases the future product directions. I never heard of a case where the NSA would come back after a product evaluation and say "you have a security hole". In summary, even without a formal backdoor, they have (had?) a lot of knowledge.

    PS: When I hear about ex-NSA members joining public companies, I wonder how many of my company's ideas (forcefully obtained by USA export regulations) went with them. You might say, the NSA was all knowing, so their was nothing to steal. The truth is that the NSA was really into military uses (they supposedly passed up developing public key algorithms because they did not have any use for them). Don't under estimate the value of a practical commercial related applied cryptography use.

  • by John Jorsett ( 171560 ) on Tuesday September 26, 2000 @11:43AM (#752549)
    I have a question. Does it really matter if they watch you? There are laws covering what they can and cannot use as evidence agianst you. If they had a folder of you doing subversive freaky things....so what? They can't use it unless they had a reason to suspect you in the first place.

    There's a doctrine in U.S. case law, articulated by the Supreme Court as "Fruit of the poisoned tree". It means that you can't use evidence obtained illegally as the reason for going in and collecting legitmate evidence. If you don't know that they're collecting data and you send email talking about your marijuana farm and then the DEA is tipped off (by an 'anonymous' source), this would be a violation of that doctrine, but you'd never be able to prove it.

  • by MbM ( 7065 ) on Tuesday September 26, 2000 @11:44AM (#752550) Homepage
    You can audit the C sources all you want. Unless you've built the compiler and it's supporting libraries from the ground up there's always that possibility that someone has inserted a trojan along the way. The famous article dealing with this problem and self replicating trojans is Ken Thompsons's Relflections on Trusting Trust.

    "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. "

    - MbM
  • China has cited in wanting to use Open Source and home-cooked solutions.

    You don't think their home-cooked solutions wouldn't have their own backdoors in them?
    --

  • They story in your Slashdot link actually gives arguments against suspicions of NSA evildoing. AFAIR, the news died down because there were believable benign reasons that the particular text string was found in MS's software.
    --
  • It should also be noted the only reason we knew who planted the bomb on the plane in Lockerbie Scottland was because we monitored this traffic.

  • National Surreptitious Agency

  • by bluGill ( 862 ) on Tuesday September 26, 2000 @12:05PM (#752564)

    For those who don't see where I'm going: one of the early unix guys (Ken Thompson if I remember right) created a version of login with a backdoor for him to get in. Then he created a C compiler that could tell if login was being compiled and if so insert his backdoor. Then he modified the C compiler to check if it was compiling itself and if so insert both hacks. Soon he was able to (but claims he never did) distribute a C compiler that looked normal, yet would give him access to any machine.

    It wouldn't have been hard to put this hack into compilers, so long as they started early and had some assistence. There must be someone at mit who can be bribed (there always is) to put it into any binaries on ftp.gnu.org. Sun is a closed company, and easially bribed to put it into their code. Of course we are today in a maze of unix's, all different. (4 BSDs, SCO, linux, Solaris, Irix, Aix, HPux, and probably others I've forgotten) You get the idea though.

  • I have a question. Does it really matter if they watch you? There are laws covering what they can and cannot use as evidence agianst you. If they had a folder of you doing subversive freaky things....so what? They can't use it unless they had a reason to suspect you in the first place.

    Just because they can't use it in court doesn't mean they can't use it.

    The info can be leaked to destroy your reputation. Imagine what Nixon or Hoover would have done with this.

    It can be used for blackmail. Again think Nixon or Hoover.

    Recall the McCarthy hearings. If you were a suspected comunist sympathizer you were done. You had no recourse. And you had done nothing illegal. And nobody cared how the info was gathered.

    Fast forward to today. Want to destroy a political foe, leak info that she had an abortion. Or is gay. Or likes looking at images of naked people. All of these things are legal. And the voters won't care that the data was uncovered illegally.

    It really does matter if they watch you. Because if it can be abused it will be.

    Steve M

  • by Rombuu ( 22914 ) on Tuesday September 26, 2000 @12:09PM (#752569)
    I'm not saying that the NSA and the DOJ are the same thing. I'm not saying they aren't, either.

    So you aren't saying anything are you?


  • What I find interesting is that governments (or people, or companies) have to rely on commercial solutions for encryption at all. It's fairly simple to write up an encyrption scheme using the available algorhythms (I wrote one for a computer science class last semester) and you can make it whatever bit strength you want. 1,000, 10,000 bits, whatever.

    If every government wants perfect security, they should have their own classified programs with classified keys. That way, even if an opponent were to discover a key, they would still have to figure out the encryption scheme (one of the tacit assumptions of encryption is that the opponent already knows the scheme. It also is the most difficult part of an encryption program to discover through reverse engineering).

  • What they did with Crypto AG was just introduce flaws that made the system easy to crack if you knew what you were looking for. Very hard to spot. This gets around your traffic analysis issue in three possible ways:
    -- You send something encrypted over the wire, they sniff it and are able to recover the plaintext.
    -- You keep something encrypted in your office, if they decide you might be important then they break in, copy and decrypt.
    -- You keep something on your computer, if they decide you might be important then they break in over the Internet and copy your data.
  • This article could have been lifted straight from the pages of the National Enquirer. You've got a so-called "authority" that nobody has ever heard of, warning that there "may be backdoors" in some unspecified software. There's NOTHING specific here, no real information, just some lunatic jumping up and down and shouting.

    So, of course, half of Slashdot starts screaming about how "Microsoft is downloading all our personal information!"

    Yeesh.

  • > but it is extremely rare to see acknowledgement
    > of the underlying problem (Bad Guys Doing Bad
    > Things In Secret

    Please define "Bad Guys".

    Terrorists maybe? You mean the people who are out there blowing things up and making a rukus because their people were screwed over by some government

    Perhaps there would be less bombings if governments didn't go around pissing people off? You know doing things like supporting people loosing their homelands that they have inhabited for centuries? Or interfereing with other governments and people every time there is a buck to be made, or it fits "our needs".

    That doesn't even matter, since echalon and the NSA arn't used for law enforcement. They are used to spy on everyone. They are used to gain advantage over other countries, or to serve the special interests of whoever controls the NSA.

    Crime is easy to detect. Someone gets hurt, they either complain, or a dead body is found. Until that happens, there is nothing to do. Any crime that doesn't involve someone being killed or otherwise hurt, is not a crime anyway. (may be illegal...but the real crime is the fact that its illegal).

    Whats more...none of this is even being used to "detect crime". Carnivore is (supposedly) just for monitoring individuals that are already under surveilence (which is suspect...since capturing email and or traffic can be done less intrusivly).

    Echelon data isn't even available to law enforcement, only to the NSA and whoever the NSA sees advantage in filling in. Its mostly used for spying on foreign politicians and companies.

    Frankly....crime is easy to detect. Either someone tells you about it, or you find a dead body. Those are the only crimes that I support the government looking into.

    And finnally there are no "Bad Guys", only people. The world is not, and never has been, divided into "white hats and black hats", just people.

    More important than finding the criminals is allowing the innocent to live their lives undisturbed and without fear of having every dirty little secret about themselves reviewed by others.

    Putting a person under a microscope and examining their life should be done very carefully, in fact it should be considered as if it were itself a punishment and used with much caution.

    There is just too much potential for abuse in these systems.

    -Steve
  • Because it can be abused.

    Think what Nixon or Hoover would have done with this ability.

    As I mentioned in another post [slashdot.org] in this thread, it would be very easy to ruin someone's reputation or blackmail them.

    Yes, the legitimate uses for a system like this is to watch for terrorist attacks or organized crime activities. But how hard would it be for the NSA to track the activities of those on its 'enemies list'? Not hard at all.

    So when Senator Doe, formerly an out spoken critic of the NSA, comes out of a meeting with the NSA and now says he understands why the NSA needs to do what they do, is it because he has had a change of heart? Or is it because the NSA showed him his file? And mentioned that information wants to be free.

    That's why we should all care.

    Steve M

  • I have a question. Does it really matter if they watch you? There are laws covering what they can and cannot use as evidence against you. If they had a folder of you doing subversive freaky things....so what? They can't use it unless they had a reason to suspect you in the first place.

    Yes, it really matters. Matter of fact, it is a constitutional right in the US to be secure in your person and possessions against unreasonable search and seizure. That is right - secure by default is the law. It is not ease of law enforcement by default.

    This is an essential liberty. It threatens free speech. It threatens many essential liberties guaranteed in the Bill of Rights.

    "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
    -Benjamin Franklin, 1759
  • by RebornData ( 25811 ) on Tuesday September 26, 2000 @01:07PM (#752598)
    Back before export restrictions were loosened (1996), Lotus worked out a "deal" with the NSA that would allow them export 64 bit encryption internationally in Lotus notes. For the international versions, they took 24 bits of the private key and encrypted them with the NSA's public key, so that (in theory) the NSA would get these 24 bits for "free", and would only need to crack the remaining 40 (which was export legal). The theory was that this was ultimately better for their international coverage, since they'd have 64 bit protection from everyone except the US government. (I won't waste space by pointing out the obvious problems with this approach.)

    This was publically announced and the technical details disclosed, so while it isn't great conspiracy fodder, it does point to close collaboration between the NSA and at least one major software company...
  • If you reread my post, you'll see that I didn't say what the referenced material said. It was background info, since the questioner clearly hadn't heard of this story when it first came up, and asked for evidence for or against.
  • > Congresscritters are very territorial.

    This is true and this is why the NSA is exempt from most of the checks in the system. People outside of the US (The targets of the NSA), don't have anyone on their side and the congressman from some small districat won't get worked up about something the NSA does because it won't effect his district.

    This is why congress has almost never had a problem with the NSA but has had issues with the ones that work in the US (by their charter) like FBI, CIA, BATF.
  • I had a conversation with a bank recently about them thinking about switching to 3des from des. I pulled out the Applied Crypto book, found the table of how fast things can be cracked, fixed up the historical data (it is an Old book), added a few factors that I've heard about and a projected when 3des should be able to be broken in real time. Its about 10 years away.

    How about some of 1024 bit public key crypto? Ever wonder why most of this stuff puts the message digest on the outside of they crypto payload? Its so you don't have to decrypt the data, if you can guess at the contents and can do the md fast, you don't ever even need to brute force they key. Its amzaing how much crypto does this. Also most of it is based on finding good primes. The keys you have are not good primes. If you look at RSA public key stuff you will find that if you have 2 primes as the keys you have a one to one mapping of the encode to decode keys. If one of thouse keys has two factors you will find that you 4 decode keys. 3 facotrs and you have 9 keys since the number seems to square. One bad pseudoprime and your rsa key could have thousands of decoding keys. Considering the NSA gave up buying machines that do big primes fast in about 1994, I'm assuming that the've found out something very interesting about factoring large psuedoprimes.

    Recently someone gave me a sample of a bunch of credit card numebrs that were safe since they md5ed them. A bit of code, a few computers and I was generating the card numbers within seconds. 5 minutes later the entire database was converted to plain text.
  • Many of the algorhythms that follow your D(E(T)) = T scheme are roughly the same. I'm not saying there aren't holes to be found (DES S-boxes, for example, have been rumored to have holes for years). But what would prevent me from implementing a DES-like scheme with no S-boxes whatsoever?

    The point is, while there is a great deal of math occasionally involved, anyone can put together an effective computer program. As long as you're not concerned with distributing it, and thus having the enemy learn its inner workings, you should be ok.

    Also, I don't believe having the source wide-open is a good idea. I'd rather craft my program and not have the enemy know my scheme.

  • Please define "Bad Guys".

    Bad guys are people who hurt me or those who I care about. _Dangerous_ guys are people who have the potential to hurt me or those who I care about (even if they haven't done any hurting yet).

    Being under the scrutiny of either type of person makes me feel unsafe, and looking for a means of protecting myself (either through offense or defense).

  • Truth is stranger than wild speculation. Two examples:

    At the "Information, National Policies, and International Infrastructure" Symposium held at Harvard Law School, Paul Strassmann, of the National Defense University, and William Marlow, of Science Applications International Corporation, in a session entitled "Anonymous Remailers as Risk-Free International Infoterrorists" were asked by Professor Charles Nesson, Harvard Law School, whether the CIA and similar government agencies are involved in running anonymous remailers as this would be a perfect target to scan possibly illegal messages. The answer: Yes. In addition they mentioned that the NSA has successfully developed systems to break encrypted messages below 1000 bit of key length and strongly suggested to use at least 1024 bit keys. They said that they themselves use 1024 bit keys.

    And this one is really amazing: Crypto AG, which several post have cited as having been revealed in numerous press accounts to have sold compromised crypto systems to governments around the world, is still in business! But the gold plating on the brass balls is the following statement from their CEO, which is currently on their Web site: "Since 1952, Crypto AG has been the specialist for information security at the highest cryptological and technical level. More than 130 countries have chosen Crypto AG as their trusted partner. This trust is based on the fact that Crypto AG is a financially and legally independent Swiss company. All shares are owned by one shareholder: a foundation with one goal, the commercial success of our company. Foundation status rules out any third-party influence, and this also guarantees full independence and freedom in the design, production and marketing of our products."

    What does this mean? For one, it means that having a backdoor revealed will not sink your company even if supposedly secure government communication systems are your only customers. And second, it means that back doors, if they do exist, are an economy measure. If it was encrypted by any popular and widely used tool, it can be forced. Which might explain why you don't see Louis Freeh on TV every night bashing consumer crypto tools.

  • ... projected when 3des should be able to be broken in real time. Its about 10 years away.

    Wrong. Amazingly, staggeringly wrong. The minimum amount of energy required to flip a bit is kT, which is 1.3 * 10**-23 joules per Kelvin. Multiply that by the ambient temperature of the universe, 3.2 K, and you get a minimum of 4.16 * 10**-23 joules per bitflip. This is a thermodynamic limitation of computers, and cannot be surpassed without shifting computation away from Turing machines.

    Now, 3DES has an effective 112-bit keyspace. 2**112 is about 5.2 * 10**33. Multiply (5.2 * 10**33) by (4.16 * 10**-23) and you get 2.16 * 10**11 joules of energy required to break 112 bits by brute force.

    2.16 * 10**11 is a huge amount of energy, on the order of 200 terajoules. But that assumes you have to exhaust the entire keyspace--considering you only have to search 50% of it, on average, you only have to apply 100 terajoules of energy.

    Remember: there is no way around this that we know of. This is a thermodynamic limitation; as soon as you figure out how to get past this, I suggest waiting by the phone because the Nobel folks are going to be calling long-distance from Oslo soon.

    I've got no choice but to completely and wholly discount your entire message. This analysis took me all of five minutes to conduct. It's not hard.

    Insofar as the likelihood of pseudoprimes not actually being prime--do you have any idea what you're talking about? I hate to sound irate (it's only because I'm very irate), but the entire notion of pseudoprimes is that they are probably prime. The likelihood of a pseudoprime not being prime is less likely than you winning the lottery, getting into a car crash, and being struck by lightning while having a hot date with a supermodel. Really. No, I'm not kidding.

    Please, get a clue.
  • by Admiral Burrito ( 11807 ) on Tuesday September 26, 2000 @04:21PM (#752623)

    Or, faction A defeats faction B, b/c they got the drop from information originally sourced from a Backdoored Appication or Operating System (BAOOS) that the NSA "leaked" to them.

    This sort of stuff has been going on for a long time.

    During the Iraq/Iran war the United States was backing Iraq (this was before Iraq invaded Kuwait). A Swiss company, "Crypto AG", was selling encryption hardware. Being Swiss they were not subject to U.S. export restrictions and there was an assumed neutrality. But, Crypto AG was in fact an NSA front. Iran bought encryption hardware from Crypto AG. The algorithms used had NSA backdoors. The NSA decrypted the Iranian communications and sent the info to Iraq.

    Eventually the Iranians figured out that there was a backdoor, and they arrested/kidnapped a Crypto AG salesman. If they hadn't this info probably never would have gone public.

    Interestingly enough, Crypto AG is still around [crypto.ch]. "High security solutions for governmental, business and military customers for networking, electronic data processing, telephony and radio applications." Heh.

    You can find more info through a Google search on "crypto AG NSA" [google.com].

  • If I get any more irate (see my other posts in response to this story) I'm going to get the Theo deRaadt Award...

    It's fairly simple to write an encryrption scheme using the available algorhythms...

    Yes. It's even simpler to screw it up. Any fool can make a system which they can't break. Making a system which nobody can break requires absolute genius.

    If every government wants perfect security, they should have their own classified programs with classified keys.

    No. Wrong. Go back to class and study some more. The Germans thought that Enigma was secure since the Allies didn't know how it worked, but Turing and friends did amazing work breaking the Enigma even before they had one of their own. The Japanese PURPLE cipher (?) was broken without ever knowing how it worked; they recreated it entirely from first principles.

    Without exception, every cipher I know of which kept its internals a trade secret has been a failure. The most recent spectacular failure is the NSA's SKIPJACK, which for years had its internals protected as a national secret. It didn't do anything to preserve the integrity of its messages; Eli Biham invented an entirely new branch of cryptanalysis (impossible-differential) and used it to cryptanalyze all but one round of SKIPJACK.

    The only systems which are worth trusting are those which have survived years and years of brutal peer review. I trust PGP and GPG; I trust Blowfish, IDEA and 3DES; I trust this, that and the other. I trust the PKCS-11 CRYPTOKI standard, I trust SSL when used properly. All of these have been peer reviewed extensively and exhaustively, and so far they're still standing.

    I don't trust anything which hasn't been extensively peer-reviewed. History shows that systems which have not survived brutal peer review do not survive in the real world.

    Some of my Marine friends are fond of saying, "Training ought to be so hard combat is a vacation." There's a lot of merit to that. In cryptography, peer review means that everyone is trying to break a system. Of all those people, odds are there are people with more skill and better resources than the people who are trying to break your system for-real. If a system survives peer review, it'll probably survive your enemies.

    If it's not submitted for peer review, you take your chances.

    Your chances aren't very good.
  • One has been found already; the hole in PGP discussed on Slashdot about two weeks ago. So it's a real problem.

    Where to look next? I'd look closely at

    • Voice-over-IP software
    • Instant messaging systems
    • Methods by which microphones on computers or cell phones might be remotely activated
    • PBX remote maintenance systems
    • Router remote maintenance ports
    Look closely at tools for private person-to-person communication.

    I used to be pro-NSA. But since we beat the Commies, we just don't have a big, well-organized enemy that requires that kind of snooping. Let's face it; the countries that really hate the US are basically losers. We might have some terrorism problems from some loser country, but they'll be down in the noise compared to, say, drunk driving. If state-sponsored terrorism gets to be a real problem, it's an act of war. This limits what a government can do before they end up at war with the Last Remaining Superpower, or, as with Iraq, most of the developed world.

    Even wiretapping is marginal from a law enforcement perspective. Well under 1% of prosecutions involve wiretaps. A total prohibition on wiretaps wouldn't cause a measurable blip in the crime rate. On the other hand, lousy computer security makes lots of white-collar crimes possible, some with high dollar amounts.

    So bad computer security as public policy is bad public policy. Any government official involved with backdoors or wiretapping should be considered soft on crime. That's the position to take in political forums.

  • This is not a joke.

    I am very, very tired of hearing people say that they can break this-and-that, or that such-and-such is trivial, or what-have-you. Most of the time, these people are total incompetents who like to make themselves sound much more clued in than they really are.

    The last time someone made claims like thogard did, I made a public challenge which was not accepted. Maybe this time will be different. So, without further ado:

    THE 6-HOUR MD5 CHALLENGE

    1. Rules.

    The only rule is you can't bribe the judges. If you want to lurk around my workplace, bushwhack me when I come out and beat the answer out of me, feel free. Don't do the crime if you can't do the time, though. You can cryptanalyze this, you can attempt to coerce it out of me, you can send an attractive woman my way (free hint: I'm partial to tall redheads) to coax it out of me, you can try and eavesdrop on my phone lines and overhear me give it away, I don't care.

    But you can't go after the judges, because then we don't have a fair contest. Fair?

    2. The Challenge

    If this challenge is accepted, I will submit to CmdrTaco (or another Slashdot employee, as he assigns) a credit card number. Specifically, my credit card number (with a few digits changed for my own self-preservation). I will also submit the MD5 hash of this (slightly modified) credit card number.

    No cribs will be given. It will not be announced whether it's the credit card number by itself, whether my name is part of the data, whether the expiration date is included, etc. CmdrTaco will verify that I'm not cheating.

    Once everything is set up, the MD5 hash will be put up on Slashdot. From the time it's put up, you'll have SIX HOURS to reverse the MD5 hash and get my credit card number.

    3. The Reward

    The reward is $1,000 cash. (Well, it'd actually be a cashier's check, but same difference.) If you can do it--especially if it's as easy as "a bit of code, a few computers, and I was generating the card numbers within seconds"--then this will be the easiest grand you've ever made in your life.

    All monies will be deposited in advance with CmdrTaco (or others as he assigns). If I don't cough up the dinero up front, the contest doesn't go forward.

    4. Frequently Asked Questions

    Why only six hours?

    Credit card numbers really aren't all that entropic; they're very predictable. The card I'm looking at right now has 16 digits, plus my name and two dates (valid-throughs). Brute-forcing 10**16 would take some time, even for an immensely large network, and that doesn't include the permutations of my name, the expiration dates, etc.

    Breaking DES by brute force requires an average of about 3 * 10**16 operations. Thus, breaking my credit card is a little harder than breaking DES. It's possible some Slashdotters with access to extremely large networks would be able to brute-force this, but I don't find it likely.

    If it's really as easy to break MD5 as thogard is claiming, six hours will be plenty of time.

    Why are you changing the digits of your credit card? If you have such faith in MD5, shouldn't you leave it unaltered?

    As I said, some Slashdotters may have access to extremely large networks which could brute-force it in a few days' time. I'm changing it just to cover my tail in case someone decides to spend weeks of processor time brute-forcing every possibility.

    Isn't MD5 in disfavor nowadays? Wouldn't SHA-1 be better?

    Yes, MD5 has a couple of potential attacks against it. I still have faith that it's very strong in practice, though.

    Are you serious about this?

    I'm serious about this. Are you?
  • Of course this would give America a HUGE advantage over other countries. The real question is this. If you and I can recognize that thiese backdoors give America an upper hand why are foreign governments still using Windows or office? I mean are they really that stupid? If I ran a country I would never use any software I didn't have the full source to and even then I would not use it until it was audited.

    A Dick and a Bush .. You know somebody's gonna get screwed.

  • Show me the academic papers which show you can reduce 3DES to complexity 2**78. The same attack could be used to reduce DES to complexity 2**39, which would be the world's first strong cryptanalytic attack against DES.

    Show me just one instance where someone used this attack against DES to break it by brute force in an average of 2**38 operations.

    Your argument about computing hardware is (a) wrong and (b) irrelevant. Moore's Law says that we can expect it to roughly double every eighteen months; if it increased eightfold in a year, this is highly unusual and is likely not a trend. Please point out the academic reports which talk about chips capable of doing a billion keys a second by themselves, or that the field of brute-force crackers is increasing by eightfold a year. That's why it's wrong; it's irrelevant because no matter what, thermodynamic limitations still apply.

    Please present me with a real analysis which backs up your claims, not some vague statement of potential attacks and a made-up number about hardware crackers.

    Too bad the crypto only works with one to one keys if the numbers are prime, probably prime isn't close enough.

    The odds of a good probable-prime being composite is less than the odds of you being struck by a meteor at the instant you read this post. If you're concerned about your probable-primes being composite, I would respectfully suggest that you should consider the threats to your life that meteor strikes, attack by killer bees, random violent stranglings with rabid wombats, etc., pose. To lament the likelihood of a composite probable-prime while not living in stark fear of death by slipping in the tub and breaking your neck is extremely irrational. The one is far more likely than the other, and has much more dire consequences.

    I have already issued a challenge to you on one of your more outrageous claims. I hope you take me up on it.
  • From the Crypto AG site. To recapitulate: The rumours about Crypto AG originated from a former staff member of Crypto AG who had to be dismissed.

    What would you expect them to say? "Oh yeah, we're working with the NSA to invade your privacy. Sorry! Do call again!" Read some of the stuff that shows up on Google about them. It is a lot more than just one disgruntled employee. "Just a disgruntled ex-employee" is the standard defence of any company faced with a whistleblower.

  • That's comic. So they're alleging that software *bought from* the justice department might have a possible backdoor that the justice department could access? Please. Not only has no evidence turned up (did the mounties drop the investigation?), but even if it did, that would be neither very surprising nor what this thread is about. The allegation here is that commercial software from independent software firm (even possibly the scary evil empire itself, whooo) contain such a backdoor.

    I repeat: prove it.
  • Sorry, that's a telecommunications network, not a software app. Most telecoms networks have the capability to be tapped under court order; indeed, Globalstar would be one of the few exceptions if it didn't.

    The allegation here was independent software apps (predictably, everyone immediately mentioned Microsoft) had such backdoors. I'm challenging them to provide any example of that.
  • Sounds like fun. The hard part is when you add extra data that isn't needed for the CC transaction. Here in the land downunder, expire dates aren't required by at least 3 banks so they are routinely not used. The name isn't used on all transactions so that only leaves a credit card number which are typicaly 6 digit bin+9 digit account+1 mod10. If know for example which bank your likly to have (and if your likly to have a gold card), that reduces the BIN (1st 6 digits) search range to a few hundred. Figure out the last 3 digits (which your number modification will break), and that leaves a small million things to try. If you assume that all the typical reciept data is all known text it becomes a trival game which was what I was talking about with bad crypto. Your challange makes this harder than the problem I had.

    I propose you generate a sample so that others can play with the concept and pre test their setups.

    To anyone else that wants to play, here is an inner loop of the program (mentioned in the first post). It takes 63 user seconds on the slowest box I had handy.


    while(count++<9999999 ) {
    int sum;
    MD5_Init(&c);
    //sprintf(buf,"411111%07chk", count+0000000);
    // cc1 is the bin, calc cc2 so mod10 works
    sprintf(buf,"%s%07d%s",cc1,count,cc2);
    len=strlen(buf);
    MD5_Update(&c,buf,len);
    MD5_Final(&(md[0]),&c);
    //if(strcmp("7ebf77977b585cb41c15606b92bfe123",pt1 (md)) {
    ////printf("%s %06d %s\t",cc1,count,cc2),print_md5(md);
    //}
    for (sum=i=0; i<MD5_DIGEST_LENGTH; i++)
    if(md[i] == md5cc[i])
    sum++;
    if(sum==MD5_DIGEST_LENGTH) {
    printf("%s %07d %s\t",cc1,count,cc2),print_md5(md);
    exit(0);
    }
    }


    It can be made much faster by MD5_Update only on the bits that change but keep in mind it does things by blocks. Removing the libc calls would help reduce it a bit too.
  • In other words, you had a set of cribs so extensive that you could've brute-forced it with pencil and paper. And you expect me to take that as evidence that MD5 is insecure?

    No samples will be provided. As I said--no cribs. (Actually, I lied. I intentionally put lots of cribs in that challenge, if you're smart enough to pick up on them.)

    Time to fish or cut bait, thogard. It's all up to you.
  • If Moors law applied for performance, your desktop box would be about as useful as a calculator.

    I'm not sure what you're meaning to infer there; my desktop box is a calculator. Just a really fast one with a large display. Moore's Law does apply to performance, and has applied for about the last 40 years.

    It was designed in 1997 ... just cracking does not require such features as CBC modes ...

    Of course it doesn't. CBC mode is ECB that's been XORed with the previous ciphertext block. Breaking CBC mode is computationally equivalent to breaking ECB mode, especially since if you have N blocks of text, you've got N-1 cribs. Or N cribs, if the CBC mode is brain-damaged and has a known IV.

    As far as the large primes go ... they were building two computers for the NSA when they went folded. ... They were paid for and the order was canceled after the machines were mostly complete. To me that says the NSA didn't need to do any more big prime number research since it would have not cost them any more money to have the machines completed.

    Reference, please? Even assuming this is true and not urban myth, it still demonstrates nothing. They could just as easily have discovered a proof that P != NP, thus making the entire attempt to break large composite two-factor numbers moot. There's not enough information there to draw any sort of inference from. It is just as dangerous to overestimate your enemy's capabilities as it is to underestimate them.

    I also know that some even numbers will pass many of the "prime" test used by many popular key generation programs.

    Bullshit. The first step in selecting a probable prime is to see if it's divisible by 2. This is really, really simple; you just check one of the low-order bits in the number and if it's set, it's not prime.

    If you've found a program which does prime generation and skips this step, please tell me, so that I can spread the word and trumpet from the mountaintop, "don't you dare even think of using this piece of crap".

    But I don't think you've found one, otherwise you'd have mentioned it by name.
  • It's a big field, if you didn't notice. Expecting me to keep track of the commercial dealings of the NSA and Cray Computers is like expecting a PhD physicist whose specialty is in physical chemistry to keep track of all the latest goings-ons in the world of superstring theory. Sure, the physical chemist can probably understand the majority of the theory, but only if he's given pointers in where to look for information.

    Cryptography is a science. Science is inherently skeptical; it's the process of saying "I'm from Missouri; show me." I've been saying "show me" until I'm blue in the face, and all you can say is "I'm right". Sorry. Science doesn't work that way. Nor does cryptography.

    You can't give me a single verifiable reference to back up your claims. You can't present me with any evidence that your supposed 2**78 attack against 3DES works. You can't present me with any evidence that there exist any prime number generators in commercial use which will pass on even numbers. You can't present me with a cryptanalysis of MD5, much less reverse it. You won't even accept a challenge to prove your claims, even when there's $1000 in it for "just a few seconds" of work on your part.

    You're a crypto poseur. Get a life.
  • Neither reference amounts to what can be called "hard evidence." They are both anecdotal, at best, not even falling into the realm of the circumstantial.

Only through hard work and perseverance can one truly suffer.

Working...