[Cryptography] "NSA could put undetectable “trapdoors” in millions of crypto keys"

Sebastian Krahmer krahmer at suse.com
Wed Oct 12 03:19:49 EDT 2016 

On Tue, Oct 11, 2016 at 11:56:47AM -0400, Jerry Leichter wrote:
> Ars Technicha at http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/
> 
> "Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners."
> 
> Basically the researchers describe a way to generate primes for which number sieve is much easier if you know the secret - and there's no way to detect this by looking at the prime.  In the case of 1024 bit D-H primes, the result would be to move cracking into a fairly easy range.  And in the case of most of the widely-used 1024-bit D-H primes, nothing is known about how they were generated.
> 
> Original paper at https://eprint.iacr.org/2016/961.pdf.  The paper points out that all the basic work was done by Gordon back in 1992, but his technique wasn't able to hide the "spike" successfully, partly because doing so at the time seemed to require an impractical amount of computation.  The authors were able to expand the attack and use more modern hardware to make the attack go through.

NUMS and NOBUS isnt really new, thats why standards like for the
Brainpool parameters exist. Indeed, reproducability should be
applied for other primes too. Related to this, it should
also be applied to compiler generated code (binaries), i.e.
reproducable builds.

To cope with NOBUS/NUMS in ECDH, have a look how opmsg is handling this
via cross-domain ECDH:

http://c-skills.blogspot.de/2016/08/cross-domain-ecdh-trickery.html
https://github.com/stealth/opmsg#cross-domain-ecdh

The basic idea is to use the intel compartments that aims to
protect the NOBUS secrets to build strong keys.

Sebastian


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer at suse.com - SuSE Security Team

More information about the cryptography mailing list