[Cryptography] Kindle as crypto hardware

ianG iang at iang.org
Wed Dec 11 08:17:38 EST 2013 

On 6/12/13 01:53 AM, Phillip Hallam-Baker wrote:
> On Thu, Dec 5, 2013 at 4:23 PM, Theodore Ts'o <tytso at mit.edu
> <mailto:tytso at mit.edu>> wrote:
>
>     On Thu, Dec 05, 2013 at 08:01:04PM +0100, Lodewijk andré de la porte
>     wrote:
>      >
>      > It's a joke. Noise patterns from hardware are a serious concern
>     though.
>
>     A few years ago, people who suggested that NIST might issue a standard
>     sabotaged by the NSA would be a joke and/or the paranoid ravings of
>     the tin foil hat crowd...


I think that point bears repeating, especially by those of us who were 
paranoid ravers :)


> I don't think that is what DUAL_EC_DRNG started as.
>
> It would make perfect sense to have a mechanism that allowed the NSA to
> check cryptohardware to see if the random number generator has been
> bongoed. And one way to do that is to put a backdoor in it so you can
> dump out the random number seed being used and check.
>
> The point at which the spec was released was just after a leadership
> change at the NSA and at a time when the military thought itself
> completely above any form of accountability.
>
> I don't think they would have done that before because the people inside
> the agency saying 'this is going to be found out' would be listened to.
> And I am pretty certain that there were such people because they are not
> stupid. Like the numerous analysts at the CIA telling the administration
> that there was no evidence of WMD in Iraq or collusion with Al Qaeda,
> the experts were ignored by a bunch of arrogant showboats.


I agree that the intervention likely didn't start as more than an 
incremental tweak to programmes already in existence for other purposes. 
  Step by baby step.

But now it is policy.  The DUAL_EC_DRBG is just the one we have the more 
or less complete picture on.  A reasonable observer should be able to 
conclude that the SSL/PKI debacle is in the NSA's best interests, and 
this puts all of the PKIX and TLS and HTTPS-everywhere efforts under a 
cloud [2].  As is cloud :)

Hardware encryption is regularly targeted.  Commercial software crypto 
is compromised.  We have no "evidence" that they interfered in each 
case, but we've long suspected it and the expectation should now switch 
to a probable.

As in, probable cause, good enough for an arrest, if we could identify 
the crime.  Yesterdays news:  they targeted game communities, without 
any evidence!  While it is interesting to figure out how it happened, 
that's really the topic of history.  It happened.

Security must concentrate on the here and now -- how do we defend?  Do 
we?  Can we?  How much to pay?



iang

More information about the cryptography mailing list