[Cryptography] how reliably do audits spot backdoors? (was: Re: RSA is dead.)

[Tom Mitchell]

On Sun, Dec 22, 2013 at 4:51 PM, Jonathan Thornburg <
jthorn at astro.indiana.edu> wrote:

> On Sun, 22 Dec 2013, Bill Cox wrote:
> [[re Peter Gutmann's claim that backdoors in source-code
> may escape discovery in audits]]
> > Nonsense.  Most other equally capable developers should be able to
> discover



With open source code the NSA would be foolish to install a true back door.

i.e. The NSA would be foolish to assume that they could craft a side door
in open
source code that would withstand the scrutiny of another nations security
agency
(ANSA).  The folk I have encountered that work there (short and old list)
are not
foolish or stupid.   Their data integrity folk are darn good.

I can see weaknesses to establish a class of ability or a time window.
For example in
the days that  RSA  and the NSA  negotiated the $10M contract FPGA and ASIC
attacks
were the tools of a rare and limited set of nations and corporations.    My
memory may
be fading but I recall this time frame and believe I heard "smart" folk
indicate that this was
not clearly beyond the tools of the spooks but was beyond the tool reach of
even organized
crime at that time.  Key concept  "at that time".

I make weakness level security decisions all the time.   I do not have the
worlds strongest
lock on my home.   I have also not replaced the locks on my car.   My gym
locker lock is
an easy to open high school grade combination padlock.   Most of these
locks I can still
open with my eyes closed in moments the same as I could  back in high
school.

Down the road is a high voltage transformer with a lock on it.   OK it
looks like a lock
but is a seal in the shape of a padlock.   It is made of aluminum(?) for
the most part and
is designed to be cut off with cutters.  The same as used to cut heavy
aluminum and copper
cables.   It is tamper evident, it should withstand an attack for a little
bit of time with
a hammer or bashing with a rock.   If a teenager busted in and fried his
little brain till
it burst the power company clearly is not maintaining an attractive
nuisance. There is
no master key to be lost.  It could be made of more durable material like
hardened steel
and more but it does not need to be.

My thoughts on this is that if you wish to be NSA proof you have some work
to do.

All of this does take me to a couple places:

First is a reminder of the Morris worm attacks.
The Dad wrote a book and none in the community addressed these design flaws
and bugs
Jr. crafted a worm that escaped or was let free on the world.  Not zero
day, no criminal
element, no national security enemy.  The BSD folk seem to have learned
this lesson.

Second:  "Target"... clearly criminals were involved ,  national interests
& government sponsored... not likely.
The Price tag of the breach at Target is possibly astounding.  Some credit
card
companies have eviscerated their limits to limit their risk.   All they
have to do is
write a report.... "if Used @ Target establish limits and throttle the
limit of abuse
and liability".  There are many lessons to be learned here.

Third:  can wait for the new year.

Forth/Fourth:   All things are not equal and too many take two things as
all the proof
needed to take a product to market.   Code reviews and code review tools
need
work today.   The bad guys are looking at the same code you have.   Clear,
precise,
testable....  etc... It is interesting that the word code is used in so
many ways.










-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131224/75f2bb54/attachment.html>