[Cryptography] MITM source patching [was Schneier got spooked]

Eugen Leitl eugen at leitl.org
Sun Sep 8 07:47:37 EDT 2013

On Sat, Sep 07, 2013 at 07:42:33PM -1000, Tim Newsham wrote:
> Jumping in to this a little late, but:
> >  Q: "Could the NSA be intercepting downloads of open-source
> > encryption software and silently replacing these with their own versions?"
> >  A: (Schneier) Yes, I believe so.
> perhaps, but they would risk being noticed. Some people check file hashes
> when downloading code. FreeBSD's port system even does it for you and
> I'm sure other package systems do, too.   If this was going on en masse,

There is a specific unit within NSA that attempts to obtain keys not in
the key cache. Obviously, package-signing secrets are extremely valuable,
since they're likely to work for hardened (or so they think) targets.

For convenience reasons the signing secrets are typically not secured.
If something is online you don't even need physical access to obtain it.

The workaround for this is to build packages from source, especially
if there's deterministic build available so that you can check whether
the published binary for public consumption is kosher, and verify
signatures with information obtained out of band. Checking key 
fingeprints on dead tree given in person is inconvenient, and does 
not give you complete trust, but it is much better than just blindly 
install something from online depositories.

> it would get picked up pretty quickly...  If targeted, on the other hand, it
> would work well enough...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130908/ecb3d98a/attachment.pgp>

More information about the cryptography mailing list