Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Good Overview Of What Is Still Secure?

Darren Cook writes:

 > Just reading [1] on how the NSA/GHCQ have backdoors in HTTPS and
 > commercial VPNs.

Well, all of the encryption standards are basically underwritten by
the NSA.  There are a couple of stories, one which has never been
confirmed (that the security agencies have inserted weaknesses into
encryption standards), and one which has been confirmed, that the NSA
tweaked the DES slightly during development and prevented an exploit
that was confirmed a decade later.  It wasn't until the exploit was
discovered that anybody knew why the NSA had recommended the tweak.  I
believe *both* stories....

 > That article was a bit sparse on clear technical information; is it
 > too smug to think that, as someone using open source software
 > almost completely, this is Somebody Else's Problem?

Way too smug.  As I say, the NSA provides a lot of input into crypto
standards, most of it clearly improving the algorithms on first
sight.  But you should assume that the Department of Dirty Tricks gets
a veto over what the Bureau of Good Deeds gets to contribute to the

Worse, open source stuff is written by volunteers, and almost none of
the actual distributions get vetted by the Bureau of Good Deeds.
Recall the Debian SSH fiasco, where somebody removed what he thought
was unnecessary code and reduced the space of keys that could actually
be generated by Debian's distributed ssh-keygen to 16384 different
keys (IIRC, it might have been a bit bigger, but definitely within
brute-force cracking range).

 > Any suggestions for a good, up to date article that describes what is
 > potentially compromised, and what is still secure?

Not off hand.  The RISKs folks, Bruce Schneier's blog, stuff like that
would be where I'd look.

 > Something at the level of someone who knows the difference between
 > their public and private key, and knows that sha256 is better than
 > md5 but if asked why would have to lamely tell you: "'cos I heard
 > clever people tell me so".

You'll still be at that level when you're done.  "Why" one is better
than another is seriously hard math.  The only thing that's likely to
make any sense without a PhD (and that in the right kind of math) is
that within a family of schemes more bits in the keys means better
security.  (But maybe you'll find it easier than me.  I think of
myself as moderately familiar what math, but maybe I'm kidding
myself.  I figured out how Diffie-Hellman works, but never did really
grok RSA or any of the more modern algorithms for public key crypto.)

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links