mersenneforum.org - Government snooping, backdoors and #necessaryhashtags

mersenneforum.org (https://www.mersenneforum.org/index.php)

- Soap Box (https://www.mersenneforum.org/forumdisplay.php?f=20)

- - Government snooping, backdoors and #necessaryhashtags (https://www.mersenneforum.org/showthread.php?t=18271)

[QUOTE=ewmayer;352214][url=www.reuters.com/article/2013/09/05/net-us-usa-security-snowden-encryption-idUSBRE98413720130905?feedType=RSS&feedName=domesticNews]New Snowden documents say NSA can break common Internet encryption[/url]: [i](Reuters) - The U.S. National Security Agency has secretly developed the ability to crack or circumvent commonplace Internet encryption used to protect everything from email to financial transactions, according to media reports citing documents obtained by former NSA contractor Edward Snowden.[/i][/QUOTE]
Suspicions are mounting that one of the alleged backdoors may be in a widely used cryptographic random number generator called [URL="http://en.wikipedia.org/wiki/Dual_EC_DRBG"]Dual_EC_DRBG[/URL]

The article suggests how such a backdoor might be implemented in practice.

[OT]

Bring back the lava lamp RNG!

[QUOTE=cheesehead;352312][OT]

Bring back the lava lamp RNG![/QUOTE]Nice in theory. A real pig to put into practice.

Incidentally I have a USB "lava-lamp". It consist of a container of liquid, probably water, and some flakes of aluminized plastic foil. The liquid is heated by three LEDs which are cycled by a PIC. Unfortunately the green LED stopped working about a year ago. I took the contraption to bits but was unable to repair it.

[QUOTE=xilman;352316]Nice in theory. A real pig to put into practice.[/QUOTE]

I wonder how difficult it would be to implement a tiny RNG based on decays of a smoke-detector-style radioactive-material module. Safely encapsulated, obviously, and using a tiny amount of stuff which need have a half-life only around that of a typical computer.

[i]Edit:[/i] It just occurs to me that the above is alas incompatible with applications requiring "repeatably random" number sequences.

[QUOTE]Incidentally I have a USB "lava-lamp". It consist of a container of liquid, probably water, and some flakes of aluminized plastic foil. The liquid is heated by three LEDs which are cycled by a PIC. Unfortunately the green LED stopped working about a year ago. I took the contraption to bits but was unable to repair it.[/QUOTE]

Replacements available for < $10 at your local online retailer.

[QUOTE=xilman;352316]Nice in theory. A real pig to put into practice.
[/QUOTE]

This very iPad has front and back-mounted 2D arrays of decent-quality Poisson noise sources: even assuming very horrible correlations and per-pixel variable dark current, md5sum(take-a-photo) should be entropic enough, whether the lens cap be on or no.

[QUOTE=ewmayer;352335]Replacements available for < $10 at your local online retailer.[/QUOTE]Oh, I know that, that's not the point. The original was a present and I've no great desire to replace it. The interest was in finding out how it was constructed and whether something as simple as a re-soldered joint might be sufficient to repair it

[url=www.zerohedge.com/news/2013-09-10/apple-announce-cheaper-golder-bigger-faster-iphone-galaxy-s5sc-livestream]NSA unveils its brand new fingerprint database[/url] ... oh wait, did the ZHers actually write that title? They meant, of course, "New iPhone 5S includes 'touch id' fingerprint-sensor technology". I'm sure they are very sorry about the typo.

[url=www.reuters.com/article/2013/09/09/us-usa-security-snowden-petrobras-idUSBRE9870AD20130909?feedType=RSS&feedName=domesticNews]U.S. tapped into networks of Google, Petrobras, others: report[/url]: [i](Reuters) - The U.S. government tapped into computer networks of companies including Google Inc. and Brazilian state-run oil firm Petroleo Brasileiro SA, according to leaked U.S. documents aired by Globo, Brazil's biggest television network.[/i]
[quote]A week after it broadcast a report that the U.S. National Security Agency spied on the presidents of Brazil and Mexico, Globo said the agency had also spied on major companies.

It showed slides from an NSA presentation, dated May 2012, that it said was used to show new agents how to spy on private computer networks.

In addition to Google and Petrobras the presentation suggested the NSA had tapped into systems operated by France's foreign ministry and the Society for Worldwide Interbank Financial Telecommunication, an international bank cooperative known as Swift, through which many international financial transactions take place.[/quote]
Hey, man, It's not industrial espionage if it's done in the name of the Holy War on Terror.

[B]The NSA's next move: silencing university professors?[/B]
[QUOTE]This actually happened yesterday:
A professor in the computer science department at Johns Hopkins, a leading American university, had written a post on his blog, hosted on the university's servers, focused on his area of expertise, which is cryptography. The post was highly critical of the government, specifically the National Security Agency, whose reckless behavior in attacking online security astonished him.
The post was widely circulated online because it is about the sense of betrayal within a community of technical people who had often collaborated with the government. (I linked to it myself.) On Monday, he gets a note from the acting dean of the engineering school asking him to take the post down and stop using the NSA logo as clip art in his posts. The email also informs him that if he resists he will need a lawyer.
[/QUOTE]Full article:
[URL]http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown-blog-post-johns-hopkins[/URL]
The university later backed down.

The computer science department of Cambridge University in the UK also receives pressure, such as in this example from a year or two ago where an ex-government minister writes on behalf of bankers:
[URL="http://www.cl.cam.ac.uk/%7Erja14/Papers/2011_10_11_16_00_32.pdf"]http://www.cl.cam.ac.uk/~rja14/Papers/2011_10_11_16_00_32.pdf[/URL]

Ross Anderson's response was typically robust:
[URL="http://www.cl.cam.ac.uk/%7Erja14/Papers/ukca2.pdf"]http://www.cl.cam.ac.uk/~rja14/Papers/ukca2.pdf[/URL]

[QUOTE]For my part I believe that the UK Cards Association owes us a clarification and an apology, plus an undertaking to cease and desist from harassing security researchers.[/QUOTE]

[URL="http://it.slashdot.org/story/13/09/11/1224252/are-the-nist-standard-elliptic-curves-back-doored"]Are the NIST Standard Elliptic Curves Back-doored?[/URL]

Who is the real boss?

[url]http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents[/url]

[QUOTE]The National Security Agency routinely shares raw intelligence data with [URL="http://www.theguardian.com/world/israel"]Israel[/URL] without first sifting it to remove information about US citizens, [URL="http://www.theguardian.com/world/interactive/2013/sep/11/nsa-israel-intelligence-memorandum-understanding-document"]a top-secret document provided to the Guardian[/URL] by whistleblower Edward Snowden reveals.
Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the [URL="http://www.theguardian.com/world/nsa"]NSA[/URL] and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.
[/QUOTE]

[QUOTE=garo;352765]Who is the real boss?[/QUOTE]

An excellent question.

Imagine the deafening silence in response....