SoylentNews is people
SoylentNews
Linux Kernel 4.17 saw the inclusion of NSA's 'controversial' encryption algorithm Speck. Linux Kernel 4.18 will see Speck being available as a supported algorithm with fscrypt and not everyone is happy about it.
Before you panic or form wrong conclusions, you should know that Speck is not a backdoor. It's just a not-so-strong encryption algorithm from American agency NSA and it's available as a module in Linux Kernel.
The algorithm in question, Speck, is a 'weak' encryption (lightweight block cipher) designed for devices with low computing powers i.e., IoT devices.
NSA wanted Speck and its companion algorithm Simon to become a global standard for next generation of internet-of-things gizmos and sensors.
NSA tried to aggressively push this algorithm to an extent that some cryptographer alleged bullying and harassment at the hands of NSA.
The problem with the algorithm is that the International Organization of Standards (ISO) rejected Speck and Simon.
Google engineer Eric Biggers requested the inclusion of Speck in Kernel 4.17 because Google is going to provide Speck as an option for dm-crypt and fscrypt on Android.
The focus is on providing encryption on Android Go, an Android version tailored to run on entry-level smartphones. As of today, these devices are not encrypted because AES is not fast enough for the low-end devices.
(Score: 5, Insightful) by DannyB on Friday August 10 2018, @05:04PM (29 children)
It's not the actual algorithm that NSA cares about. They don't even care about getting their algorithm into the kernel.
What NSA wants is to get their implementation of anything complex into the kernel. Large complex and obscure code is a great place to hide exploits. Even if it is not in the initial implementation. There may be patches in the future which are complex and difficult to understand. Something that looks like a tight inner loop doing some plausible processing could be some kind of side channel hardware attack of the spectre variety. Or who knows what secret combination of instructions could wake up something in your good friend the Intel Management Engine.
But maybe I'm being too paranoid. There simply is No Such Agency that would want to compromise the Linux kernel. After the Snowden revelations, nothing seems too paranoid anymore.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 1, Informative) by Anonymous Coward on Friday August 10 2018, @05:06PM (15 children)
You might be right, but still: You're just saying.
(Score: 1, Interesting) by Anonymous Coward on Friday August 10 2018, @05:21PM (2 children)
The actual question(s) should be:
Can I compile my own kernel without any part of this easily (i.e. a simple flag such as SPEC_AND_SIMON=NO)
Is this implemented entirely as a KLM (that I can block/remove/disable)? If not, why not?
(Score: 0) by Anonymous Coward on Friday August 10 2018, @05:32PM
Yes.
Yes.
(Score: 0) by Anonymous Coward on Friday August 10 2018, @05:33PM
The article mentions blacklisting the module, so it would appear to be built/buildable as one. And given that there's a flag for every other encryption algorithm that can be built into the kernel I'd assume there's one for speck as well, but I haven't built a 4.17 kernel yet so it's still just an AC speculating on the internet.
(Score: 5, Insightful) by edIII on Friday August 10 2018, @07:14PM (11 children)
He may be just saying, but he's saying it about the NSA. They deserve absolutely zero trust, and extreme suspicion for any of their activities. It's like saying that some guy likely wants to abuse a child for X reason, and you point out the hearsay and lack of evidence while completely ignoring that this same guy was already convicted of mass kiddie fucking. It may be a theory as to why the NSA is doing it, but it's not even paranoia anymore to say that the NSA fundamentally provides a disservice to the American people and they should be treated with heavy suspicion.
Those assclowns had their chances. So many chances to do the right thing and increase the level of security in America's communications and computing in general. Instead, in every single case they chose to weaponize information for use against America's enemies, and ultimately against the American people as well. That's completely ignoring any kind of collusion with Microsoft and others to deliberately introduce weaknesses. We're just talking about bugs and exploits that they never bothered to responsibly disclose.
What good does the NSA do again? For average Americans? Why should we ever trust them again? For that matter, considering this government talks about utterly stupid shit like "responsible encryption", why should we trust that the government would ever cooperate with establishing real security in computing?
No, the U.S government has strongly established itself as the enemy of free computing. There's no paranoia involved. Just facts.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2, Troll) by Anonymous Coward on Friday August 10 2018, @07:33PM (8 children)
Hi, rest of the world here. Fuck you and go vote for someone who's neither D nor R if you want change. The NSA at least has the courtesy to call their good chums at GCHQ to do the actual spying on you Murricans, because of your inalienable rights. These are magically invalid for the rest of the world, so us subhumans have to beware of getting our every digital move recorded and analyzed by what must be the most significant subversion of basic human rights in history.
BTW please tell your non-D or R rep you want the NSA to take the FBI and DEA with them on the way out. More magic superpower agencies doing the same shit, just less public. While I think about it, write about that military of yours too. Your "defense" spendings make it quite clear this force is actually meant for aggression. You're quite lucky the rest of the world has not long done what must be done to an aggressor to achieve peace.
Free computing my ass. More like enemy of humanity. Please die.
(Score: 0, Informative) by Anonymous Coward on Friday August 10 2018, @09:40PM
What a sad, sad deluded individual you are. You live in a bubble that you think you represent the rest of Americans. Take your own advice.
(Score: 4, Interesting) by requerdanos on Friday August 10 2018, @10:13PM (2 children)
That's sage advice [freworld.info]. We have a climate here where people say "bipartisan" and instead of understanding that it means "R and D closing ranks against you", believe that it means "neutral". It doesn't.
Then we have people who, when you say "the rest of the world", think you mean "the rest of America", which is about the general level of sophistication of the voters that needs to grasp that when the elected positions change, the government doesn't change (just figureheads and legislators), because the government is executed through a multitude of agencies whose staff will change by perhaps two to three persons if that after even a presidential election.
To roll back the changes that brought about comprehensive NSA domestic spying, we have to build a government with neither R nor D in charge. It's honestly been slow going so far. I don't think that the fact that it even affects the Linux kernel is going to swing many votes, either.
(Score: 0) by Anonymous Coward on Friday August 10 2018, @10:23PM (1 child)
Funny how we can agree here while stabbing each others with shivs in that other discussion. Ah, the joys of AC :)
(Score: 2) by requerdanos on Friday August 10 2018, @10:34PM
When you're right, you're right; I'd agree with you here even if both threads were under your name. I was serious in thanking you for your cultural perspective.
(Score: 2) by MichaelDavidCrawford on Saturday August 11 2018, @04:38AM (2 children)
The DOD was at one time called the "Department Of War", but then war went out of style.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by maxwell demon on Saturday August 11 2018, @07:03PM (1 child)
So how long until they rename it to “Department of Peace”?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by DannyB on Sunday August 12 2018, @01:13AM
It's Department of Piece. How big of a piece of the government pie can you get?
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by DannyB on Sunday August 12 2018, @01:16AM
Dear rest of the world,
You only constitute a mere 95 % of the world population. Yet you expect Americans to believe that there are actually other countries or people outside the US.
(95% = google US population, google world population, divide)
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 0) by Anonymous Coward on Saturday August 11 2018, @07:42AM
SELinux isn't that bad.
In contrast I'm finding it hard to figure out what good the CIA has done... And the CIA certainly have done a whole lot more evil than the NSA.
(Score: 0) by Anonymous Coward on Saturday August 11 2018, @11:54AM
Not convicted. The evidence has been circulating in public for years, and is not even disputed, yet there has been not a single arraignment.
(Score: 1, Informative) by Anonymous Coward on Friday August 10 2018, @05:37PM
If you don't want to run this code, don't enable it.
Linux has dozens upon dozens of crypto algorithms implemented. Some of them are probably insecure and/or buggy. As a general rule, I suggest not enabling any code you don't plan to use.
(Score: 2) by dast on Friday August 10 2018, @06:31PM (4 children)
Uh, I hate to break this to you, but there's been plenty NSA code in the Linux kernel for years.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/rhlcommon-appendix-0005.html [redhat.com]
Thankfully it looks like Spec will be just another module, so we can remove it.
(Score: 3, Insightful) by Runaway1956 on Friday August 10 2018, @07:16PM (3 children)
SELinux has been around for quite awhile now. Countless people have evaluated it, some quite rigorously, others less so. To date, SELinux has passed muster with just about everyone.
And, all of that has nothing to do with the fact that government in general, and the NSA in particular, abhor privacy and secrecy among the population at large. Privacy and secrecy are only for government, and for a small number of elite individuals.
NSA and other government agencies have done a lot of good things for today's internet and computing - and they've also done plenty of bad things. Asking people to "trust the government" because that government did something good a few years ago seems rather foolish. If the creepy old man gave a bunch of children some candy, would you advise the children to trust the creepy old man?
So, yes, you're right - there IS NSA code in Linux. That is no reason to TRUST the NSA.
(Score: 2) by bob_super on Friday August 10 2018, @07:44PM (1 child)
> SELinux has been around for quite awhile now. Countless people have evaluated it, some quite rigorously,
> others less so. To date, SELinux has passed muster with just about everyone.
Don't you know that the Illuminati Masons - Lizard Branch arranged for all those people to lie to you about the backdoors, a Global Secret Agreement to keep spying on all populations ?
(Score: 1, Touché) by Anonymous Coward on Friday August 10 2018, @08:36PM
Your cheap jab at "conspiracy theorists" is misplaced. Snowden docs proved that "conspiracy theories" about the NSA were not just true, but that reality was worse than some of the wildest speculations.
Are you asserting that underhanded code hidden in something as large and complex as SELinux would be ovious to any serious code auditor?
(Score: 3, Insightful) by Joe Desertrat on Friday August 10 2018, @10:29PM
You can also add that corporations like Google and Facebook abhor privacy and secrecy among the population at large. Google, after all, is the one requesting this be included in the Linux kernel so they can implement it in Android.
(Score: 4, Insightful) by epitaxial on Friday August 10 2018, @07:51PM (2 children)
The many eyes argument died with Heartbleed.
(Score: 0) by Anonymous Coward on Friday August 10 2018, @11:03PM (1 child)
did someone say buttes?
(Score: 2) by hendrikboom on Saturday August 11 2018, @12:33AM
Geological formations?
(Score: 3, Funny) by JoeMerchant on Friday August 10 2018, @08:04PM (1 child)
Seems simple enough to switch out the NSA module for people who aren't using the Google products that depend on it.
All in all, this feels to me like putting a page with a giant swastika on it into the Talmud... harmless, even if it is offensive.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Saturday August 11 2018, @03:22AM
That would not fit in well. Talmud is extremely racist and teaches racism and the supremacy of the jewish race (not khazar race) over everyone else. The Swastika is an ancient symbol of peace. Jews being murderous satanists are about anything but peace...
It would be offensive to the Swastika being placed in a book that came out of the gutter.
(Score: 3, Insightful) by PinkyGigglebrain on Friday August 10 2018, @08:58PM
As was once said; "Your only paranoid if they are NOT out to get you".
As we have seen lately the NSA and other TLAs seem Hells bent on getting everyone they can, so unless you also think the door knobs or "Welcome" mats are out to get you as well you are most definitely not paranoid. You've just been paying attention.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 2) by sjames on Sunday August 12 2018, @11:26PM
After this [arstechnica.com] incident, I wouldn't put that past the NSA at all.
(Score: 5, Interesting) by MichaelDavidCrawford on Friday August 10 2018, @05:43PM (3 children)
In late 2002 I implemented AES about the Oxford Semiconductor OXFW911 IDE/Firewire bridge chip. At the time the 911 was popular for external Firewire drive enclosures.
I used a hand-tuned blend of ARM and Thumb assembler. The controller on the 911 was a 49 MHz ARM7TDMI. I also copied the crypto from the slow 16-bit flash to the fast 32-bit RAM.
It worked well enough that it was a huge hit at the 2003 MacWorld Expo. James Wiebe was very pleased because it got Wiebetech lots of press.
But it never went fast enough that I could play a movie from an encrypted volume.
James later sold the company to his direct competitor CRU. CRU Wiebetech [cru-inc.com] now sells enclosures with true hardware encryption.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by RS3 on Friday August 10 2018, @11:18PM (1 child)
Oh, would a nice FPGA (lattice, xilinx, etc.) have done the trick?
(Score: 2) by MichaelDavidCrawford on Saturday August 11 2018, @04:17AM
All the work I did for James was aimed at creating new kinds of products without changing the actual hardware.
Get This:
James Wiebe made bank as a result of my removing from the 911, 912 and 922 firmware their abilities to write to the storage media. I'm talking #if 0'ing three lines of code.
The Wiebetech Forensic Storage products did then and still do sell like hotcakes: if you image a suspect's drive with a Wiebetech Forensic Storage Adapter, the original drive is still admissible in court, because you could not possibly have altered the data on it.
They're also popular with all the spy agencies. There is no doubt in my mind whatsoever that a Wiebetech Forensic Storage Adapter was used to image Usama ben Laden's disks.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by sjames on Sunday August 12 2018, @11:50PM
Of course these days, it's not hard to find a fast enough ARM and many SOC have hardware AES baked in.
Considering how much easier it is to get a low cost ARM with more than enough power for real crypto now, I have real questions about the NSA's motives.
(Score: 4, Insightful) by insanumingenium on Friday August 10 2018, @05:49PM (10 children)
At the risk of being paranoid, the fact that you can choose not to compile it does not speak to my concerns. I don't want to support bad encryption at any level, look at all the trouble "export" encryption caused us 20 years later, even though it was ostensibly totally unused and only included for compatibility (logjam/freak I'm looking at you). And on a less technical front, I don't want anyone claiming that this is a accepted encryption standard because it is supported by Linux/Google/Android Go.
(Score: 2) by Pino P on Friday August 10 2018, @06:13PM (9 children)
Would you prefer to have to charge or replace devices' batteries far more often so that they can run high-grade encryption?
(Score: 2) by Arik on Friday August 10 2018, @06:21PM (2 children)
And as long as we're talking about battery life, get rid of the stupid touch-screen and the google adware and your time between charge will go down dramatically.
If laughter is the best medicine, who are the best doctors?
(Score: 1, Touché) by Anonymous Coward on Friday August 10 2018, @08:38PM
I don't think this means what you think it does...
(Score: 2) by Thexalon on Friday August 10 2018, @11:54PM
Not to mention the backdoor crypto-currency mining that has probably been added to these devices. Either by the manufacturer, or by someone who got in due to your weak encryption, or both.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by insanumingenium on Friday August 10 2018, @07:14PM
Even if your false equivalence was accurate, the answer would be a resounding yes.
(Score: 2) by Runaway1956 on Friday August 10 2018, @07:27PM (2 children)
That may be the wrong question.
If this particular encryption is widely accepted for phones and other devices with limited power - then people are going to assume that it must be pretty good encryption. These encryption standards will then be adopted for use pretty much everywhere. The exceptions will be tech savvy people who know better, and/or the paranoid.
And, that is pretty much where we are today, anyway. Most people find that encryption is just too much of a hassle. Most people can't be bothered with anything as complicated as encrypting their mail, or even using HTTPS by default.
So, if a poor standard becomes widely accepted, then your average Joe is going to have a false sense of security. "Oh, everyone is using ROT13, it must be pretty good encryption!"
But, in response to the question you asked: Arik has it exactly right. The paying customer should be making that choice, not the NSA, the telephone vendor, the telco, or anyone else. Maybe I'll have to pay an extra $75 for the device capable of doing proper encryption - maybe I'll have to pay an extra $150. But, that choice should be mine, and it should be yours. It should not be the choice of corporate CEO's or government agencies.
(Score: 3, Touché) by insanumingenium on Friday August 10 2018, @08:39PM
Come on Runaway, no-one uses ROT13 anymore, we all went digital and use XOR 0xFF instead.
(Score: 1, Interesting) by Anonymous Coward on Saturday August 11 2018, @08:05AM
Then logically in order to have that choice this weak crypto SHOULD be included in the kernel. Because not allowing it in kernel is more likely to reduce choice than increase it. Without the code you don't have the choice of enabling/including it or disabling/removing it. The choice of not having it will have been made by someone else other than you or the customer. It's generally easier to disable existing code than to add code that's not included.
As for my opinion, having more choices is way OVERRATED! People don't need more choices. People need more GOOD choices (and fewer bad choices). More good choices increases the chance of making the right choice even if accidentally/ignorantly/mistakenly. Whereas just having more choices doesn't, and more bad choices increases the chances of making the wrong choice. Adding a weak crypto choice seems more like adding a bad choice. It's like adding another shit cake option to the shit cakes and chocolate cakes options for people to choose from.
Just look at WiFi to see what happens when crap security becomes a standard. You're stuck with crap security for decades even when the hardware can do so much better. Even though SSL2 was flawed if the WiFi bunch copied it back in the 1990s the security issues today would be on a different and more advanced level (and we would more likely to be able to have secure anonymous WiFi at Starbucks etc, rather than far weaker disgusting crap where everyone shares the same key and attackers can thus decrypt stuff if they get the handshakes).
(Score: 1) by khallow on Saturday August 11 2018, @10:56AM
(Score: 2) by sjames on Sunday August 12 2018, @11:55PM
That's not necessarily an issue anymore. It's easy to get an ARM suitable for Linux with AES in hardware. If that's too much power, it's also available in the Cortex-M line.
Why would anyone sane want to leave the dedicated hardware idle and crunch a much weaker cipher on the main CPU?
(Score: -1, Troll) by Anonymous Coward on Friday August 10 2018, @05:51PM
We know that kernel developers are all just incels who hate women because they can't get laid. What a bunch of pussies. If they were popping cherries, they wouldn't be complaining about "bullying" and "harassment" like pussy faggots.
If it weren't for those incel faggots who dork around with computer shit instead of popping cherries, Hillary Clinton would be president. Can't we just drone those incels? Or at least get some police upon them?
(Score: 1) by exaeta on Friday August 10 2018, @06:06PM
ChaCha20 and related ciphers are stronger and faster than AES. Sure it requires a nonce and such, but can't we manage that?
The Government is a Bird
(Score: 0) by Anonymous Coward on Friday August 10 2018, @06:31PM
where are the links for the claims of harassment and bullying? this community should be sure to disseminate that info or else we are being derelict in our duties as we should know from the aaron swartz travesty that if the NSA is anything like the seditious pigs at the FBI they aren't above bullying nerds to death.
(Score: 4, Informative) by Rich on Friday August 10 2018, @07:30PM (1 child)
I just looked up the AES speed of an STM32. Found measurements of a 50 MHz ARM Cortex M3 for one implementation:
https://realtimelogic.com/products/sharkssl/Cortex-M3/ [realtimelogic.com]
Between 250 (slowest mode) and 750 (fastest mode) KB/sec. That's the baseline of the cheapest CPU available for gadgets. Today's eBay price for a bluepill board: 1,67 EUR + shipping within Germany. This CPU is way too small to run Linux. Even if that is only the remote IoT device, I don't see any use case where such a small system would require transmitting the amount of data it could encrypt or decrypt on the fly.
We might assume micropower-8-bit IoT clients, but then on the host side, a userland library for such fringe cases would easily do. Besides, if anything has enough power for a TCP stack, it should easily do AES on the side.
Conclusion: The inclusion is not a good idea, because in the end it will be included in the major distro kernels and then be a risk for all kinds of breakage, where connections can "accidentally" fall back.
(Score: 1, Informative) by Anonymous Coward on Friday August 10 2018, @09:09PM
Also, it is not uncommon for SoC to have AES hardware engine for offloading encryption.
(Score: 2, Offtopic) by realDonaldTrump on Saturday August 11 2018, @05:10AM (1 child)
This one is easy, folks. Get the best phone. And it will handle ALL THE BEST and most modern cyber. No more worries about poor person cyber!!!!
(Score: 2) by kazzie on Saturday August 11 2018, @05:15PM
Which poor person did you cyber with?
(Score: 1, Insightful) by Anonymous Coward on Saturday August 11 2018, @05:06PM
Is worse than none. You think you are safe.. and act like you are. But you are not.
( plus you waste resources )