Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Friday August 10 2018, @04:53PM   Printer-friendly
from the matter-of-trust dept.

Linux Kernel 4.17 saw the inclusion of NSA's 'controversial' encryption algorithm Speck. Linux Kernel 4.18 will see Speck being available as a supported algorithm with fscrypt and not everyone is happy about it.

Before you panic or form wrong conclusions, you should know that Speck is not a backdoor. It's just a not-so-strong encryption algorithm from American agency NSA and it's available as a module in Linux Kernel.

The algorithm in question, Speck, is a 'weak' encryption (lightweight block cipher) designed for devices with low computing powers i.e., IoT devices.

NSA wanted Speck and its companion algorithm Simon to become a global standard for next generation of internet-of-things gizmos and sensors.

NSA tried to aggressively push this algorithm to an extent that some cryptographer alleged bullying and harassment at the hands of NSA.

The problem with the algorithm is that the International Organization of Standards (ISO) rejected Speck and Simon.

Google engineer Eric Biggers requested the inclusion of Speck in Kernel 4.17 because Google is going to provide Speck as an option for dm-crypt and fscrypt on Android.

The focus is on providing encryption on Android Go, an Android version tailored to run on entry-level smartphones. As of today, these devices are not encrypted because AES is not fast enough for the low-end devices.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by DannyB on Friday August 10 2018, @05:04PM (29 children)

    by DannyB (5839) Subscriber Badge on Friday August 10 2018, @05:04PM (#719975) Journal

    It's not the actual algorithm that NSA cares about. They don't even care about getting their algorithm into the kernel.

    What NSA wants is to get their implementation of anything complex into the kernel. Large complex and obscure code is a great place to hide exploits. Even if it is not in the initial implementation. There may be patches in the future which are complex and difficult to understand. Something that looks like a tight inner loop doing some plausible processing could be some kind of side channel hardware attack of the spectre variety. Or who knows what secret combination of instructions could wake up something in your good friend the Intel Management Engine.

    But maybe I'm being too paranoid. There simply is No Such Agency that would want to compromise the Linux kernel. After the Snowden revelations, nothing seems too paranoid anymore.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Moderation   +4  
       Insightful=3, Interesting=1, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1, Informative) by Anonymous Coward on Friday August 10 2018, @05:06PM (15 children)

    by Anonymous Coward on Friday August 10 2018, @05:06PM (#719976)

    You might be right, but still: You're just saying.

    • (Score: 1, Interesting) by Anonymous Coward on Friday August 10 2018, @05:21PM (2 children)

      by Anonymous Coward on Friday August 10 2018, @05:21PM (#719985)

      The actual question(s) should be:

      Can I compile my own kernel without any part of this easily (i.e. a simple flag such as SPEC_AND_SIMON=NO)

      Is this implemented entirely as a KLM (that I can block/remove/disable)? If not, why not?

      • (Score: 0) by Anonymous Coward on Friday August 10 2018, @05:32PM

        by Anonymous Coward on Friday August 10 2018, @05:32PM (#719989)

        Can I compile my own kernel without any part of this easily (i.e. a simple flag such as SPEC_AND_SIMON=NO)

        Yes.

        Is this implemented entirely as a KLM (that I can block/remove/disable)?

        Yes.

      • (Score: 0) by Anonymous Coward on Friday August 10 2018, @05:33PM

        by Anonymous Coward on Friday August 10 2018, @05:33PM (#719991)

        The article mentions blacklisting the module, so it would appear to be built/buildable as one. And given that there's a flag for every other encryption algorithm that can be built into the kernel I'd assume there's one for speck as well, but I haven't built a 4.17 kernel yet so it's still just an AC speculating on the internet.

    • (Score: 5, Insightful) by edIII on Friday August 10 2018, @07:14PM (11 children)

      by edIII (791) on Friday August 10 2018, @07:14PM (#720027)

      He may be just saying, but he's saying it about the NSA. They deserve absolutely zero trust, and extreme suspicion for any of their activities. It's like saying that some guy likely wants to abuse a child for X reason, and you point out the hearsay and lack of evidence while completely ignoring that this same guy was already convicted of mass kiddie fucking. It may be a theory as to why the NSA is doing it, but it's not even paranoia anymore to say that the NSA fundamentally provides a disservice to the American people and they should be treated with heavy suspicion.

      Those assclowns had their chances. So many chances to do the right thing and increase the level of security in America's communications and computing in general. Instead, in every single case they chose to weaponize information for use against America's enemies, and ultimately against the American people as well. That's completely ignoring any kind of collusion with Microsoft and others to deliberately introduce weaknesses. We're just talking about bugs and exploits that they never bothered to responsibly disclose.

      What good does the NSA do again? For average Americans? Why should we ever trust them again? For that matter, considering this government talks about utterly stupid shit like "responsible encryption", why should we trust that the government would ever cooperate with establishing real security in computing?

      No, the U.S government has strongly established itself as the enemy of free computing. There's no paranoia involved. Just facts.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 2, Troll) by Anonymous Coward on Friday August 10 2018, @07:33PM (8 children)

        by Anonymous Coward on Friday August 10 2018, @07:33PM (#720039)

        Hi, rest of the world here. Fuck you and go vote for someone who's neither D nor R if you want change. The NSA at least has the courtesy to call their good chums at GCHQ to do the actual spying on you Murricans, because of your inalienable rights. These are magically invalid for the rest of the world, so us subhumans have to beware of getting our every digital move recorded and analyzed by what must be the most significant subversion of basic human rights in history.

        BTW please tell your non-D or R rep you want the NSA to take the FBI and DEA with them on the way out. More magic superpower agencies doing the same shit, just less public. While I think about it, write about that military of yours too. Your "defense" spendings make it quite clear this force is actually meant for aggression. You're quite lucky the rest of the world has not long done what must be done to an aggressor to achieve peace.

        enemy of free computing

        Free computing my ass. More like enemy of humanity. Please die.

        • (Score: 0, Informative) by Anonymous Coward on Friday August 10 2018, @09:40PM

          by Anonymous Coward on Friday August 10 2018, @09:40PM (#720077)

          What a sad, sad deluded individual you are. You live in a bubble that you think you represent the rest of Americans. Take your own advice.

        • (Score: 4, Interesting) by requerdanos on Friday August 10 2018, @10:13PM (2 children)

          by requerdanos (5997) Subscriber Badge on Friday August 10 2018, @10:13PM (#720086) Journal

          go vote for someone who's neither D nor R if you want change. BTW please tell your non-D or R rep you want the NSA to take the FBI and DEA with them on the way out.

          That's sage advice [freworld.info]. We have a climate here where people say "bipartisan" and instead of understanding that it means "R and D closing ranks against you", believe that it means "neutral". It doesn't.

          Then we have people who, when you say "the rest of the world", think you mean "the rest of America", which is about the general level of sophistication of the voters that needs to grasp that when the elected positions change, the government doesn't change (just figureheads and legislators), because the government is executed through a multitude of agencies whose staff will change by perhaps two to three persons if that after even a presidential election.

          To roll back the changes that brought about comprehensive NSA domestic spying, we have to build a government with neither R nor D in charge. It's honestly been slow going so far. I don't think that the fact that it even affects the Linux kernel is going to swing many votes, either.

          • (Score: 0) by Anonymous Coward on Friday August 10 2018, @10:23PM (1 child)

            by Anonymous Coward on Friday August 10 2018, @10:23PM (#720093)

            Funny how we can agree here while stabbing each others with shivs in that other discussion. Ah, the joys of AC :)

            • (Score: 2) by requerdanos on Friday August 10 2018, @10:34PM

              by requerdanos (5997) Subscriber Badge on Friday August 10 2018, @10:34PM (#720101) Journal

              When you're right, you're right; I'd agree with you here even if both threads were under your name. I was serious in thanking you for your cultural perspective.

        • (Score: 2) by MichaelDavidCrawford on Saturday August 11 2018, @04:38AM (2 children)

          by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Saturday August 11 2018, @04:38AM (#720216) Homepage Journal

          The DOD was at one time called the "Department Of War", but then war went out of style.

          --
          Yes I Have No Bananas. [gofundme.com]
          • (Score: 2) by maxwell demon on Saturday August 11 2018, @07:03PM (1 child)

            by maxwell demon (1608) on Saturday August 11 2018, @07:03PM (#720340) Journal

            So how long until they rename it to “Department of Peace”?

            --
            The Tao of math: The numbers you can count are not the real numbers.
            • (Score: 2) by DannyB on Sunday August 12 2018, @01:13AM

              by DannyB (5839) Subscriber Badge on Sunday August 12 2018, @01:13AM (#720394) Journal

              It's Department of Piece. How big of a piece of the government pie can you get?

              --
              People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 2) by DannyB on Sunday August 12 2018, @01:16AM

          by DannyB (5839) Subscriber Badge on Sunday August 12 2018, @01:16AM (#720397) Journal

          Hi, rest of the world here.

          Dear rest of the world,

          You only constitute a mere 95 % of the world population. Yet you expect Americans to believe that there are actually other countries or people outside the US.

          (95% = google US population, google world population, divide)

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 0) by Anonymous Coward on Saturday August 11 2018, @07:42AM

        by Anonymous Coward on Saturday August 11 2018, @07:42AM (#720247)

        What good does the NSA do again? For average Americans?

        SELinux isn't that bad.

        In contrast I'm finding it hard to figure out what good the CIA has done... And the CIA certainly have done a whole lot more evil than the NSA.

      • (Score: 0) by Anonymous Coward on Saturday August 11 2018, @11:54AM

        by Anonymous Coward on Saturday August 11 2018, @11:54AM (#720282)

        you point out the hearsay and lack of evidence while completely ignoring that this same guy was already convicted

        Not convicted. The evidence has been circulating in public for years, and is not even disputed, yet there has been not a single arraignment.

  • (Score: 1, Informative) by Anonymous Coward on Friday August 10 2018, @05:37PM

    by Anonymous Coward on Friday August 10 2018, @05:37PM (#719994)

    It's not the actual algorithm that NSA cares about. They don't even care about getting their algorithm into the kernel.

    What NSA wants is to get their implementation of anything complex into the kernel. Large complex and obscure code is a great place to hide exploits.

    If you don't want to run this code, don't enable it.

    Linux has dozens upon dozens of crypto algorithms implemented. Some of them are probably insecure and/or buggy. As a general rule, I suggest not enabling any code you don't plan to use.

  • (Score: 2) by dast on Friday August 10 2018, @06:31PM (4 children)

    by dast (1633) on Friday August 10 2018, @06:31PM (#720016)

    Uh, I hate to break this to you, but there's been plenty NSA code in the Linux kernel for years.

    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/rhlcommon-appendix-0005.html [redhat.com]

    Thankfully it looks like Spec will be just another module, so we can remove it.

    • (Score: 3, Insightful) by Runaway1956 on Friday August 10 2018, @07:16PM (3 children)

      by Runaway1956 (2926) Subscriber Badge on Friday August 10 2018, @07:16PM (#720028) Journal

      SELinux has been around for quite awhile now. Countless people have evaluated it, some quite rigorously, others less so. To date, SELinux has passed muster with just about everyone.

      And, all of that has nothing to do with the fact that government in general, and the NSA in particular, abhor privacy and secrecy among the population at large. Privacy and secrecy are only for government, and for a small number of elite individuals.

      NSA and other government agencies have done a lot of good things for today's internet and computing - and they've also done plenty of bad things. Asking people to "trust the government" because that government did something good a few years ago seems rather foolish. If the creepy old man gave a bunch of children some candy, would you advise the children to trust the creepy old man?

      So, yes, you're right - there IS NSA code in Linux. That is no reason to TRUST the NSA.

      • (Score: 2) by bob_super on Friday August 10 2018, @07:44PM (1 child)

        by bob_super (1357) on Friday August 10 2018, @07:44PM (#720044)

        > SELinux has been around for quite awhile now. Countless people have evaluated it, some quite rigorously,
        > others less so. To date, SELinux has passed muster with just about everyone.

        Don't you know that the Illuminati Masons - Lizard Branch arranged for all those people to lie to you about the backdoors, a Global Secret Agreement to keep spying on all populations ?

        • (Score: 1, Touché) by Anonymous Coward on Friday August 10 2018, @08:36PM

          by Anonymous Coward on Friday August 10 2018, @08:36PM (#720060)

          Your cheap jab at "conspiracy theorists" is misplaced. Snowden docs proved that "conspiracy theories" about the NSA were not just true, but that reality was worse than some of the wildest speculations.

          Are you asserting that underhanded code hidden in something as large and complex as SELinux would be ovious to any serious code auditor?

      • (Score: 3, Insightful) by Joe Desertrat on Friday August 10 2018, @10:29PM

        by Joe Desertrat (2454) on Friday August 10 2018, @10:29PM (#720096)

        And, all of that has nothing to do with the fact that government in general, and the NSA in particular, abhor privacy and secrecy among the population at large. Privacy and secrecy are only for government, and for a small number of elite individuals.

        You can also add that corporations like Google and Facebook abhor privacy and secrecy among the population at large. Google, after all, is the one requesting this be included in the Linux kernel so they can implement it in Android.

  • (Score: 4, Insightful) by epitaxial on Friday August 10 2018, @07:51PM (2 children)

    by epitaxial (3165) on Friday August 10 2018, @07:51PM (#720046)

    The many eyes argument died with Heartbleed.

    • (Score: 0) by Anonymous Coward on Friday August 10 2018, @11:03PM (1 child)

      by Anonymous Coward on Friday August 10 2018, @11:03PM (#720116)

      did someone say buttes?

  • (Score: 3, Funny) by JoeMerchant on Friday August 10 2018, @08:04PM (1 child)

    by JoeMerchant (3937) on Friday August 10 2018, @08:04PM (#720053)

    Seems simple enough to switch out the NSA module for people who aren't using the Google products that depend on it.

    All in all, this feels to me like putting a page with a giant swastika on it into the Talmud... harmless, even if it is offensive.

    --
    🌻🌻 [google.com]
    • (Score: 0) by Anonymous Coward on Saturday August 11 2018, @03:22AM

      by Anonymous Coward on Saturday August 11 2018, @03:22AM (#720184)

      putting a page with a giant swastika on it into the Talmud

      That would not fit in well. Talmud is extremely racist and teaches racism and the supremacy of the jewish race (not khazar race) over everyone else. The Swastika is an ancient symbol of peace. Jews being murderous satanists are about anything but peace...

      harmless, even if it is offensive

      It would be offensive to the Swastika being placed in a book that came out of the gutter.

  • (Score: 3, Insightful) by PinkyGigglebrain on Friday August 10 2018, @08:58PM

    by PinkyGigglebrain (4458) on Friday August 10 2018, @08:58PM (#720067)

    As was once said; "Your only paranoid if they are NOT out to get you".

      As we have seen lately the NSA and other TLAs seem Hells bent on getting everyone they can, so unless you also think the door knobs or "Welcome" mats are out to get you as well you are most definitely not paranoid. You've just been paying attention.

    --
    "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
  • (Score: 2) by sjames on Sunday August 12 2018, @11:26PM

    by sjames (2882) on Sunday August 12 2018, @11:26PM (#720726) Journal

    After this [arstechnica.com] incident, I wouldn't put that past the NSA at all.