SoylentNews is people
SoylentNews
from the deep-seated-insecurities-and-paranoia dept.
NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative
The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. The NSA's Eugene Myers has begun contributing SMI Transfer Monitor (STM) implementation code for the x86 processor. Myers works for NSA’s Trusted Systems Research Group, which according to the agency’s website, is meant to “conduct and sponsor research in the technologies and techniques which will secure America's information systems of tomorrow.”
Myers published a paper about STM last year on how NSA’s STM implementation could work. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.
In practice, the NSA could have also written the code in a less-than-secure way with vulnerabilities that are hard to detect without more experienced security researchers. Alternatively, the NSA could also update this implementation years later, when there are less eyes on the STM implementation and the update would no longer make headlines.
Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy. /s
(Score: 2) by pipedwho on Wednesday June 26 2019, @01:07AM
True. The way 'magic number' trap doors happen is to choose a 'random' number, but select (or generate) it to have a property that makes it either easier to brute force knowing the generation partials. When the number is supposed to be 'random', it should be taken from a public authenticated source or other standardised deterministic method.
For example, let's say an algorithm requires a large 4096 bit prime modulus. The defined standard modulus could be a huge randomly generated base with prime properties appropriate to the security of the algorithm. However, if the NSA generates that 'prime' where it is actually a composite made up of two 2048 bit primes, it could choose one of primes to be 'weakened' by having properties that significantly improve the ability to brute force a message/key exchange encrypted with said algorithm. A non-NSA attacker would have to first factor the 4096 'prime', which requires substantial effort and is not currently possible with today's technological state. And the NSA never needs to expose these keys outside their own systems.
This is why 'magic numbers' are frowned upon in the crypto world. The NIST standardised prime curves for ECDSA/ECDH are examples of this contention. The curves are 'random' prime curves that are used in all standard implementations. These curves are 'believed' to be secure, but there is no way to guarantee that the NSA hasn't carefully chosen them to allow them to be more easily brute force attack an encrypted message or key exchange. The numbers are huge (eg. 256bit, 512bit) making them very difficult to dissect in anything less than polynomial time (unless you already know the roots/weaknesses).