from the so-were-there-backdoors-in-old-encryption? dept.
The National Security Agency's cybersecurity chief has claimed that next-generation encryption standards under development in the US will be unbreachable, even by the American government's own spies. The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards.
"There are no backdoors," said Rob Joyce, the NSA's director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.
The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today's computers can't. But it's also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked.
[Related]:
EXECUTIVE ORDER 14028, IMPROVING THE NATION'S CYBERSECURITY
QUANTUM HEGEMONY ? China's Ambitions and the Challenge
Would you agree with the un-breachable encryption FUD that is being brandied about in this article ? If it is encrypted by humans, it can be decrypted by humans !!
(Score: 4, Funny) by HiThere on Monday May 16 2022, @03:03PM (7 children)
What else is there to say?
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 5, Insightful) by Immerman on Monday May 16 2022, @04:40PM (5 children)
Yep. And I absolutely believe them this time.
Sure they're an intelligence agency - which pretty much by definition means they're all trained in the most effective ways to lie, cheat, steal, and break laws with impunity. And sure they've been caught using those tactics domestically, even against their supposed bosses, in direct violation of their charter, and the laws that are supposed to keep them in check...
But they'd never lie to the American Public about something that would make their job much easier, right? Right?
(Score: 4, Interesting) by JoeMerchant on Monday May 16 2022, @04:52PM (4 children)
Yes, but why bother? NSA encryption standards, whether backdoored or not, are useful for communicating securely with parties who are compelled to use NSA standard encryption.
If neither communicating party is compelled to use NSA standard encryption - think of them then more as guidelines, maybe use the NSA standard encryption as one layer in a multi-layer scheme. If it's compromised, the layer(s) above and below it will make that compromise moot. If it's truly strong, and the other layers you have chosen are less strong, then it helps.
If either communicating party is compelled to use NSA standard encryption: game over. Unless you feel like breaking ranks and being identified as non-compliant, you do what you're told. Maybe slip another layer of encryption (and possibly steganography) inside the NSA wrapper, if both parties feel the NSA layer is uncomfortably exposed for any reason.
🌻🌻 [google.com]
(Score: 2) by Immerman on Monday May 16 2022, @06:36PM (3 children)
A better question is why do they bother saying it's not backdoored? Given the source, what sort of idiot would actually believe such a claim?
(Score: 3, Insightful) by JoeMerchant on Monday May 16 2022, @06:54PM (1 child)
What I expect to come out in 10-20 years is: "What we meant is that there's not a conventional backdoor in the sense of previous NSA backdoors which have been exposed. You see, at the time of the announcement, we were the only agency on the planet in possession of the para-quantum technology required to access the encrypted messages without knowing the keys, so it was safe for you to use because you can always trust us."
Kinda like Kenobi explaining his lie to Luke about Vader...
🌻🌻 [google.com]
(Score: 1, Interesting) by Anonymous Coward on Monday May 16 2022, @11:06PM
Are for when the hardware isn't backdoored.
They can get into every piece of hardware they need to thanks to signed firmware (making it impossible for the owner of the hardware to lock down or bypass), 'trusted' platform modules, and OS spyware. With those three features, why *WOULD* they need the encryption itself to be insecure?
The downside is: The data being protected by crypto is JUST AS VULNERABLE to foreign actors, for the same reasons compromised crypto would be. But they won't realize that until the first large scale attack akin to Conti or whatever it was called.
For the rest of us it is either stockpiling legacy hardware, or designing new equipment with FPGAs and simple components which have no firmware signing yet.
(Score: 3, Interesting) by VLM on Monday May 16 2022, @08:23PM
They got away with it exactly one time historically, AFAIK:
https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]
Nobody knows for sure if they tried this strategy other times and haven't gotten caught yet.
This is good reading:
https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number [wikipedia.org]
(Score: 2) by Rosco P. Coltrane on Monday May 16 2022, @04:52PM
The real meaning of this message is: they don't need a backdoor, as they probably have enough unencrypted data kindly provided by Big Data, and possibly enough computational power to break non-backdoored encryption.
(Score: 4, Troll) by negrace on Monday May 16 2022, @03:32PM (11 children)
1. All the previous standards had backdoors.
2. Nothing is gonna change.
(Score: 0) by Anonymous Coward on Monday May 16 2022, @04:00PM (4 children)
DES didn't have any backdoors and the NSA's actually improved it's security. It just sucked.
(Score: 2, Informative) by Anonymous Coward on Monday May 16 2022, @04:45PM
DES WAS the backdoor. NSA had it limited to the number of bits which they could break.
(Score: 1) by pTamok on Monday May 16 2022, @07:30PM (2 children)
Let me correct that slightly:
DES didn't have any backdoors that we know of, and the NSA's [sic] actually improved it's security. (Well, yes, they changed the S-box values to make the algorithm resistant to differential cryptanalysis.)
Stack Exchange: How were the DES S-box values determined? [stackexchange.com]
However, we still don't know if the NSA had/has a 'backdoor' for DES. It is probably academic, and the NSA can't prove a negative. There's no benefit to the NSA telling us if they had a backdoor for DES.
(Score: 3, Informative) by maxwell demon on Tuesday May 17 2022, @07:37AM (1 child)
Contraction of "the NSA has actually improved". Completely correct, no [sic] needed.
Improved its security. Possessive pronoun, not a contraction of "it is". Therefore no apostrophe.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @03:55PM
Insufficient of proofreading on my part on both counts.
(Score: 0) by Anonymous Coward on Monday May 16 2022, @05:20PM (5 children)
Granted, it was sponsored by the National Institute of Standards and Technology (NIST), not the NSA, but the NSA immediately adopted it after NIST did. Twenty years ago, NIST held an open, international competition to see who could come up with the best design, and a Belgian team won. There was nothing closed or nefarious in that process, and it's the most used encryption standard today.
(Score: 2, Informative) by pTamok on Monday May 16 2022, @07:42PM (2 children)
Well AES is a subset of Rijndael. Why choose a subset?
https://www.techtalk7.com/differences-between-rijndael-and-aes/ [techtalk7.com]
And while the algorithm has been pretty resistant to attacks, implementations have not: it turns out to be pretty difficult to write an AES encryptor that is not susceptible to side channel attacks/leakage; as are hardware implementations. So while brute forcing AES continues to be difficult, if you can monitor the hardware doing the encryption, it's less difficult than computing until the heat death of the universe to extract keys. The NSA have known about side-channel attacks for decades, so it is noteworthy that more attention is not paid to that attack method. Shades of "This vulnerability is not the vulnerability you are looking for.".
https://crypto.stackexchange.com/questions/19525/side-channel-attacks-on-aes [stackexchange.com]
Deep-Learning Side-Channel Attacks on AES [diva-portal.org]
Ease of Side-Channel Attacks on AES-192/256 by Targeting Extreme Keys [iacr.org]
Side Channel Attack On AES [pufsecurity.com]
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @12:07AM (1 child)
If the NSA are monitoring my hardware to that level they can already get my secrets in easier ways.
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @04:02PM
SPECTRE is a sufficient side channel, and it isn't just the NSA using it.
(Score: 2) by DannyB on Monday May 16 2022, @07:48PM (1 child)
When AES was developed, computing horsepower[1] was much more expensive than today.
While AES may still be secure today for most uses, attackers may be able to wield a much greater amount of brute force, or specialized attack force than they could twenty years ago.
If AES gets broken some day, then any saved up AES messages from the last twenty years are now compromised. Ah ha, so now we now where the bodies are buried!
[1]the amount of thinking one horse can do in one day
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 0) by Anonymous Coward on Monday May 16 2022, @10:24PM
I feel like you are all looking in the wrong place. I wonder if that is the whole point of the "no backdoors" in the algorithms. It makes you focus on the algorithms themselves. However, it is usually much easier to break the scheme or implementation. AES could be perfectly fine, but if the NSA knows the key, your implementation is wrong, or the server itself gives away the secrets, you are hosed anyway. As an example, there was a story here where an AES-1024 scheme was broken an AES-256 reduced to less than a textbook AES-128 despite the cryptographic algorithms working correctly and remaining unbroken precisely because of scheme and implementation problems.
(Score: 4, Informative) by Anonymous Coward on Monday May 16 2022, @03:32PM (2 children)
While I have no doubt that the NSA lies to us, and may be lying to us in this case, this premise is wrong. All modern encryption is based on the premise that some mathematical operations are asymmetrical. They are harder to perform in one direction than the other. The classic example of this is multiplication vs. factorization. It is much easier to multiply two small numbers to get a large number than it is to factor the large number back into the two small numbers. Cryptography exploits this by arranging for a calculation that is trivial for the encrypter/decrypter to perform but is not feasible for an attacker to perform with any reasonable amount of resources. As technology changes, the set of calculations that is feasible changes. But that does not change the fundamental premise that there are some calculations that are trivial for the encrypter/decrpyter, but not feasible in any practical way for an attacker.
It doesn't help that we keep calibrating the keys that we use to "it would take years for an attacker to crack this" to "it would take billions of years for an attacker to crack this" in order to save a little time and space for the encrypter/decrypter.
(Score: 0) by Anonymous Coward on Monday May 16 2022, @04:15PM (1 child)
256 bits entropy is resistant to brute force using the entire energy output of the sun from now until the heat death of the universe. For symmetric encryption that is all you will ever need. Asymmetric keys are harder to do so they need longer keys, but no key size is sufficient if the algorithm you are using is flawed or contains a deliberate back door like Dual ECC did.
The NSA used to work for better encryption, but ever since they were folded into Homeland Security they've become as bad as the CIA and FBI.
(Score: 0) by Anonymous Coward on Monday May 16 2022, @06:36PM
Thanks. Had to lookup that one:
https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]
(Score: 4, Funny) by Snotnose on Monday May 16 2022, @03:53PM (1 child)
This time you can trust us. Pinky swear!
Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
(Score: 2) by Runaway1956 on Monday May 16 2022, @06:30PM
I was honestly looking for that pinky swear. I believe now!!
(Score: 5, Insightful) by tangomargarine on Monday May 16 2022, @04:08PM (3 children)
These are the same guys who were ordered by Congress to stop spying domestically, then they got caught still doing it 8 months later or whatever it was. They clearly are not above a bit of blatant lying.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: -1, Troll) by Anonymous Coward on Monday May 16 2022, @05:24PM (2 children)
Congress, the President, and the administrative agencies lie. Why should NSA be held to a different standard?
(Score: 2) by tangomargarine on Monday May 16 2022, @10:13PM (1 child)
Yes, that's a great retort: "Well everything else in the government sucks, so why should I care that this specific aspect of the government sucks?"
Or how about we work on un-sucking it one piece at a time?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Monday May 16 2022, @10:37PM
Nuke it from orbit. It's the only way to be sure.
(Score: 4, Touché) by maxwell demon on Monday May 16 2022, @04:21PM (6 children)
Sure it can be decrypted by humans (or at least by computers), that's the whole point. The question is whether it also can be decrypted by those humans who don't have the decryption key.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by jasassin on Monday May 16 2022, @04:54PM (5 children)
Yeah, not really sure where he was going with that final statement. Perhaps whoever wrote that could elaborate?
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 3, Informative) by AnonTechie on Monday May 16 2022, @08:15PM (4 children)
I posted this story and based on what transpired before, I am not confident that any encryption standard would remain un-hackable. Here are some of the comments which led me to make that statement:
Also: The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms [schneier.com]
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 0) by Anonymous Coward on Monday May 16 2022, @11:44PM
$10m sounds kinda low for something like that. Perhaps they had some kompromat on the CEO.
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @12:19AM
Also: https://en.wikipedia.org/wiki/Clipper_chip [wikipedia.org]
http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html [cypherspace.org]
(Score: 2) by maxwell demon on Tuesday May 17 2022, @03:41AM (1 child)
There is a difference between an encryption standard being hackable, and backdoors being implanted in devices.
With backdoors in devices, it doesn't matter whether encryption is good, because you can read the data before it gets encrypted. That doesn't tell you anything about the encryption.
Now there is a danger that a backdoor gets inserted in the algorithm itself. But that can only be done by those who are involved in the development of the algorithm. Any algorithm not developed with the help (or other influence) of the NSA will not have NSA backdoors.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by jasassin on Tuesday May 17 2022, @05:08PM
This reminds me of the interview with Nils Torvalds about back doors and the NSA. He said that Linus was asked if he was ever approached by the NSA to put back doors in Linux, and Linus said no while nodding his head yes.
https://m.youtube.com/watch?v=wwRYyWn7BEo [youtube.com]
(About two minutes into the video.)
Considering how almost every Linux distribution has SElinux enabled:
https://www.nsa.gov/portals/75/documents/what-we-do/research/selinux/documentation/presentations/2005-flexible-support-for-security-policies-into-linux-os-presentation.pdf [nsa.gov]
I have little faith in the security of Linux. I’m not saying other operating systems are any different. You might recall someone finding an NSA key referenced in a Microsoft encryption related .DLL.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Monday May 16 2022, @04:49PM (4 children)
NSA doesn't stand for Nice Security Agency. Surely you don't doubt that they are laser focused on directing their dirty tricks to the right folks?
The more interesting thing here is making an encryption standard that is more quantum resistant. Aside from just being more complex, what does that mean?
(Score: 3, Insightful) by hendrikboom on Monday May 16 2022, @06:44PM
It probably means that factoring large numbers won't help crack it.
(Score: 2) by maxwell demon on Tuesday May 17 2022, @03:52AM (2 children)
It means that having a quantum computer won't help you in breaking it.
There are certain tasks where it is believed that the best algorithm on a classical computer is exponential, while there are known polynomial algorithms on quantum computers. The best known example is factoring numbers.
Now if your encryption relies on the difficulty of a task which isn't difficult on a quantum computer (such as factorizing large integers), then as soon as someone develops a scalable quantum computer, that person can immediately break that encryption.
Quantum-safe encryption means that a quantum computer does not have an exponential advantage in breaking it.
Note that quantum computers can speed up brute-forcing through Grover search, but that's polynomial improvement (classical search is O(N), Grover search is O(sqrt(N))) and therefore can easily be countered by doubling your key length.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @02:14PM (1 child)
Assuming that qc are a real thing that we will eventually have,
I can see that there are a few quantum algorithms that have been discovered that will provide the exponential advantage given qc.
But think back to the history of classic computers. Algorithms were discovered after the computers.
Should one expect other quantum algorithms to show up once qc becomes a thing?
If so, is there something more fundamental about qc which will make some encryption choices better than just avoiding the currently known algorithms?
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @04:16PM
Quantum computers already exist, they just aren't very powerful yet and are expensive. Both of those factors should improve over time.
Algorithms were known to the Babylonians by 2500BC [wikipedia.org].
We can and have analyzed quantum algorithms without quantum computers just like we could and did analyze classical algorithms without classical computers. Research has been ongoing since 1980.
Quantum supremacy [wikipedia.org] has not yet been proven, but we are still at the early stages. The biggest issue seems to be in actually building a quantum computer that is powerful enough to challenge classical supercomputers. If that proves infeasible then it won't matter if QC is technically more powerful than CC.
(Score: 4, Funny) by Rosco P. Coltrane on Monday May 16 2022, @04:50PM
I believe him more than I believe the NSA.
(Score: 4, Funny) by ElizabethGreene on Monday May 16 2022, @08:07PM (3 children)
If they hadn't said anything I wouldn't have wondered, but now I'm suspicious.
It's like when a politician says, "I did not molest any ducks." You just *know* there is a duck out there with a story to tell.
(Score: 5, Touché) by Runaway1956 on Monday May 16 2022, @08:52PM (1 child)
That's the thing though: the politician didn't molest any ducks. He was more into geese, turkeys, and pigeons. But, he has succeeded in making you look at ducks, so you won't look too closely at those other birds.
(Score: 1, Informative) by Anonymous Coward on Monday May 16 2022, @11:13PM
AKA Republican SOP
For the acronym challenged: Also known as Republican standard operating procedure
(Score: 1, Funny) by Anonymous Coward on Monday May 16 2022, @09:53PM
It is like the running joke on The Simpsons of Troy McClure insisting that he isn't banned from the Springfield Aquarium.
(Score: 0) by Anonymous Coward on Monday May 16 2022, @09:15PM
it's a endless swing back and forth:
"we're backdooring, terrorists and all."
all terrorist are dead or have busied themself with more constructive stuff.
then back to no-backdoor. then something happens.
back to "yup, need back door".
curious which PhD issuing department will figure out what the exact mechanisms are that precipitate these swings ...
(Score: 2) by inertnet on Monday May 16 2022, @11:19PM (1 child)
It's possible that technically he didn't tell a lie, but reading between the lines might reveal a backdoor, so to speak. Like: "There are no backdoors, but there's a revolving door that I won't tell you about."
(Score: 2) by maxwell demon on Tuesday May 17 2022, @07:43AM
From the summary:
So, maybe the flaw was accidental, but when they discovered it they decided to leave it in? So, not a backdoor according to that definition.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday May 17 2022, @05:04PM
... I wouldn't bother asking the NSA anything.
They're just not a source of useful information. Even if they tell the truth, you have no way of verifying it. It's rather like a magic 8-ball with a federal budget.
And that's also why I'd vote against any budget that funds them.