25 December 2013
12 Ways of NSA Suspicion
1. Partridge in a Pear Tree
I don't mean to call people names. I'm only using Cookie's post as a recent
example, of which there are many. Cookie Cutter clearly doesn't want to switch
to scrypt, which AFAIK any non-dork can tell improves security against common
real attacks, which far outweighs Cookie's concerns about side-channel attacks,
and OMG, what was that crazy rant about sprinkling secret data all over RAM?
It's just the output of a respected stream cipher! From where I'm sitting,
Cookie's position is so lame, it makes me think he may be getting paid to
So, is Cookie a dork or a shill? Do we live in a world where we can't chat
intelligently about security because of NSA shills, or is the world really
full of that many dorks?
2. Turtle Doves
How can an untraceable pseudonym, such as me, post to a forum?
(Don't say Tor -- Tor is connection based and deliberately low-latency, so
the source can be identified with IP packet correlation attacks. Untraceable
pseudonyms use anonymizing remailers, which are message-based and deliberately
3. French Hens
It's not publically documented, but I hear TSMC added extra transistors to
some Xilinx FPGAs, and the last I heard, no one had figured out what they
On Tue, Dec 24, 2013 at 2:43 AM, wrote:
On 23/12/13 19:20 PM, wrote:
... And everyone is trying to reverse-engineer everyone else's designs. All
the underpinnings are there. And various parts of the US military and security
establishment are quite aware - have, in fact, talked publicly about - the
problem of "spiked" chips making it into their supply chains.
Aha. So, are there any case studies of this actually happening? This might
shed light on the RDRAND question. If we had a documented case of (say) the
Chinese slipping spiked chips in to one of the hot USAF toys, then we'd have
some sense of how likely this is.
Yet another arms race.
Papers, conferences, budgets, hype, FUD, gosh.
4. Colly Birds
Please do not email me anything that you are not comfortable also sharing
with the NSA.
5. Gold Rings
There's multiple archives of this mailing list, and starting you own is trivial:
IMO ease of archiving and ease of passing around archives is one of the biggest
strengths of mailing lists.
I'm in the Bitcoin community and we keep on talking about fully decentralized
backends to mailing lists/usenet replacements, but until something like that
is implemented, best to stick with the tried and true mailing list. When
something like that is implemented, it's gonna look rather like a mailing
Mailing lists are great infrastructure: a pragmatic centralized core to push
messages around/moderate, and a whole host of decentralized infrastructure
around them like multiple archiving services and a wide variety of client
software to interface with.
I also note that it's a pain in the butt to PGP sign message board posts,
this is Cryptography after all...
https://en.bitcoin.it/wiki/Fidelity_bonds - Disclaimer: I invented them.
Also "Just use fidelity bonds!" is a standard joke in the Bitcoin developer
community, and for good reason.
I don't think a backdoor is likely to survive a serious audit. Code audits,
done right by competent people, are tough.
Though, done right, they are expensive.
If crypto code is open source, most people will use it without careful
examination on the assumption that someone else is going to audit it.
But, some people, relying on that code, *are* going to audit it.
9. Ladies Dancing
In any case, as others have pointed out here: Until Snowdonia, the general
attitude of big business - the customers for BSAFE - would have been "I don't
care that the NSA can read my stuff, they're the good guys, they don't get
involved in commerce, I have nothing to hide from them."
There is historical precedent on switching to old tech. The Battle of the
Bulge was a surprise attack because Adolf Hitler -- himself only, and not
his generals -- did not trust the crypto and comms anymore. He got suspicious
about how many battles were going the enemy's way.
In his last roll of the dice, Hitler sent all the orders by motorcycle riders.
11. Pipers Piping
> It's an interesting question, and one worth studying for
> motives. From my experiences from both sides, it is clear that both
> failed. But for different reasons.
> Hence, I've concluded that email is unsecurable.
Obviously. It will never be able to escape the non-body header content and
third party routing, storage and analysis with any form of patching over
today's mail. And it's completely ridiculous that people continue to invest
[aka: waste] effort in 'securing' it. The best you'll ever get clients down
to is exposing a single 'To:' header within an antique transport model that
forces you to authenticate to it in order to despam, bill, censor and control
That system is cooked, done and properly fucked. Abandon it. What the world
needs now is a real peer to peer messaging system that scales. Take Tor for
a partial example... so long as all the sender/recipient nodes [onions] are
up, any message you send will get through, encrypted, in real time. If a
recipient is not up, you queue it locally till they are... no third party
ever needed, and you get lossless delivery and confirmation for free. Unmemorable
node address?, quit crying and make use of your local address book. Doesn't
have plugins for current clients?, so what, write some and use it if you're
dumb enough to mix the old and new mail.
The only real problem that still needs solved is scalability... what p2p
node lookup systems are out there that will handle a messaging world's population
worth of nodes [billions] and their keys and tertiary data? If you can do
that, you should be able to get some anon transport over the p2p for free.
Anyway, p2p messaging and anonymous transports have all been dreamed up by
others before. But now is the time to actually abandon traditional email
and just do it. If you build it, they will come.
12. Drummers Drumming
With open source code the NSA would be foolish to install a true back door.
i.e. The NSA would be foolish to assume that they could craft a side door
in open source code that would withstand the scrutiny of another nations
security agency (ANSA). The folk I have encountered that work there (short
and old list) are not foolish or stupid. Their data integrity folk are darn
I can see weaknesses to establish a class of ability or a time window. For
example in the days that RSA and the NSA negotiated the $10M contract FPGA
and ASIC attacks were the tools of a rare and limited set of nations and
corporations. My memory may be fading but I recall this time frame and believe
I heard "smart" folk indicate that this was not clearly beyond the tools
of the spooks but was beyond the tool reach of even organized crime at that
time. Key concept "at that time".
I make weakness level security decisions all the time. I do not have the
world's strongest lock on my home. I have also not replaced the locks on
my car. My gym locker lock is an easy to open high school grade combination
padlock. Most of these locks I can still open with my eyes closed in moments
the same as I could back in high school.
Down the road is a high voltage transformer with a lock on it. OK it looks
like a lock but is a seal in the shape of a padlock. It is made of aluminum(?)
for the most part and is designed to be cut off with cutters. The same as
used to cut heavy aluminum and copper cables. It is tamper evident, it should
withstand an attack for a little bit of time with a hammer or bashing with
a rock. If a teenager busted in and fried his little brain till it burst
the power company clearly is not maintaining an attractive nuisance. There
is no master key to be lost. It could be made of more durable material like
hardened steel and more but it does not need to be.
My thoughts on this is that if you wish to be NSA proof you have some work
All of this does take me to a couple places:
First is a reminder of the Morris worm attacks. The Dad wrote a book and
none in the community addressed these design flaws and bugs Jr. crafted a
worm that escaped or was let free on the world. Not zero day, no criminal
element, no national security enemy. The BSD folk seem to have learned this
Second: "Target"... clearly criminals were involved , national interests
& government sponsored... not likely. The Price tag of the breach at
Target is possibly astounding. Some credit card companies have eviscerated
their limits to limit their risk. All they have to do is write a report....
"if Used @ Target establish limits and throttle the limit of abuse and
liability". There are many lessons to be learned here.
Third: can wait for the new year.
Forth/Fourth: All things are not equal and too many take two things as all
the proof needed to take a product to market. Code reviews and code review
tools need work today. The bad guys are looking at the same code you have.
Clear, precise, testable.... etc... It is interesting that the word code
is used in so many ways.