NSA might be behind weakening of Android Random Number Generator problem

[piotr_n]

Did the NSA plant the flaw?  Seems unlikely.

Were they aware of the flaw, and could have included it in their suite of tools?  Absolutely.  NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.

I think it is unlikely that people working for NSA would have discovered an exploitable bug, before people who don't work for NSA.
Personally I don't find the kind of people that work for intelligence agencies as particularly intelligent - if they were intelligent, they would have had an honest job.
So IMO, NSA employees have much lower chance to find security holes in open source code than the rest of the world.

Therefore, I still think that a more likely theory would be that they planted a backdoor there, just making it look like a bug - such a thing does not requite a lot of skills.
Though it is quite possible, as gmaxwell suggested, that they would do it through a planted employees, and not necessarily by pushing on Google from the top, or bribing it.
Not because Google is so honest that it would not let them, but rather because hiding it would have been much harder then.

Either way, as the bitcoin users, it taught us a good lesson - I think what we've learned from it was totally worth it.
It will make us much more careful in a future with trusting third party software, especially such that comes from US based corporations.
And yet I am still using CryptGenRandom in my bitcoin wallet software...

[1713244809]

1713244809

[1713244809]

1713244809

[1713244809]

1713244809

[jgarzik]

I think it is unlikely that people working for NSA would have discovered an exploitable bug, before people who don't work for NSA.
Personally I don't find the kind of people that work for intelligence agencies as particularly intelligent - if they were intelligent, they would have had an honest job.
So IMO, NSA employees have much lower chance to find security holes in open source code than the rest of the world.

I disagree completely with this assessment.

So much so that it makes me wonder about bitcointalk PsyOps

[Valle]

This is something we (now) have to consider, if you already hadn't. In the interview a few weeks or month back on Let's Talk Bitcoin with the computer scientist who discovered the low entropy of the android based random number generator that was generating 9 bits (and not 256, if I remember correctly) of entropy he stated he found 2 points of weakness and it was VERY suspicious to him.

No, it was 64 bits of system wide entropy. It is quite different thing compared to 9 bits.

[piotr_n]

I think it is unlikely that people working for NSA would have discovered an exploitable bug, before people who don't work for NSA.
Personally I don't find the kind of people that work for intelligence agencies as particularly intelligent - if they were intelligent, they would have had an honest job.
So IMO, NSA employees have much lower chance to find security holes in open source code than the rest of the world.

I disagree completely with this assessment.

So much so that it makes me wonder about bitcointalk PsyOps

You might be right. As they say; everyone perceives others through who they are themselves.

From my perspective, I consider myself smart enough to not need being any spy agency whore.
But others - they might find it as a noble occupation, especially if it pays well...

I must say that I personally don't know any people who would admit working for a secret service, so I have no statistical data whatsoever to support my thesis that they are all stupid.
But at the other hand I know a few people who are definitely smart and would never agree to work for a secret service nor a military industry.

[justusranvier]

NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.

The public would never know if this tool reports everything it finds, or if it keeps certain bugs to itself:

https://scan.coverity.com/

Coverity Scan™ was initiated with the U.S. Department of Homeland Security in 2006 to help improve open source software quality and security. Coverity now manages the project as a free service to the open source community.

[hennessyhemp]

NSA most certainly reviews software -- open and closed source -- to find bugs they may exploit at a later date.

The public would never know if this tool reports everything it finds, or if it keeps certain bugs to itself:

https://scan.coverity.com/

Coverity Scan™ was initiated with the U.S. Department of Homeland Security in 2006 to help improve open source software quality and security. Coverity now manages the project as a free service to the open source community.

Correct me if I'm wrong...but this page seems like Coverity is overwhelmingly closed source...->

http://www.coverity.com/end-user-licenses/index.html

Which would indicate to me that the post above could very well be accurate...the checks and balances program has no open source checks and balances, thus the directives given could have built-in loopholes that a developer wouldn't even be aware they were introducing.  Reminds me of that movie...the net, except smarter than being the anti-virus company...it's the anti-virus company's anti-bug company, a wholly owned subsidiary of HS/NSA.  Which to most people means shit-all...which is the point.

[apetersson]

I am very suspicious about this issue.
My assumptions:

Very large bodies of software are written badly. Even an absolute majority of software. this is not a conspiracy, it's a sad fact of life.
Errors are generally only fixed if someone complains about it. (QA or customers)
Various TLA are actively looking for flaws in crypto systems.
If they find one, they exploit it secretly and do not report it, so the flaw can stay there for a long time.
a semi-weak RNG is the best angle, short of a root backdoor, to total control, especially if you already sit on a big pipe, listening, because it makes all crypto futile.
a semi-weak RNG is better than completely broken, because powerful TLA's can break it, random hacker guy can't. so it is still perceived as secure.
it is a fact that TLA's employ vast amounts of mathematicans, which suggest they are a few years advantage than the unwashed masses.
-----------
my personal conclusions:
don't trust any hardware RNG exclusively.
DO audit the full stack of RNG and crypto libs, if you see something say something, even if you think it sounds stupid.
hardware "accellerators" for crypto, AES or RNG - provide a very obvious angle for attack, use software alternatives if possible.
don't assume "it is a NIST standard, so it must be OK"
---------
"Errors are generally only fixed if someone complains about it. (QA or customers)" - this is the part where it becomes interesting to look at bitcoin. people DO complain when their money gets stolen. the world can thank us later.

[carborundum]

Yes, I agree. NSA and dictator Obama are behind this.

My real point, if it is not clear, is EXTREME EFFORT should be spent in looking at these interfaces between our the cryptographic security (e.g. SHA256) and it's technical implementation.
The "back doors" or "weak points" will be in plain site and easily overlooked. e.g. - The android random number generator.
We patch these weak points or saboteured areas, and we will be good.

IAS

The problem is that these backdoors could be hidden in plain sight, and we may never find them.

Why bother with software when you can just stuff hardware backdoors into the cpu.

[Carlton Banks]

it is a fact that TLA's employ vast amounts of mathematicans, which suggest they are a few years advantage than the unwashed masses.

Sure, security services employ them, but the implying of their advanced capabilities is both unprovable and told to us by an unreliable actor. They have a strong motivation that the vast majority of us finding ourselves unable to prove their claims should be led to believe these unfalsifiable suggestions.

"Errors are generally only fixed if someone complains about it. (QA or customers)" - this is the part where it becomes interesting to look at bitcoin. people DO complain when their money gets stolen. the world can thank us later.

I am very fond of this observation. Nothing will concentrate so many minds on the base mathematics of ECDSA and SHA-2, and their algorithmic implementations, like a successful cryptocurrency system run on a worldwide public network. Something tells me that, and forgive me for making what seems like a prosaic observation, that this is very much the beginning of the story of the developing world financial infrastructure. We have a spectacular design to build on for now, but even those that can see far and wide with respect to world developments never predicted the importance of something like the cryptocurrency concept, even the science fiction writers gloss over any details of systemic changes, they just assume there will be a change and treat the design concepts and popular movements that could propagate them as given, that they could never warrant their own story or have a revolutionary impact to explore in their fiction.  

[BradZimdack]

Why bother with software when you can just stuff hardware backdoors into the cpu.

I've been thinking about this too.  Does anyone here have sufficient expertise to comment on the likelihood or practicality of cryptographic exploits built into off-the-shelf hardware (CPU's, motherboards, etc.)?

[markm]

Some cryptos proposed for approved use by agencies other than the actual NSA itself and maybe various "codeword" operations or agencies that administer such operations had/have mysterious "magic numbers" in them that caused some mathematicians to wonder whether those numbers were actually keys themselves. That is, authors can claim the number happens to be one carefully prepared to make the rest of the algo optimal but maybe only optimal if you (and everyone else) do not know its keypair partner (maybe in some completely classified/codeword not-published clever keypair scheme).

I googled these links:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

His face looks familiar so I think his site might be where I had read about backdoors built directly into crypto algorithms a while ago.

Haven't checked out who he really is though, is he a FUDdite or a respected cryptographer doing important work?

<tinhat>
According to Tom Clancy novels it is normal to pay software developers to put backdoors into code, heck the one I just re-read introducing President Jack's grown up son has him spying on banking system all over Europe thanks to all the banks using super secure stuff the NSA/CIA had at least a small hand in.

Heck after the terrorists nuked Denver would you even blame them? Its an undeclared war, afterall...
</tinhat>

Which is stranger, truth or fiction?

Which would it take to justify such things, world wars I and II, the cold war, the nuking of  denver, 9/11 or the 2012 embassy attacks? What if all those were real history? Or most of them, even?

-MarkM-

[kjj]

Anyway. Once the full details are made public you can review them and decide for yourself. Occam's Razor and all that. BTW hiding RNG faults in an open source OS is a really bad idea. The worst faults were in Jellybean, released end of 2012. Less than a year later the Bitcoin community discovered the issue. If that's the NSA's plan to undermine public crypto, they suck at it.

This (visibility) is the key point.

(I had more commentary, but the forums ate it.)

[markm]

Don't be so sure that you can't plant backdoors in open source software.

I used to pretty much assume that every time I run "yum update" or "yum upgrade" a CIA officer could be in some RedHat (or mirror site) office telling some techie "Yes, that's the guy. He gets the worm/trojan".

Basically that they could target, everyone else getting a perfectly normal copy of whatever thing they wanted me to have a backdoored copy of while I get the backdoor.

The only answer is extensive review and building robust systems which are not as vulnerable to single points of failure.  (On this regard, I'm kind of sad that none of the first wave of hardware wallets will target doing multisignature…)

As I went to post now though I wondered why I had "just assumed" they could do that, because of course they would need, for most packages, the developer to sign it, and presumably my system would expect whatever key it already has for that developer to match?

But think about it, surely somewhere in all the packages I install there must be at least one which RedHat "itself" signs?

So despite momentarily second-guessing myself (been awake too long I guess, bedtime soon for me I think) isn't yum an autobahn whereby RedHat can compromise my system to heck and gone any time the right agency persuades them the right way?

NOTE: In RedHat distros, "yum" is their equivalent of what other distros call "apt" or "apt-get": an auto install/update/upgrade too for installing packages.

-MarkM-

[jgarzik]

I used to pretty much assume that every time I run "yum update" or "yum upgrade" a CIA officer could be in some RedHat (or Mirror site) office telling some techie "Yes, that's the guy. He gets the worm/trojan".

Basically that they could target, everyone else getting a perfectly normal copy of whatever thing they wanted me to have a backdoored copy of while I get the backdoor.

Sure, they have the signing key after all.

There is a highly secured (note I did not say "secure") signing robot that signs packages after they are built on a build farm.

As long as you are "inside the moat" and appear to be a build machine passing along properly built RPMs, your packages will be robo-signed.

Same goes for most, if not all, other distros.  The signing takes place somewhere in the automated build system apparatus.

[markm]

Well its not like I never heard of the use of coloured hats as a symbolism, nor am ignorant of what lurks in Virginia.

I stuck with RedHat for much the same reason that I never moved my strategically important domains (knotwork.com and knotwork.net) from the original NIC when it changed its name to, or at least migrated the DNS services to, Network Solutions.  (One of the most expensive DNS providers, possibly Amway's might cost more but I think that is just itself Network Solutions too.)

Non-sequitur: I noticed today that we (brits, canucks, yanks, aussies and kiwis) are the new Groaci !!!

-MarkM-

[dexX7]

BTW hiding RNG faults in an open source OS is a really bad idea. The worst faults were in Jellybean, released end of 2012. Less than a year later the Bitcoin community discovered the issue. If that's the NSA's plan to undermine public crypto, they suck at it.

Assumed they achive to implement a flaw and keep it secret for almost a year within one of the most popular mobile phone operation systems.. I'd say that is pretty impressive.

Google, Apple, Yahoo and many more are directly involved. Microsoft seems to be completely compromised (ref #1, ref #2, ref #3) and this is only the tip of the iceberg. The situation is much worse. And there are many points of failure and possible attack vectors on almost every level. Just imagine how many different pieces of software and hardware are in use at the same time/frequently. Only one successful exploit might be enough to do something naughty, even if 139 others fail. Understanding this is absolutely critical. It doesn't matter how long one of them in particular lasts, if they constantly plant new seeds everywhere.

I'm aware that I'm mixing different topics right now, but I felt like this needed some special attention.

[Its About Sharing]

Don't be so sure that you can't plant backdoors in open source software.

I used to pretty much assume that every time I run "yum update" or "yum upgrade" a CIA officer could be in some RedHat (or mirror site) office telling some techie "Yes, that's the guy. He gets the worm/trojan".

Basically that they could target, everyone else getting a perfectly normal copy of whatever thing they wanted me to have a backdoored copy of while I get the backdoor.

-MarkM-

Some interesting ideas in this thread and this one seems quite believable. Keep it "open source" but plant upgrades into certain IP addresses. Do people have access to the upgrade systems of these open source software companies? Seems like a trusted download site would be a bit more secure, but anything is possible - man in the middle type of things are always there.

I imagine though, that the orders come from few and it certainly looks like the empire is having its challenges (e.g. Syria) to expand it's bringing of "Democracy" and "Stability", particularly the latter. All these wars now seem to be less about "winning" and more about just bringing instability. Not to go off tangent but I get the feeling, things are connected somehow. The software issue is probably key for very obvious reasons. And as others have mentioned, we can't forget hardware. (And how does one even look into it?)

It's About Sharing