Schneier in the Guardian: all your coinz is belong to them?

[hashman]

Here's the relevant quote: 

"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."

That seems like a pretty serious allegation to me..  anything to it folks? 

source:

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

[virtualmaster]

A great article from a good specialist.
I find it very generous from him that he made his program passwordsafe open source.

[cypherdoc]

i found it amazing that someone like him would still be using Windows.

[Walsoraj]

Has Snowden commented on whether certain operating systems are more vulnerable to the NSA than others?

Also, does Snowden use Linux? If so, what distro?

[acoindr]

Here's the relevant quote:  

"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."

That seems like a pretty serious allegation to me..  anything to it folks?  

No, I believe what he means is the the latter options are more vulnerable to improper use. For example, people often use weak private keys, thinking they are safe. There is a thread even now about someone using a dictionary attack to find accounts with funds in them. Similarly, about the NSA using influence they've done the same thing with security recommendations for the open-source Android OS. That doesn't mean Android is directly vulnerable to them, because it's still open-source and can be scrutinized widely. This only means they may attempt to slip something in while still having plausible denial of intent.

i found it amazing that someone like him would still be using Windows.

I don't. A security/software expert is the only type of user I would recommend use Windows. I've used Windows for different things myself many years. I've never ran anti-virus software and have never had a virus.

Has Snowden commented on whether certain operating systems are more vulnerable to the NSA than others?

Also, does Snowden use Linux? If so, what distro?

I don't know if Snowden commented, but I can. Schneier has also hinted in the article. When it comes to any software, including operating systems, your best bet will usually be open-source, the more open the better. After reading that article I'd say as Bitcoin becomes more popular, and cryptography becomes more mainstream in general, it will become imperative users switch to Linux. Either that or the NSA needs to be severely scaled back or abolished. The probability they can compromise closed-source machines, like ones running Windows with backdoors or even OS X, is too great.

[CompNsci]

The probability they can compromise closed-source machines, like ones running Windows with backdoors or even OS X, is too great.

While there are closed source portions of OS X, the core is open-source Darwin.

[tvbcof]

i found it amazing that someone like him would still be using Windows.

Not at all.  It is not worth the hassle and bother to protect much of the work that any normal person does.  A person who has some understanding of the various threats will be perfectly comfortable using systems such as Windows OS, Google geo-tracking, etc, most of the time.  If not all of the time.

An interesting thing about the surveillance state apparatus is that it is actually counter-productive in the very few instance when it might be useful to attack a worthy (and thus dangerous) opponent.  This because someone who knows what they are doing can probably fool the algorithms and produce data which will discriminate them out of a suspect pool.  But the surveillance state apparatus is not probably so much about catching 'bad guys' as it is about mass intimidation of the general population.  Snowden assisted in this whether it was his goal or not...and I'm glad he did no matter what his motivations.  So far there have been no big surprises to those of us who have been paying attention over the years and take a conservative approach to security threats.

A relatively modest group effort to fight against state sponsored privacy attacks would be easy and effective I suspect.  It would involve an understanding of the systems through some combination of whistle-blowers and reverse engineering, and fucking with the system by poisoning it with bogus data.  We ('freedom fighters' if you will) do need a ground-up open-source set of solutions which spans the spectrum of hardware, firmware, and software though.  I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.

[ShireSilver]

Here's the relevant quote:  

"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."

That seems like a pretty serious allegation to me..  anything to it folks?  

No, I believe what he means is the the latter options are more vulnerable to improper use. For example, people often use weak private keys, thinking they are safe. There is a thread even now about someone using a dictionary attack to find accounts with funds in them. Similarly, about the NSA using influence they've done the same thing with security recommendations for the open-source Android OS. That doesn't mean Android is directly vulnerable to them, because it's still open-source and can be scrutinized widely. This only means they may attempt to slip something in while still having plausible denial of intent.

I took it to mean that he thinks that symmetric algorithms are less susceptible to publicly unknown attack vectors than elliptic-curve algorithms are. EC is newer and less well understood/analyzed, and he specifically mentioned that some of the selected constants used in the EC algorithms may have been intentionally weakened.

[acoindr]

The probability they can compromise closed-source machines, like ones running Windows with backdoors or even OS X, is too great.

While there are closed source portions of OS X, the core is open-source Darwin.

Yes, a better word for me to use there would be proprietary, which is what I'm most concerned as the the NSA can easily (apparently) intimidate companies to include backdoors.

I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.

Yep. I feel that's Snowden's biggest accomplishment. I don't think anybody has really been surprised about what type surveillance is possible; it's more that we now have factual evidence of the extent to which things are done that's making people take notice and say wow.

[Carlton Banks]

We ('freedom fighters' if you will) do need a ground-up open-source set of solutions which spans the spectrum of hardware, firmware, and software though.  I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.

And cryptocurrency is arguably an important part of our nascent toolkit, in that: how do you motivate talented engineers and programmers to abandon or avoid altogether the lure of working for totalitarian-centric central planners with only the long term rewards of decentralised, individually chosen networks as their payment? Payment in a form that encapsulates the ethos of these self-determinism enabling design goals that many would like from our new technology solutions would be ideal. We can't help but tempt the talented technologists away from the controlling classes as the crypto-currency meme is spread in a way that the underlying motivation of such a system is understood, it's self reinforcing as it succeeds.

[Remember remember the 5th of November]

i found it amazing that someone like him would still be using Windows.

Not at all.  It is not worth the hassle and bother to protect much of the work that any normal person does.  A person who has some understanding of the various threats will be perfectly comfortable using systems such as Windows OS, Google geo-tracking, etc, most of the time.  If not all of the time.

An interesting thing about the surveillance state apparatus is that it is actually counter-productive in the very few instance when it might be useful to attack a worthy (and thus dangerous) opponent.  This because someone who knows what they are doing can probably fool the algorithms and produce data which will discriminate them out of a suspect pool.  But the surveillance state apparatus is not probably so much about catching 'bad guys' as it is about mass intimidation of the general population.  Snowden assisted in this whether it was his goal or not...and I'm glad he did no matter what his motivations.  So far there have been no big surprises to those of us who have been paying attention over the years and take a conservative approach to security threats.

A relatively modest group effort to fight against state sponsored privacy attacks would be easy and effective I suspect.  It would involve an understanding of the systems through some combination of whistle-blowers and reverse engineering, and fucking with the system by poisoning it with bogus data.  We ('freedom fighters' if you will) do need a ground-up open-source set of solutions which spans the spectrum of hardware, firmware, and software though.  I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.

Considering how many Windows kernel hackers(good ones) there are, surely they would've noticed any backdoors by now!? Or running Windows in a VM and listening for strange outgoing connections?

[tvbcof]

We ('freedom fighters' if you will) do need a ground-up open-source set of solutions which spans the spectrum of hardware, firmware, and software though.  I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.

And cryptocurrency is arguably an important part of our nascent toolkit, in that: how do you motivate talented engineers and programmers to abandon or avoid altogether the lure of working for totalitarian-centric central planners with only the long term rewards of decentralised, individually chosen networks as their payment? Payment in a form that encapsulates the ethos of these self-determinism enabling design goals that many would like from our new technology solutions would be ideal. We can't help but tempt the talented technologists away from the controlling classes as the crypto-currency meme is spread in a way that the underlying motivation of such a system is understood, it's self reinforcing as it succeeds.

I'd say that Bitcoin is important in so far as it got more people thinking more deeply about the distributed and p2p aspects of systems, and how they fit into what I believe Schneier was alluding to when he said "The fundamental fabric of the Internet has been destroyed."

As for outspending TPTB, I doubt that there is much hope.  Indeed, probably the best thing that could happen for 'our side' is to have many smart people exposed to the inner workings of the machine.  It is a fast-track way to master the technology.  A certain (small) fraction will break out and become the most valuable players on the side that I favor.  That percentage can be increased if the dangers inherent in the surveillance apparatus which is being constructed are brought to the fore, and if it is seen as a generally good thing to lend strength to the 'right side' of a tug-of-war around these issues.  I doubt a profit motive is going to be a big factor for the more truly productive of these folks anyway.

[acoindr]

Considering how many Windows kernel hackers(good ones) there are, surely they would've noticed any backdoors by now!? Or running Windows in a VM and listening for strange outgoing connections?

Not really. Most people don't imagine they are being surveilled or have reason to be suspicious of their own equipment. Consider the article I linked above about the NSA keys being found in Windows:

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

...

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.

A third key?!

But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders.

It might be risky for the NSA to use some of its most invasive techniques, but not so much if nobody is expecting it. I think a lot of what the NSA was doing was based on a premise of an unaware/ignorant populace for targeting. I think they over estimated their ability to be perfectly discreet, though. They didn't expect one of Microsoft's developers to forget to strip the debugging label "NSAKEY"; they didn't expect Edward Snowden to leak documents. This doesn't surprise me. Governments are often inefficient/incompetent, and more so the bigger they are.

What Snowden has done is put everyone on guard, and as both he and Schneier point out in the article there are ways to defend effectively against this sort of thing. You just have to know to do it and how to do it.

[tvbcof]

Considering how many Windows kernel hackers(good ones) there are, surely they would've noticed any backdoors by now!? Or running Windows in a VM and listening for strange outgoing connections?

This is a good point in some ways, though 'kernel hacker' seems a bit out of place in this context Windows being closed source.  Even when Microsoft does source licenses I doubt that the recipient gets the whole ball of wax that is compiled into an official distro.  Several points:

 - I've done some cursory pcap analysis of my network and there is a lot of stuff floating around.  Someone who was more dedicate may or may not discover more...if there is anything much to discover that is.

 - It took a surprisingly long time for someone to discover Carrier-IQ.  It was not even very well hidden.  If the data were cloaked even a little it may have remained undetected to this day.  Relatedly, on the source code front, when Microsoft forgot to strip their service pack and released 'NSA_KEY' (and a researcher seemed to confirm things in binary search analysis) that was about as explicit as one could wish to see, yet it was still largely ignored by Joe Sixpack.  That was like 10 years ago IIRC.

 - I've run across stories of certain of the systems being used with kid gloves and much moderation due to the potential for detection.  I would not expect such systems (if they exist at all) to be activated except under high value target events and with significant care.

 - At this point we are likely in a stage where the chess pieces are being placed on the board and the game has not yet even begun.  It would be silly to tip one's hand at such a stage.  I'll bet that a lot of the more interesting capabilities lay completely dormant at this point.

 - FOSS OS's have been around long enough for it to be clear that OS-based back-doors were distinctly limited and for more robust possibilities to be under development for work against vaguely interesting adversaries.

[Carlton Banks]

We ('freedom fighters' if you will) do need a ground-up open-source set of solutions which spans the spectrum of hardware, firmware, and software though.  I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.

And cryptocurrency is arguably an important part of our nascent toolkit, in that: how do you motivate talented engineers and programmers to abandon or avoid altogether the lure of working for totalitarian-centric central planners with only the long term rewards of decentralised, individually chosen networks as their payment? Payment in a form that encapsulates the ethos of these self-determinism enabling design goals that many would like from our new technology solutions would be ideal. We can't help but tempt the talented technologists away from the controlling classes as the crypto-currency meme is spread in a way that the underlying motivation of such a system is understood, it's self reinforcing as it succeeds.

I'd say that Bitcoin is important in so far as it got more people thinking more deeply about the distributed and p2p aspects of systems, and how they fit into what I believe Schneier was alluding to when he said "The fundamental fabric of the Internet has been destroyed."

As for outspending TPTB, I doubt that there is much hope.  Indeed, probably the best thing that could happen for 'our side' is to have many smart people exposed to the inner workings of the machine.  It is a fast-track way to master the technology.  A certain (small) fraction will break out and become the most valuable players on the side that I favor.  That percentage can be increased if the dangers inherent in the surveillance apparatus which is being constructed are brought to the fore, and if it is seen as a generally good thing to lend strength to the 'right side' of a tug-of-war around these issues.  I doubt a profit motive is going to be a big factor for the more truly productive of these folks anyway.

I'm not suggesting these people would want riches beyond comparison, that's what the kind of deal that the incumbent system is trying to convince them they are looking for, but, before cryptocurrency gave us a financial system that is difficult to control, there was no permanent and reliable method of getting recompense to technologists who might want to break out. And like I said, the whole design ethos behind the Satoshi-model of cryptocurreny just exudes the ideological basis of a self-reliant, self determining developmental movement. It resonates with the purpose and the intent of a movement like that.

[ixne]

Here's the relevant quote:  

"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."

That seems like a pretty serious allegation to me..  anything to it folks?  

That statement is not an allegation. He says "prefer," not "omg public key cryptography is hacked!" It is well-established that public-key cryptography requires much larger keys than symmetric cryptography to achieve comparable levels of security.  Further, many public key systems rely on centralized databases to distribute public keys, which are vulnerable to man-in-the-middle attacks. That is the trade-off you pay for the convenience of encrypting something that can be decrypted by someone you may never have met (and therefore never have had the opportunity to securely trade the key necessary for symmetric encryption).

Bitcoin is very resistant to the latter, as the "database" is a public ledger distributed on every computer running a node. As for the former, it is a matter of perspective - very unlikely that the NSA has a practical (i.e., worth the effort) method of cracking a single address in a timely fashion, and every time you move bitcoins they would have to start from scratch with a new address.

[Abdussamad]

The reason he mentions constants and EC is because of this:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

[acoindr]

The reason he mentions constants and EC is because of this:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

Just as I suspected. The NSA pretends to be "helpful" while biasing systems to their favor (when possible). I imagine their contributions to the Android OS are similarly motivated.

The NSA Has Inserted Its Code Into Android OS, Or Three Quarters Of All Smartphones

Through its open-source Android project, Google has agreed to incorporate code, first developed by the agency in 2011, into future versions of its mobile operating system, which according to market researcher IDC runs on three-quarters of the smartphones shipped globally in the first quarter. NSA officials say their code, known as Security Enhancements for Android, isolates apps to prevent hackers and marketers from gaining access to personal or corporate data stored on a device. Eventually all new phones, tablets, televisions, cars, and other devices that rely on Android will include NSA code,

[Abdussamad]

^^ Well if you want to go there there is always se linux:

http://en.wikipedia.org/wiki/Selinux

Another NSA contribution.

[ArticMine]

I would trust Free Software / Open Source code written by the NSA or some other government agency long before trusting any propriety software particularly that written by Microsoft or Apple.

Ironically there is a far greater chance of an NSA backdoor in propriety software from Microsoft or Apple than in SE Linux or Security Enhancements for Android.