LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-31-2014, 07:09 PM   #1
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
NSA deeper into RSA then stated before


http://m.slashdot.org/story/200129

In short they now has a means to decrypt RSA keys tens of thousands of times faster.

What to replace RSA with for ssh keys and more?
 
Old 03-31-2014, 08:30 PM   #2
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 491Reputation: 491Reputation: 491Reputation: 491Reputation: 491
First of all, RSA encryption does NOT equal RSA the company. We're talking about the company here.

Second, the reuters article mentions only the Elliptic curve PRNG NOT the Elliptic curve encryption. Basically, the backdoor that was inserted was really just making RSA co. use the Elliptic curve PRNG, which is known to be extremely weak:
http://blog.0xbadc0de.be/archives/155
It was actually discovered in 2012:
http://cyberwarzone.com/did-nsa-put-...ption-standard

As for Extended Random, see:
http://dualec.org/
Quote:
We also discovered evidence of the implementation in the RSA BSAFE products of a non-standard TLS extension called “Extended Random.” This extension, co-written at the request of the National Security Agency, allows a client to request longer TLS random nonces from the server, a feature that, if it enabled, would speed up the Dual EC attack by a factor of up to 65,000. In addition, the use of this extension allows for for attacks on Dual EC instances configured with P-384 and P-521 elliptic curves, something that is not apparently possible in standard TLS. While the code implementing Extended Random was not compiled into our build of Share for C/C++, it was available (though deactivated) in the build of Share for Java that we analyzed. In the latter case, we were able to re-enable it and verify the functionality. Note that the attack times reported below do not take advantage of extended random.
Also see:
http://www.linuxquestions.org/questi...sa-4175488778/
 
Old 03-31-2014, 08:56 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by lleb View Post
In short they now has a means to decrypt RSA keys tens of thousands of times faster.
Unless I read things wrong I think that's a too sensationalist summary of things. First of all you need a "product" that includes the Dual Elliptic Curve Deterministic Random Bit Generator (some versions of Windows IIRC) and then the Extended Random protocol would have been a proposed addition to that.


Quote:
Originally Posted by lleb View Post
What to replace RSA with for ssh keys and more?
First of all there's a difference between RSA Inc the company (BSAFE SW, HW token) and RSA as in the algorithm. Secondly as you moved from OpenSSH-1 to OpenSSH-2 you should already have moved from RSA to DSA keys (http://www.snailbook.com/faq/ssh-1-vs-2.auto.html) and only use RSA when talking to systems that can't do DSA.
 
Old 04-02-2014, 07:49 AM   #4
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Original Poster
Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
Quote:
Originally Posted by unSpawn View Post
Unless I read things wrong I think that's a too sensationalist summary of things. First of all you need a "product" that includes the Dual Elliptic Curve Deterministic Random Bit Generator (some versions of Windows IIRC) and then the Extended Random protocol would have been a proposed addition to that.
good to know here.


Quote:
First of all there's a difference between RSA Inc the company (BSAFE SW, HW token) and RSA as in the algorithm. Secondly as you moved from OpenSSH-1 to OpenSSH-2 you should already have moved from RSA to DSA keys (http://www.snailbook.com/faq/ssh-1-vs-2.auto.html) and only use RSA when talking to systems that can't do DSA.
i thought dsa keys were considerably easier to crack then rsa? thankfully i am running OpenSSH-2 on all of my systems.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: RSA issues non-denying denial of NSA deal to favor flawed crypto code LXer Syndicated Linux News 0 12-25-2013 06:32 AM
NSA Paid Security Firm RSA $10 Million to install back doors. cwizardone Linux - Software 3 12-22-2013 08:13 PM
LXer: RSA: That NSA crypto-algorithm we put in our products? Stop using that LXer Syndicated Linux News 0 09-28-2013 12:14 AM
with RSA saying the NSA has put a backdoor in their code when lleb Linux - Security 9 09-21-2013 03:57 AM


All times are GMT -5. The time now is 12:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration