LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   RSA (https://www.linuxquestions.org/questions/linux-security-4/rsa-4175488778/)

Guttorm 12-21-2013 09:07 AM
RSA
 
Hello

I just read this:

http://yro.slashdot.org/story/13/12/...r-10m-from-nsa

I can't really say I understand the details. But it looks like RSA does not deserve any trust anymore. When this Snowden guy managed to get all that stuff from NSA, how can we know other malicious people don't have access to the backdoors?

We have been using RSA keys for ssh login and I think for HTTPS for some servers. Is there anything we can or should do?

ntubski 12-21-2013 09:42 AM
Quote:
Originally Posted by Guttorm (Post 5085049)
But it looks like RSA does not deserve any trust anymore.
...
We have been using RSA keys for ssh login and I think for HTTPS for some servers. Is there anything we can or should do?
http://en.wikipedia.org/wiki/Rsa
Quote:
RSA may refer to:
...
RSA (algorithm), an algorithm for public-key encryption
...
RSA (security firm), a U.S. network security provider, a division of EMC Corporation
RSA the security firm may not deserve trust. RSA the algorithm used for ssh keys and HTTPS is fine (although HTTPS itself has some problems).

Guttorm 12-21-2013 01:12 PM
Thank you! We don't use any of the security firm's products.

metaschima 12-21-2013 01:54 PM
They weakened encryption by using the Dual EC PRNG, which is known to be backdoored by the NSA, and is a NIST standard.

Quote:
An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.

RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.

RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

"The labs group had played a very intricate role at BSafe, and they were basically gone," said labs veteran Michael Wenocur, who left in 1999.

Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door."
http://www.reuters.com/article/2013/...9BJ1C220131220

So ntubski is right in that this is NOT about the RSA encryption algorithm, but rather about Dual EC PRNG.

The only thing this story really adds is a bribery charge between the NSA and the company RSA.

The backdoor was detected more than a year ago:
http://cyberwarzone.com/did-nsa-put-...ption-standard

metaschima 01-01-2014 01:50 PM
Here is something useful, a proof of concept for the Dual EC PRNG backdoor:
http://blog.0xbadc0de.be/archives/155
It leaks its internal state in 32 bytes of output. It was purposefully introduced as an NIST and FIPS standard by the NSA, and they paid off RSA to use it too.

Note that only the NSA can exploit the weakness that they introduced.

I'm looking forward to seeing more NSA-recommended crypto standards being taken apart to see what is underneath. Not that I can't imagine what is there.

metaschima 04-23-2014 11:51 AM
The NIST finally removes the compromised Dual_EC_DRBG from their recommendations.
https://www.techdirt.com/articles/20...ndations.shtml


All times are GMT -5. The time now is 10:44 AM.