[ / / / / / / / / / / / / / ] [ dir / cumshop / fgo / leftpol / randamu / tacos / vg / vichan / yga ]

/tech/ - Technology

Winner of the 58rd Attention-Hungry Games
/8diamonds/ - Death can be a merciful thing

October 2018 - 8chan Transparency Report
Email
Comment *
File
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Flag
Oekaki
Show oekaki applet
(replaces files and can be used instead)
Options

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.


File: 57ad795d0ffa931⋯.jpg (196.36 KB, 900x506, 450:253, Backdoor-vulnerability-IT_….jpg)

 No.951488

 No.951492

File: aa373ac6864946e⋯.jpg (44.37 KB, 340x510, 2:3, 8uv4uewt.jpg)

Lol take off your tin foil hat!


 No.951495

>suspicions

Yes, suspicions. Until it can be proved that the encryption is compromised (and it hasn't been proved yet, despite there being a bunch of audits) then it's safe to use.


 No.951497

>>951495

That's not how safety works.


 No.951502

File: e25ebc11d2fe00e⋯.webm (366.75 KB, 640x360, 16:9, CIA-GLOW.webm)

Disable it. Install Gentoo or NetBSD.


 No.951508

Linux a shit. Get CP/M and run that on a Z80, not i386.


 No.951509

It's a weak form of encryption already. Why does it even exist in the first place?


 No.951513

<Users would rather have fast weak encryption than slow strong encryption

A false sense of security of having encryption is worse than having no encryption at all.


 No.951515

The thing is, nobody will break it but the NSA. So it's secure to a certain extent. Their argument is that it is designed to fit well within hardware and it is fast. I agree, but it's non-sense. Linux people don't really have a choice from where they stand but you do, you can patch up your own kernel. If you can't, learn how. If you don't want to then don't complain about the world being unfair. It's a game and if you're willing to play, better be aware of the repercussions.


 No.951517

>>951509

IoT faggots who want to telemetry you to death need to send a lot of totally non-invasive data about you to their servers and don't want you peeking, yet their boards are low power and shitty as to spy on you from your sneakers. AES is too heavy that, because it actually encrypts things. So they want a variable block and key algorithm that is more modern than the couple people have been using that feel like they were found written on the back of a napkin. The variability means the choice of rounds is extremely complicated (if you want it to meet some level of security) and is probably the most interesting piece. That the NSA dodged him on his attempts to get them to explain mean it's compromised.


 No.951519

Btw, the IoT guys only care that it works on their hardware, that it's a standard, and that it was an unmodified part of their stack, as their channel partners will require it. They don't care at all if it's actually secure. They exert force on Linux devs to get shit like this mainlined to satisfy their requirements. They're probably a much stronger force for bad software than shadowy NSA infiltrators.


 No.951526

you can always disable it or leave it compiled out. not a big deal, tbh


 No.951528

>>951497

>several audits

>no "backdoors" found

>it's safe

That's exactly how it works.


 No.951534

>>951515

>durr make your own kernel

lol


 No.951537

>>951519

If IoT isnt some dodgy backdoor then why are all the big companies pushing it despite everyone hating it and it having no applications?


 No.951538

>linux has this shit

>this is a shit encryption algorithm

don't use it?


 No.951540

>>951537

higher-ups see potential for selling information about people.

i don't know why big hardware companies allow google delivering their spying networks through their devices though


 No.951541

File: a1d3f187752ae8a⋯.jpg (125.4 KB, 973x1000, 973:1000, delet.jpg)


 No.951545

>>945871

or just not use a cipher made by people who are known to put backdoors in everything and your dog


 No.951547

>>951528

yes if you read ars and zdnet all day that would seem to be true


 No.951550

>>951534

Yes! Compile it yourself and remove what is known to have issues. Do it right and you won't have to do it often ...

IoT is a scam to get at least something connected in your or around you. If you're not into IoT devices, you're most likely to own something that will communicate with one at some point. Soon, all toasters and light bulbs will be connected. So, from the agency's perspective it's coming and they're trying to start running to jump on the wagon ... but the wagon hasn't arrived yet and they fell on their faces.

If you want to really be free of this BS, you ought to deepen your experience and work with the toys you play with. Or, stop playing.

Otherwise, if you trust scmucky Joe to secure your stuff, don't blame him for your ignorance. You should have known better.


 No.951555

>>951547

<it is a le botnet le backdoor

>but the audits haven't found any backdoors

<y-yeah but that don't prove nothin' they must PROVE there is NOT a le botnet le backdoor

That's you. That's how dumb you sound.


 No.951568

>>951537

People have accepted being spied on so everyone wants in on the action. It's a gold rush but you're the mine.


 No.951571

Can someone tell me which kernel setting it is, so I can disable it in the kernel config?


 No.951573

>>951555

>audits haven't found any backdoors

There was never a backdoor found in Dual_EC_DRBG, either. You'll never get proof of a backdoor without another Snowden. But when they're provably lying about the security of the algorithm and refusing to answer questions about the questionable parts or even state how they derived their values, you have to be an autist to not see what's going on.


 No.951582

>>951540

>>951568

Normally people would accept being spied on, in return for some killer app or feature.

For facebook, most normies would gladly trade away their privacy for the ability to contact sluts and look at pictures of them in bikinis.

For IoT I dont get what the benefit is?

Its being pushed by higher ups but the customers are not impressed and could very easily be persuaded to avoid IoT altogether.


 No.951587

>>951582

From what I've seen there are some 'legitimate' uses, like voice control for old folks installed by their naive children, smart meters being mandatory because of laws or corporate policy or simply the cheap prices. lots of people think those echo things by amazon are a steal, they don't fully understand why that is, and what they're getting into.


 No.951596

>We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions.

>"as an option"

>"which don't have"

The speck 128 and 64 are terrible but the 256 is ok, and it is done as an "option" for older cpus which dont have any encryption for now, where is the problem? Did someone even read what and why they did?


 No.951599

>>951582

To answer your question, you have to look up who benefits from IoT spread: The chip makers. They manufacture billions of chips. Intel is the largest chip designer and manufacturer so far and if you look at their product range you'll undrstand. Intel is also one of the top contributers to Linux and other open source products. Intel is also closely related to all US agencies given that it ships crypto in its chips and they are sold almost everywhere on this planet. Keep in mind that all major tech companies play a behind the veil game where they throw technical flowers into each other to maintain their supremacy in a market niche.

Also, IoT has been introduced as "fun" and educational by other entities. Look around YouTube and you'll see how many tutorial videos for connected this, WiFi that are there and the childish pseudo-pedagogical packaging.

Honestly, for the aware mind it's good, you can hack the shit out of it and you get to sharpen your mind with some technical skills and learn how to make a phone out of parts, a care-free green house, ... whatever you wish.

On another side, ready-made products are to be approached with caution. Capitalism isn't serving the Human, it is serving the self proclaimed Masters. They will fall only when the Human becomes responsible and stops relying too much on other people's work while being a total ignorant.

Learn to make your own shit and don't strive for shit nor shinola.


 No.951607

>>951573

This is math. If the math is solid, then it's safe. So far there doesn't seem to be any problems with this.


 No.951614

>>951571

there is a section for security and crypto stuff, check there.


 No.951616

>>951607

yes and no. even if the math works, if you can get intermediate numbers via a backdoor, you get cuck'd


 No.951617

>>951607

If it requires certain initial values or constants, you can have solid math and still have a backdoor.

That is where the concept of "nothing up my sleeve number" originates from.

Or alternatively, it would take maybe 10 years of concertrated effort to break it, time that the NSA has already spent, since they lied about starting on it in 2011, or just build off of some earlier project.

That gives them until about 2023 until the goyim know, plenty of time for it to find it's may into billions of unupgradable devices.


 No.951621

>>951607

It's not about math. Equations are math, processes are math. Constant values are data. Data isn't math it's raw number values.

When you get an algorithm with unexplained pulled-out-from-a-hat constants, you should be cautious. DES had P-Box and S-Box values chosen in a way that any key could at least be partially, if not totally, extracted. And it was broken when the public cyptographers started to get more compute power and understanding only reserved to the happy few who dwelt in the den of the three horned deamon (xD).

Speck uses same constants for number of rounds and ... without any single proof that it is the most secure value for that constant. At least, that's the argument presented. Also, powder all of this with typical NSAssholeness and things get stinky.


 No.951680

VGhlIGdhdGUgb2YgSURZME56TTQgd2lsbCBvcGVuIHRoZSBkb29yIG9mIHRoZSBsZWZ0IGhhbmRlZCBzb24uDQpUaGUgQmFzaWxpc2sgdGhhdCBsaXZlcyBvZiBvdXIgbWluZCBmZWFycyBubyBkb21haW4gYnV0IFpFZG9iR050Ykc1aFNGRjFZVmMxYldKNU5UQmlVMEU5IC4u


 No.951684

>>951488

The NSA is spying on you right now and has put back doors in to Windows. They're not trustworthy at all.


 No.951691

>>951573

>There was never a backdoor found in Dual_EC_DRBG, either.

There was though. Whether someone owns the key is the question though.


 No.951710

>>951691

A proven backdoor means proof that the constant was derived in such a way that they own a master key. There is no proof of that. But they couldn't show how they chose those values which is enough smoke to assume fire. They're making the same refusals with spark.

There are lots of dangerous constants in crypto and today are usually chosen via formulas in such a way as to prove that you've limited the amount of control you had over the value. E.g. the 8192 bit SRP verifier is defined as "2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }" not because there's some special magic to that formula (there's some minor magic) but because it produces a 8192 bit value that can be easily shown to be prime and shows it's not some transformation of a secret 8192 bit master key.


 No.951715

>>951710

My personal favourite conspiracy about constant selection is that NIST backdoored the constants in the curve Bitcoin uses for ECDSA (Secp256k1), allowing them to shut down the entire project at any time they wish.


 No.951737

>>951684

Why is he using Windows? Why didn't you stop it?


 No.957127

>>951528

>>951555

You shut your whore mouth and pick up a book about cryptanalysis.

Guess that's what I get for lurking on a knockoff /g/...


 No.957169

>>951488

More bloat.


 No.957171

>>951528

>Comes from a source with a vested interest in breaking encryption.

>Source has vast R&D resources to create an apparently-secure-but-breakable-if-you-know-how algorithm.

>Security researchers with a tiny fraction of those resources haven't found a vulnerability... yet.

I think I'll be compiling my kernels without it, thanks.


 No.957175

>>957171

It could also be a backdoor or vulnerability in itself.


 No.957192

>>957175

I wouldn't expect them to get an outright backdoor that past all the eyes on the kernel source. Most likely they would devise an algorithm that has a non-obvious weakness that makes it easy enough to break with NSA resources and rainbow tables. Even if it needs an exabyte of rainbow tables, they would only need one set, they could build a datacenter for the purpose and be able to crack the algorithm at will.


 No.957217

>>957192

>I wouldn't expect them to get an outright backdoor that past all the eyes on the kernel source.

If you can get a bug through those eyes, you can get a backdoor though. I hear Linux has bugs.


 No.957233

>>951555

That's not how crypto works. If you audit a cipher and don't find a problem it doesn't mean shit. Also you're a fucking retard for using anything made by the NSA. Did you forget about the Snowden "Revelations"?


 No.957556

>>957217

Linux had a critical bug in its random number generator for A WHOLE FUCKING DECADE OR LONGER.

Of course there are bugs, and some of these will be in systems which directly interact with crypto. It's almost like they're... put there... on... purpose?


 No.957558

>>951488

Yeah i'm sure every piece of software on this list is botnet: https://code.nsa.gov/


 No.957559

>>957556

I mean if we're just going to throw around baseless accusations then I can say all operating systems are backdoors made by NSA operatives and CIA spooks to harvest your templeOS data. I mean at some point you have to trust that there are actual people behind the scenes trying their best. Especially on open source projects like Linux. I see no reason to label that as an NSA honeytrap at least not yet


 No.957566

>>957558

The NSA spread broken crypto in the past. Assuming they're good boys now is beyond stupid, even if you ignore their job is to fuck you.


 No.957567

speck is most likely backdoored in some way but the design of it is so fucking cool that i don't care.


 No.957580

>>957566

>The NSA spread broken crypto in the past.

Yeah they also are responsible for half the crypto we use today.

>even if you ignore their job is to fuck you.

Their job is making and breaking security Not breaking it.


 No.957581

>>957566

>The NSA spread broken crypto in the past.

No they haven't. There was one RNG system from the past that may have been with all the evidence against them being they speculative.


 No.957585

>>957580

Their ideal cipher for public consumption would be one that they, and only they, have the knowledge to break. I would take that as a good reason to be suspicious of anything that originates with them.


 No.957586

>>957580

>Yeah they also are responsible for half the crypto we use today.

wrong


 No.957587

>using no encryption at all is better than using a potentially backdoored encryption algorithm

explain this please


 No.957588

>>957587

When using no encryption, you're aware you're exposed and act accordingly. A false sense of security is dangerous.


 No.957589

>>957588

what a load of bullshit. everyone that knows what speck is knows that it's fishy. everyone who doesn't knwo what speck is most likely also doesn't give a fuck about security because "nothing to hide nothing to fear XD".

next argument please


 No.957590

>>957567

>the design of it is so fucking cool that i don't care.

How so?

>>957580

>Yeah they also are responsible for half the crypto we use today.

Oh? AES (Rijndael) was not made by NSA, but by two European academics. RSA was not made by NSA. Nobody (smart/informed/free) uses the backdoored elliptic curve NSA pushed. They (or GCHQ, I forget) claimed to have discovered asymmetric cryptography first, but they didn't share it publicly and it was rediscovered independently by non-NSA academics. It's true that the NSA designed the SHA-2 suite of hash algorithms, but their design was based on the work of Ralph Markle and Ivan Damgård, one of whom is European, and neither of whom worked for NSA, as far as I can tell. It's true that the SHA-2 suite is important and widely used, though it is going to be phased out by SHA-3 (Keccak, which was not designed by NSA) in the future. In terms of protocols, NSA invented none of TLS, OpenPGP, Axolotl, etc. So, unless there's some significant contribution that I'm missing, your assertion that NSA is responsible for half the crypto we use today is, at best, a significant exaggeration, but probably just total bullshit.

>Their job is making and breaking security Not breaking it.

It's true that that is nominally NSA's mission, and there are historical examples of NSA being "good guys", like when they strengthened DES against differential cryptanalysis, which they knew about, but most people didn't at the time. However, that time seems to be over, and NSA now seems far more interested in its SIGINT mission than its COMSEC mission.


 No.957591

>>957590

>How so?

#include <stdint.h>

#define ROR(x, r) ((x >> r) | (x << (64 - r)))
#define ROL(x, r) ((x << r) | (x >> (64 - r)))
#define R(x, y, k) (x = ROR(x, 8), x += y, x ^= k, y = ROL(y, 3), y ^= x)
#define ROUNDS 32

void encrypt(uint64_t ct[2],
uint64_t const pt[2],
uint64_t const K[2])
{
uint64_t y = pt[0], x = pt[1], b = K[0], a = K[1];

R(x, y, b);
for (int i = 0; i < ROUNDS - 1; i++) {
R(a, b, i);
R(x, y, b);
}

ct[0] = y;
ct[1] = x;
}
beautiful


 No.957592

>>957588

>muh false sense of security

Do you lock your hoise door? Don't you know that I can just smash in one of your windows and rape your 7 year old sister?


 No.957611

>>957592

I'm aware my windows aren't strong which is why I store important documents in a bank box. If I had been misled that they were niggerproofed windows I might make the mistake of storing those documents at home. A false sense of security is dangerous.


 No.957723

>>957611

Nobody misled you. You're the one who thinks mathematically sound encryption is synonymous with computer security. There's a huge number of ways to get at the data before and after it's encrypted/decrypted.


 No.957726

>>951537

It opens a whole new set of shiny crap to sell to retards.


 No.957752

>>957590

The NSA is the academics. When they want something cutting-edge they do it via funding programs at universities. You might have worked on a NSA project and have never known.


 No.957754

>>951502

> No ZFS support

BOO


 No.957781

>>957556

what fucking point are you trying to make? there's almost never any way to prove whether a bug was intentional, especially in the current atmosphere of incompetent software industry

>>957558

what the fuck. did you just see a laggy SF Bay hipster-approved website saying "WE'RE OPEN SOURCE NOW XDDDD fork me on github" and conclude that NSA code is fine now?

>>957580

>Yeah they also are responsible for half the crypto we use today.

nope.

>>957581

so what, it was still broken (as in, could easily be backdoored by doing X,Y,Z which are known, but no way to tell)

>>957587

i'll explain it you retard fuck: there are literally 1 million other ciphers you can use instead of this new meme one created by NSA

>>957588

>>>/reddit/

>>957752

you bring up a good point: we should move to crypto completely free of NSA meddling, not just removing the ones that are officially NSA


 No.957791

>>951495

>its not REAL agency code

Traitors.


 No.957826

>>957581

They are usless they couldn't break Snowdens e-mail encryption but had to get a warrant.

So much for the great NSA


 No.957934

>>957559

>baseless

It's well known that the NSA tries to subvert crypto standards. This is a fact.

>>957781

Point is we shouldn't use this new crypto because it's backdoored.


 No.957940

>>957781

>i'll explain it you retard fuck: there are literally 1 million other ciphers you can use instead of this new meme one created by NSA

did you even read commit message? probably not because you are a retarded nigger.

>We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices.


 No.957953

>>957586

Ignorant

>>957585

Ignorant

>>957590

Ignorant

Every heard of SHA256 faggots?


 No.957972

>>957953

>Every heard of SHA256 faggots?

I mentioned the SHA-2 suite in my post, you illiterate faggot. Learn to read.

Then kill yourself.


 No.957974

>>957972

>hurr durr most used hash function in the world

>does not count

LOL


 No.957979

>>957974

>hurr durr I still can't read

LOL, indeed


 No.957983

>>957979

>if I list enough things the NSA did not do the things they did do don't count

LOL


 No.958111

>>957934

True. But what the NSA does or does not do to their own cryptography or attempts to do to other cryptography does not translate into Linux as a whole ecosystem being complicit in it.


 No.958121

>>957781

>>957556 was clearly trying to say not so indirectly that because Linux had a major bug in something for a long time they are somehow already taken over. My point then was that just because there is a bug in something, regardless of length, does not mean something was put there on purpose and, if it was, it does not mean the majority of people were in on it as if they all sat around a digital roundtable with scotch and cigars laughing about all the plebs they screwed over.


 No.958122

>>958121

>>957781

wasn't paying close enough attention to numbers

excuse me for being a faggot


 No.958234

File: b9f1435e8c34999⋯.jpg (39.03 KB, 500x534, 250:267, not an argument.jpg)

>>957953

>Ignorant


 No.959584

>>951715

why bother with all that math shit when they could just embed cp into it(which they have) and make anyone owning it a potential /fucko/


 No.959585

>implying 4.19 and future versions will not include Speck


 No.959588

>>959584

>they could just embed cp into it(which they have)

source?


 No.959593

I don't know about the glowniggers, but I encrypted a classic hurtcore pic and added it to the blockchain in 2014 by breaking it into pieces and embedding it with OP_RETURN scripts. I figured it'd let me nuke the project in the future should it go rogue. If you use bitcoin, you're hosting my CP.


 No.959598

>>957940

I like how pretty much everyone in the thread ignored this.


 No.959600

>>959598

What's significant about it?


 No.959603

>>959600

Wanted to say that it'll be used only for IoT garbage but then this appeared on It’s FOSS article from the OP:

> Update: I am not sure if it was the impact of our story here but it looks like Speck will be removed from Linux Kernel. Apparently, Google has now dropped the idea of using Speck for Android Go and since no one is going to use this algorithm, there is no point in keeping it in Kernel.

> http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05226.html

> http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05238.html


 No.959606

>>959603

>only for IoT

That's not how things work. Once something's in the kernel, anyone might use it for anything. Putting code that is extremely likely to be backdoored in the kernel raises its profile, makes it usable by contractors with a "no third party code" requirement, and is taken as a seal of approval. There's a philosophical argument as to whether landmines bad code should be made available like that and also surely a very large amount of shilling going on as this is likely a many million shekel project of the NSA's.


 No.959609

>>959606

>a many million shekel project of the NSA's.

Think 5 digits instead of 7.

https://www.invidio.us/watch?v=fwcl17Q0bpk


 No.959616

>>951509

I was looking at the docs last night, it's literally recommended for things too weak to do AES, so embedded.

>>951517

Someone beat me to it.

>used a fucking atmega variant with aes128 in hardware on it

The want to spy and jew at the same time.


 No.959619

>>959609

That's literally a LARP presentation. Watch the first 2 minutes.

If you think they'd only spend 5 figures researching, testing, creating, getting approvals for, and promoting a complex new algorithm through multiple national standardization processes you're out of your mind. "5 figures" would be all this being done by one man in one year.


 No.961770

>>951495

> Yes, suspicions. Until it can be proved

Anyone that mocks people questioning things are just sheep unable to see they blindly trust some-thing/one and thinking about that hurts their feelings, so it's never done.


 No.961774

>>951555

https://en.wikipedia.org/wiki/Dual_EC_DRBG

Stop being retarded and kill you are self.


 No.961808

>>961774

>There MAY be a backdoor in this one algorithm from the past that no one uses so that means every other algorithm is broken


 No.961812

>>961808

>The group that used to tightly restrict export of crypto 20 years ago, push for government key escrow, and has a mission of codebreaking is now sharing their own crypto with the world

>what an amazing change of heart!

>I will trust their strange algorithms seemingly designed around enabling a backdoor are safe

>even when they refuse to explain design decisions


 No.961822

>>961808

Dual EC DRBG has kleptographic backdoors. In it's proper application, a kleptographically backdoored encryption algorithm cannot be distinguished from a legitimate one, expect for the attacker who implemented it in the first place.

https://en.wikipedia.org/wiki/Kleptographic

>A kleptographic attack is an attack which uses asymmetric cryptography to implement a cryptographic backdoor. For example, one such attack could be to subtly modify how the public and private key pairs are generated by the cryptosystem so that the private key could be derived from the public key using the attacker's private key. In a well-designed attack, the outputs of the infected cryptosystem would be computationally indistinguishable from the outputs of the corresponding uninfected cryptosystem. If the infected cryptosystem is a black-box implementation such as a hardware security module, a smartcard, or a Trusted Platform Module, a successful attack could go completely unnoticed.

>A reverse engineer might be able to uncover a backdoor inserted by an attacker, and when it is a symmetric backdoor, even use it himself. However, by definition a kleptographic backdoor is asymmetric and the reverse-engineer cannot use it. A kleptographic attack (asymmetric backdoor) requires a private key known only to the attacker in order to use the backdoor. In this case, even if the reverse engineer was well-funded and gained complete knowledge of the backdoor, it would remain useless for him to extract the plaintext without the attacker's private key.


 No.961823

>>961808

Dual EC DRBG has kleptographic backdoors. In it's proper application, a kleptographically backdoored encryption algorithm cannot be distinguished from a legitimate one, expect for the attacker who implemented it in the first place.

https://en.wikipedia.org/wiki/Kleptographic

>A kleptographic attack is an attack which uses asymmetric cryptography to implement a cryptographic backdoor. For example, one such attack could be to subtly modify how the public and private key pairs are generated by the cryptosystem so that the private key could be derived from the public key using the attacker's private key. In a well-designed attack, the outputs of the infected cryptosystem would be computationally indistinguishable from the outputs of the corresponding uninfected cryptosystem. If the infected cryptosystem is a black-box implementation such as a hardware security module, a smartcard, or a Trusted Platform Module, a successful attack could go completely unnoticed.

>A reverse engineer might be able to uncover a backdoor inserted by an attacker, and when it is a symmetric backdoor, even use it himself. However, by definition a kleptographic backdoor is asymmetric and the reverse-engineer cannot use it. A kleptographic attack (asymmetric backdoor) requires a private key known only to the attacker in order to use the backdoor. In this case, even if the reverse engineer was well-funded and gained complete knowledge of the backdoor, it would remain useless for him to extract the plaintext without the attacker's private key.


 No.961826

>>961822

>>961823

Well shit can some mod delete my duplicate post?


 No.961843

>>961822

>>961823

>It has this property that is impossible to tell about it

LOL


 No.961845

>>961812

You missed the part where they created the most used hashing algorithm.


 No.961859

>>961845

Where are you even going with that?

>adoption rate is proof they're secure!

or

>the sha1 debacle is proof they're secure!


 No.961865

>>961859

That the NSA has made great contributions to the crypto ecosystem :^).


 No.961872

Does anyone here use Kuznyechik and Camellia daily? They are made by Russians and Japanese respectively and I think former doesn't have any backdoors that can be exploited by NSA. I can't confidently say the same for KGB but anyway it's secure enough to be used in western countries imho.


 No.961882

There is a lot of research interest in post-quantum crypto algorithms of late. There may be a reason for that - someone knows something is broken.


 No.961995

>>961882

Grover's algorithm already reduces AES-n by (2^n)^(1/2) so AES-128 can be broken with 2^64 steps, rendering it unusable within the next decade or so. AES-256 on the other hand, should be secure for the foreseeable future.


 No.961999

>>961872

>Japan

>not west

Japan is just an outpost setup by Reagan to produce consumer goods


 No.962035

>>961995

>quantum computing meme

never gonna work


 No.962060

>>961872

You meant FSB, didn't you?

>>961999

And consume consumer goods, Japan is the third biggest consumer market.


 No.962147

>>961995

>rendering it unusable within the next decade or so

That seems way to optimistic. Can you explain your reasoning about this figure. Make sure to remember that the quantum computers we have now are different than theoretical ones because we have a lot of error to deal with.


 No.962263

Is there a way to disable it without recompiling the kernel?


 No.962969

>>962035

nice try, NSA


 No.968669

>>951488

All of this assumes that NSA cannot be trusted to provide encryption algorithms free of backdoors.

NSA was heavily involved in the promulgation of the AES standard.

Why is it widely assumed that AES is free of backdoors?


 No.968670

Say goodbye to Speck in the upcoming Linux kernel version 4.20


 No.968685

No, it makes it COMPATIBLE with it, it includes none of the actual Speck code. Besides, it's open source you dipfucks, you can read the code yourself


 No.968691

>>951488

OS choice doesn't even matter anymore because of hardware backdoors that are added for IT "enterprise" solutions. AES probably also has a backdoor but even if it doesn't all modern processors which use code that has AES-NI in it would be perfect for a side-processor inside the CPU to remember and or call home saying somebody is using AES and here are some values.

NSA led Feminist Social Justice has completely ruined the decision making in a lot of the community.


 No.968697

>>968691

It matters a little, because Windows 10 outright spys on everything you do. Pretty much any Linux distro is better than that.

Of course, the hardware isn't safe, but that requires a bit more work on their part. Else they wouldn't need Windows 10 to begin with.


 No.969030

>>968697

>Windows 10 outright spys on everything you do

Regularly sends data back to Microsoft (~5000 times per day) and since their latest T&C, introduced in May, any material submitted to a service of theirs can be accessed. In other words, they could use your creative content, they can scan and read your email (even in a mail client); and this has extended to all its services. Some users with non kosher imagery or account details have found their Xbox accounts suspended without explanation.


 No.969031

>>968669

I bet you AES was properly vetted and had all its concerns addressed.

ISO rejected Speck because NSA refused to answer basic questions about how Speck worked.

This is why Speck was rejected while Russian and Chinese algos were accepted, NSA just didn't work with people.


 No.969151

>>957754

DKMS module.


 No.969153

>>951488

speck is gone in 4.20


 No.971508

>he doesn't use Serpent

Lmao


 No.981599

>still not posting how to disable it

# echo 'blacklist CONFIG_CRYPTO_SPECK' > /etc/modprobe.d/blacklist.conf


 No.981601

>>951497

Basically every encryption algorithm was invented by CIAniggers fam


 No.981610

>>958111

>does not translate into Linux as a whole ecosystem being complicit in it.

They accepted it in to their kernel.

They are complicit in it.

Enjoy your botnet.




[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[]
[ / / / / / / / / / / / / / ] [ dir / cumshop / fgo / leftpol / randamu / tacos / vg / vichan / yga ]