Encryption Backdoors Will Always Turn Around And Bite You In The Ass
from the golden-keys dept
As you may have heard, the law enforcement and intelligence communities have been pushing strongly for backdoors in encryption. They talk about ridiculous things like “golden keys,” pretending that it’s somehow possible to create something that only the good guys can use. Many in the security community have been pointing out that this is flat-out impossible. The second you introduce a backdoor, there is no way to say that only “the good guys” can use it.
As if to prove that, an old “golden key” from the 90s came back to bite a whole bunch of the internet this week… including the NSA. Some researchers discovered a problem which is being called FREAK for “Factoring RSA Export Keys.” The background story is fairly involved and complex, but here’s a short version (that leaves out a lot of details): back during the first “cryptowars” when Netscape was creating SSL (mainly to protect the early e-commerce market), the US still considered exporting strong crypto to be a crime. To deal with this, RSA offered “export grade encryption” that was deliberately weak (very, very weak) that could be used abroad. As security researcher Matthew Green explains, in order to deal with the fact that SSL-enabled websites had to deal with both strong crypto and weak “export grade” crypto, — the “golden key” — there was a system that would try to determine which type of encryption to use on each connection. If you were in the US, it should go to strong encryption. Outside the US? Downgrade to “export grade.”
In theory, this became obsolete at the end of the first cryptowars when the US government backed down for the most part, and stronger crypto spread around the world. But, as Green notes, the system that did that old “negotiation” as to which crypto to use, known as “EXPORT ciphersuites” stuck around. Like zombies. We’ll skip over a bunch of details to get to the point: the newly discovered hack involves abusing this fact to force many, many clients to accept “export grade” encryption, even if they didn’t ask for it. And it appears that more than a third of websites out there (many coming from Akamai’s content delivery network — which many large organizations use) are vulnerable.
And that includes the NSA’s own website. Seriously. Now, hacking the NSA’s website isn’t the same as hacking the NSA itself, but it still seems notable just for the irony of it all (obligatory xkcd):
There?s a much more important moral to this story.
The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they?re still hurting us today.
This might be academic if it was just a history lesson ? but for the past several months, U.S. and European politicians have been publicly mooting the notion of a new set of cryptographic backdoors in systems we use today. This would involve deliberately weakening technology so that governments can intercept and read our conversations. While officials are carefully avoiding the term ?back door? ? or any suggestion of weakening our encryption systems ? this is wishful thinking. Our systems are already so complex that even normal issues stress them to the breaking point. There’s no room for new backdoors.
To be blunt about it, the moral of this story is pretty simple:
Encryption backdoors will always turn around and bite you in the ass. They are never worth it.
Let’s repeat that last line, because it still seems that the powers that be don’t get it:
Whether it’s creating vulnerabilities that come back to undermine security on the internet decades later, or merely giving cover to foreign nations to undermine strong encryption, backdoors are a terrible idea which should be relegated to the dustbin of history.
Filed Under: backdoors, encryption, export encryption, export keys, freak, nsa, openssl, ssl, tls, vulnerability
Comments on “Encryption Backdoors Will Always Turn Around And Bite You In The Ass”
What's the betting...
…that someone deliberately exploited this vulnerability on the NSA’s website in order to force the US government to stop being so blind about the problems with security backdoors?
Give the coders a break
It’s hard enough to create a secure cryptographic standard and keep it that way.
It’s even harder* to create a secure cryptographic standard, keep it that way, and maintain a backdoor for intelligence agencies. In fact, having a backdoor in your crypto is the very antithesis of a secure system.
*read: impossible
Re: Give the coders a break
Oh people aren’t blaming the coders for this, they’re blaming the idiots in the government who forced them to build intentionally weak encryption.
Encryption Backdoors Will Always Turn Around And Bite You In The Ass
Then maybe we should all purchase some Ass Armour(TM).
re: "the don't get it"
=”Let’s repeat that last line, because it still seems that the powers that be don’t get it: “
IMHO the understand it perfectly. and, as the song says “as soon as one door closes another door will open”
and so the game of whack a mole continues ad nauseum. another “sophisticated” (my ass) attack . another CVE. and then another patch, and another door is opened.
the business model of the internet is surveillance. i think this was noted by Bruce Schneier recently, if memory serves. and this is exploited by commercial interests, government, and crooks alike. Truly “a fool’s paradise”.
Open source should help. I hope. I use it, anyway.
"Golden key"
It’s interesting to note that this SSL “export crypto” was really an attempt at a “golden key”, that is, something only “good guys” could break.
It worked by deliberately weakening the encryption. It did the equivalent of taking a long key (for instance, a 128-bit symmetric key) and revealing most of it, so only a small part of the key was kept secret (usually 40 bits for symmetric keys).
“Good guys” like the government would have access to large amounts of computer power, and therefore be able to try all the 1099511627776 possible combinations until finding one that matched. “Bad guys” like a neighborhood hacker would have access only to a small amount of computer power, and so would need years to find the matching combination. With advances on computer power, the size of the secret part was increased, so one would would have to check 72057594037927936 possible combinations.
Of course, the premise that only “good guys” would have access to large amounts of computer power didn’t hold for long (the EFF DES cracker was an early demonstration of its failure). And that’s before going into the definition of “good guys”.
Re: "Golden key"
(continuing)
One could make a monetary argument: even for the weakened keys, the cost of trying all the combinations would be more than the value of the obtained information, so your credit card numbers were safe. That ignores three important considerations.
First, that not all value is monetary. A hacker could be willing to spend more than the monetary value of the information, if he had other reasons to be interested in breaking the encryption.
Second, that marginal cost matters. Once the hacker has already spent the hundreds of thousands of dollars to buy the fast computers he would need, the incremental key of breaking another key is small (mostly power and wear on the fans). The more keys the hacker breaks with his initial investment, the cheaper it becomes in the end.
Third, that hackers hack (it’s what they do). What prevents a hacker from using other people’s money to break the keys? A hacker could for instance invade a company and “borrow” their computers for a while.
Re: Re: "Golden key"
(continuing)
However, SSL export crypto was “fair for its day”. Back then, everything was plaintext. Nothing was encrypted. Even with its bizarre limitations, export crypto was a “foot in the door”: people got used to it, and wanted more.
The world has also changed. Gone are the days where nation-states had the privilege of being the only ones with the capability to develop strong cryptography. The notion that export restrictions would prevent strong cryptography from becoming available to everyone became more and more of an anachronism. With the knowledge of cryptography becoming more common, the knowledge of its weaknesses also became more public. Weak algorithms became less acceptable. And with that, “deliberately reducing the key length” is no longer a valid attempt at a “golden key”.
Re: Re: "Golden key"
Botnets do not cost the cracker, and can provide more computing power that most data-centers. In may ways the bad guys have the advantage over the good guys when it comes to access to computing power, embarrassingly parallel problems , as they steal computer cycles, rather than paying for them.
Re: Re: Re: "Golden key"
Botnets don’t cost the OPERATOR of the botnet. They do cost the end user, who is typically told a specific number of IOPS/s by the hour. The more of the botnet they utilize, the more it costs.
Its essentially the same pricing structure as amazon EC2.
Correction: Encryption backdoors will bite you in the back door.
dont talk rubbish! you just ask the NSA, FBI, CIA, HS. they’ll tell you the truth!!
Re: Re:
I did just that, and now I’m on holiday at Camp Echo here in sunny Cuba!
Oxymoron time
Whenever you hear someone say that they want systems to be Secure and have Golden Keys, they are contradicting themselves.
The “Golden Keys” is a euphemism for Back Door, to make it sound nicer.
A Back Door is a security vulnerability that makes a system insecure.
Therefore the person is saying they want a system to be Secure and Insecure. That is a government worthy oxymoron if I have ever heard one.
See here for example:
New Rules in China Upset Western Tech Companies
Oh, look! The Chinese are doing it too! But they don’t call it “golden keys”, they say they want systems to be “Secure and Controllable”.
Controllable means Back Door.
Back Door means vulnerability making system insecure.
Therefore, the Chinese want systems to be “Secure and Insecure”. Another oxymoron brought to you by a government.
2000
a design implimentation of a virus that can use 5% of the bandwidth of a pc could also easily do same for its cpu powr say 1%, then range out and use a bot net for use of 1 million pcs
that would be like having 100,000 full computers and using process hiders ( they exist right now ) you will never know in fact , with the knolwedge of all the major anti virii providers out there , its easy to “simulate them while eradicating them …keeping the machine largely safer then it was previously lol….
you all fookin idiots to think this 15 year old tech has not advanced
Politicians please remember . . .
Encryption Backdoors WILL NOT bite you in the ass.
They will bite the American Public individuals and companies in the ass. So that makes it okay, right?
Criminal export
And they still do, if you don’t fill out the proper paperwork.
Encryption Backdoors Will Always Turn Around And Bite You In The Ass
And the NSA and the other TLAs will be saying, just so long as it’s my donkey that gets bit, I’m OK
But seriously, the lesson they are probably going to take away is “We have 15 years grace period on each back door, I think we can manage that.”
Keys corrupt, golden keys corrupted absolutely.
Back Doors, Golden Keys … more like a golden shower while someone has you over a barrel. I thought these people were against that sort of kinky shit.
Since they want a golden key, lets make it a golden key.
That is, rather than a backdoor key we provide interested agencies with a golden cryptanalytic algorithm based on the classic brute force attack
In fact, it’s identical. Given a targeted data packet, the routine attempts to decode it with a hypothetical key 00000…00001, then 00000…00010, then 00000…00011 and so on until one test produces readable code.
Such an algorithm will, inevitably, crack any crypto (not just SSL) and allow an agency to access the unencrypted text. It’s also intrinsically costly, so that only governments with immense computational resources will be able to break SSL. In fact, costly enough to protect end users against dragnet use of the key, so that warrants for specific decryption jobs will serve as a time and labor saving stopgap against Golden Key overuse.
(By costly, I mean it takes a very fast and powerful computer a very long time to derive an SSL key. Indirectly, it may cost a lot of actual money for renting and maintaining the computer and supplying it with power. Also considering the time requirements, upgrades, hiring and training new technicians, museum rights and so on.)
Re: Since they want a golden key, lets make it a golden key.
You did read the story didn’t you? That is exactly what the exported version of RSA was – it was a short enough key to be brute forced only by governmetns with massive computing power (at the time). Unfortunately for the NSA (but fortunately for us), computational power of computers increased exponentially and instead of a normal PC taking hundreds or thousands of years to brute force the algorithm, it only took hours or minutes…
Re: Re: I was being facetious
By not shortening the key, it would take centuries if not millennia, by which time the advancement of quantum computers should make all SSL obsolete anyway.
The ass that get's bitten is not the ass of government.
“…backdoors are a terrible idea which should be relegated to the dustbin of history.”
And thus, “backdoors” will indeed become the foremost desired project of governments world wide and will indeed be implemented in most nations.
—
Re: And this is why we need encryption with plausible deniability.
Heck, an extra-careful enterprise could add the process of writing unused space on all hard drives with random numbers. That way drives that are unencrypted are indistinguishable from drives that are.
I’m pretty sure the military seven-pass data purge ends with random numbers anyway.