User: Password:
|
|
Subscribe / Log in / New account

NSA inserting weaknesses into standards

NSA inserting weaknesses into standards

Posted Sep 15, 2013 19:20 UTC (Sun) by giraffedata (subscriber, #1954)
In reply to: NSA inserting weaknesses into standards by khim
Parent article: Toward healthy paranoia

There is, for example, some evidence that the NSA has inserted weaknesses into some random-number generation standards, ...
No, I meant how does the NSA insert something into a standard?
The same way it always did. [Wikipedia article on DES]

If the NSA activity we're talking about is anything like what is described in the Wikipedia article on DES, then "has inserted weaknesses" is entirely inappropriate wording. The NSA's involvement in DES, according to the article was:

The US government wanted to establish a standard for encrypting US government data. It sought proposals, via the National Bureau of Standards, from the public and consulted with NSA to evaluate them. IBM submitted a proposal and consulted with the NSA in developing it. NSA suggested two changes to IBM's initial proposal. One was a reworking of the "s-tables," which IBM's encryption experts analyzed and found to be good and accepted. The other was to reduce the key length from 64 bits to 48. IBM rejected that. NSA then proposed 54 bits and IBM found that to be better than 64 and accepted it. IBM made the resulting proposal to NBS and NBS accepted the proposal as a standard for encrypting US government data. Some time later, public standards bodies including ANSI and ISO adopted the same standard. The article doesn't tell the process by which ANSI and ISO adopted it, but I see no evidence that NSA was involved.


(Log in to post comments)

NSA inserting weaknesses into standards

Posted Sep 16, 2013 0:07 UTC (Mon) by khim (subscriber, #9252) [Link]

If the NSA activity we're talking about is anything like what is described in the Wikipedia article on DES, then "has inserted weaknesses" is entirely inappropriate wording.

Really? When you make standard 256 times weaker then it could be otherwise it's not “inserting weaknesses”? How do you call said process?

Note that in story with DES quite visible change made standard weaker and opaque change didn't but it does not change the principal position: standard was changed at the NSA request and nobody outside NSA had any idea for why said request was made in the first place.

The other was to reduce the key length from 64 bits to 48. IBM rejected that.

Right. 48 bits instead of 64 means it's 65536 times easier to crack.

NSA then proposed 54 bits and IBM found that to be better than 64 and accepted it.

NSA, of course, proposed 56 bits, not 54 and, more importantly, IBM never agreed and never claimed 56 bits are better than 64—that's an absurd claim. Of course 56 bits cypher are weaker then 64 bits. 256 times (if there are no other substantial differences). But IBM decided that it's better to accept 56bit compromise rather then try to insist on 64bits and see their proposal thrown out.

The article doesn't tell the process by which ANSI and ISO adopted it, but I see no evidence that NSA was involved.

Why would NSA involved? The deed was done much earlier—when 64bits were replaced with “good enough” 56bits and S-boxes were altered. It does not look like S-boxes changes were nefarious (we still don't really know), but problem with change from 64bits to 56bits is self-evident to anyone who knows how cryptography works.

NSA inserting weaknesses into standards

Posted Sep 17, 2013 15:57 UTC (Tue) by giraffedata (subscriber, #1954) [Link]

When you make standard 256 times weaker then it could be otherwise it's not “inserting weaknesses”?

That would be, but NSA did not make the standard anything.

"Make" or "insert" is highly misleading terminology when you're talking about influence this small. My government makes me pay taxes; my insurance agent doesn't make me buy life insurance. I insert a post in my blog; I don't insert a story about me in LWN by sending a press release.

IBM never agreed and never claimed 56 bits are better than 64

Yes, IBM did. You're taking too narrow a view of "better" that just means harder to crack. There are costs associated with longer keys, and IBM had to consider them all. IBM found that the added security did not justify the cost of the extra 8 bits. My understanding of the story is that what NSA convinced IBM of between IBM's initial and final proposal was how hard 56 bits was to crack, and that changed the balance in IBM's opinion.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds