Ethics (or unethical) massive government surveillance
Translator's note: recently cryptoalgorithms based on elliptic curves have become increasingly popular. In the world of cryptography, it is not worth reinventing bicycles (which was often written on our favorite Habré), and it’s best to follow the standards. However, not all standards are equally useful.
PS: the translation does not shine with novelty, but, perhaps, it will help to learn something new to the audience.
NSA is often suspected of developing backdoors for encryption algorithms and systems. The most serious claims were made to the NSA in November 2007, after the release of the official NIST standard for random sequence generators.
Almost all encryption algorithms are based on the use of random numbers to generate encrypted messages. Modern cryptography uses random numbers for many purposes, starting with the initialization of encryption keys. Therefore, the quality of random sequences generated is very important. If an attacker can compromise the random number generator used to encode a message (predict a random sequence), then he will be able to decode the encrypted message.
Developing random sequence generators is a very difficult task. Many attacks on ciphers are inherently attacks on these same generators. NIST has developed the NIST Special Publication 800-90 standard, which describes various techniques for obtaining cryptoresistant random sequences that are recommended for use in various fields of activity. Many software and hardware developers take this standard as the basis for the implementation of cryptoalgorithms ( translator's note: this standard was also covered in Habré ).
')
The standard provides four different techniques for “true random bit generators” (Deterministic Random Bit Generators - DRBG), based on various cryptographic primitives:
Doubt in this standard caused a random number generator based on elliptic curves - DUAL_EC_DRBG. The first problems in it were found in 2006, when Daniel Brown and Kristian Gjosteen pointed out that DUAL_EC_DRBG generates random numbers with a small offset. In 2007, at the CRYPTO conference, Dan Shumow and Niels Ferguson showed the vulnerability of this generator, which they regarded as a deliberately left backdoor. They demonstrated that the constants used by this generator have a relationship with some secret set of numbers, with the result that the owner of this set can predict the issuance of the generator and get access to the contents of messages encrypted with its use.
And then the NSA? The NSA collaborates with NIST as a national expert in the field of cryptography. DUAL_EC_DRBG is the slowest of the proposed methods for obtaining random sequences. Many were interested in the question of why this generator is generally included in the standard. Bruce Schneier explained that the NSA was the initiator and main lobbyist for including this generator in the standard. Schneier did not make any conclusions, but suggested that the NSA wanted to be able to receive the contents of the encrypted messages: “I don’t understand why the NSA so strongly suggested including DUAL_EC_DRBG in the standard ... Dual_EC_DRBG under any pretexts. If you want to follow NIST SP 800-90, use CTR_DRBG or Hash_DRBG. "
PS: the translation does not shine with novelty, but, perhaps, it will help to learn something new to the audience.
NSA is often suspected of developing backdoors for encryption algorithms and systems. The most serious claims were made to the NSA in November 2007, after the release of the official NIST standard for random sequence generators.
Almost all encryption algorithms are based on the use of random numbers to generate encrypted messages. Modern cryptography uses random numbers for many purposes, starting with the initialization of encryption keys. Therefore, the quality of random sequences generated is very important. If an attacker can compromise the random number generator used to encode a message (predict a random sequence), then he will be able to decode the encrypted message.
Developing random sequence generators is a very difficult task. Many attacks on ciphers are inherently attacks on these same generators. NIST has developed the NIST Special Publication 800-90 standard, which describes various techniques for obtaining cryptoresistant random sequences that are recommended for use in various fields of activity. Many software and hardware developers take this standard as the basis for the implementation of cryptoalgorithms ( translator's note: this standard was also covered in Habré ).
')
The standard provides four different techniques for “true random bit generators” (Deterministic Random Bit Generators - DRBG), based on various cryptographic primitives:
- based on hash functions;
- based on the hash code of message authentication (Hash Message Authentication Code - HMAC);
- based on block ciphers;
- based on elliptic curves.
Doubt in this standard caused a random number generator based on elliptic curves - DUAL_EC_DRBG. The first problems in it were found in 2006, when Daniel Brown and Kristian Gjosteen pointed out that DUAL_EC_DRBG generates random numbers with a small offset. In 2007, at the CRYPTO conference, Dan Shumow and Niels Ferguson showed the vulnerability of this generator, which they regarded as a deliberately left backdoor. They demonstrated that the constants used by this generator have a relationship with some secret set of numbers, with the result that the owner of this set can predict the issuance of the generator and get access to the contents of messages encrypted with its use.
And then the NSA? The NSA collaborates with NIST as a national expert in the field of cryptography. DUAL_EC_DRBG is the slowest of the proposed methods for obtaining random sequences. Many were interested in the question of why this generator is generally included in the standard. Bruce Schneier explained that the NSA was the initiator and main lobbyist for including this generator in the standard. Schneier did not make any conclusions, but suggested that the NSA wanted to be able to receive the contents of the encrypted messages: “I don’t understand why the NSA so strongly suggested including DUAL_EC_DRBG in the standard ... Dual_EC_DRBG under any pretexts. If you want to follow NIST SP 800-90, use CTR_DRBG or Hash_DRBG. "
Source: https://habr.com/ru/post/193584/
All Articles