27 comments

[ 3.5 ms ] story [ 72.9 ms ] thread
I encourage ITNews or anyone else to point out what's suspect about Speck. It's so tiny I don't see where you can or would put the compromise.
Yes. Now, finish the thought.
Everything the NSA and the US govt touches is suspect. Anything less is silly
That's a non-sequitur. The commenter upthread asked how you would hide a backdoor in a tiny block cipher. Can you answer that?
I think anyone discounting things like this should also explain what they would accept to change their views.

Skepticism isn’t the same as denial, these attitudes of permanent ignorance remind me of the late nineties with Microsoft in the Linux community.

I'm having trouble resolving the antecedents of your comment. Am I the skeptic here, or is "can't trust SPECK, NSA" person?
Your parent comment, its directed at the person you were replying to.
Nobody said anything about a backdoor; the question was "what's suspect about Speck". Speck is suspicious (which includes more potential risks than just a "backdoor") because "Everything the NSA and the US govt touches is suspect".

This is the same kind of security-minded heuristic as the advice that you should restore from a clean backup instead of assuming you can even know how to clean a compromised host of every rootkit/backdoor/etc. Once trust has been broken, you have to assume risks might exist until proven safe. This is why burning trust is often a very bad idea; regaining that trust takes a lot of time and effort.

Also, suspicion does not require an actual risk to exist.

edit:

For the record, I don't know much about Speck, good or bad. It might be fine, but that's orthogonal to the NSA earning a reputation that invites suspicion.

This is hand-waving. Backdoor, weakness, vulnerability, whatever you want to call it. What's the suggested mechanism?

In fact, as another commenter here rightly points out, cryptography does not in fact run on trust; if anything, it runs on the opposite: verify.

> cryptography does not in fact run on trust

This is true if and only if you can and have read the underlying math/algorithm. I haven't read Speck. My mother hasn't read the details of any type of crypto. So we don't have a basis for trusting Speck from first principles; we have to trust someone else for their expert opinion.

You're only looking at the technical details. In the real world, approximately nobody has the time and training to do that, and we must rely at least somewhat on trust. For those purposes, the NSA is no longer seen as a trustworthy expert.

(I'll point out that I haven't suggested that nobody should use Speck. Also, my opinion of it might change upon seeing some basis for trust (i.e. endorsement by other trusted experts or if I find the time to actually read the technical details myself))

This is true if and only if you can and have read the underlying math/algorithm

If you are doing cryptography, you do exactly that.

Also, suspicion does not require an actual risk to exist.

No, of course not. But if you are taking that position, you are basically saying "I suffer from paranoid delusions and don't confuse me with the facts."

From what I gather from skimming this discussion, the question being put to you is "Suppose I don't suffer from the same paranoid delusions. What are the actual risks here that a rational person should be genuinely concerned with? Please and thank you."

Google seems to be joining the tinfoil crowd

https://www.phoronix.com/scan.php?page=news_item&px=No-Speck...

Developing a superior lightweight cipher design doesn't mean Google is joining any particular criticism of SPECK.
Either way it's probably good for Google's reputation for them to roll their own. After all, they don't exactly have as high a standing as Apple appears to have for some things?
As a non techie (for the HN crowd), to me that lends weight to the possibility that there might be some genuine risk.

Inability to prove or adequately articulate a risk is not the same as there being none. It's okay to take the position "What I know and what I can prove are two different things."

My life only works at all because of my willingness and ability to act on threats before they could possibly be proven, like when I got moved to another team before the guy calling me doll and babe took it over. He was fired more than two years later for sexual harassment or similar, but he wasn't a major problem for me because I never worked for him.

(Please note the "non techie" proviso and be kind if you feel the need to point out -- and explain why, using little words -- that it simply is not possible. Thank you.)

Cryptographers ought to be suspect of everything. Reputation isn't nothing, but the key part of a design is what can be proved about it, not who proposed it.
I think there'll be many people who would find a comment like this suspicious and question its overall validity.

There's a lot of stuff the US government (and NSA) touches that isn't suspect - do we need to start making a list? Because if we do, just one item alone would invalidate the (not uncommon) point you appear to be drawing here.

Well, is Speck enabled by default? If not, then this title sounds a bit like they fear-mongering, or just general FUD.
(comment deleted)
To my knowledge, on Arch it's enabled as module, so unless some application uses Speck (which are none that I have installed, care about or know) then the module will not be loaded and do nothing.
This email outlines some potential issues with Speck: https://www.spinics.net/lists/linux-crypto/msg33291.html

And that was discussed here: https://news.ycombinator.com/item?id=17214827

I really can't judge the quality of that critique of Speck, but, its a lot more interesting than just "NSA = bad".

A comment on the thread from the code's contributor is super useful: SPECK was added because on low-end Android devices with less than 50MB/s AES, it enables phones to have encryption enabled by default. That is, SPECK is useful in cases where the alternative would be no encryption at all.

I'd be a little surprised if SPECK was the only workable answer here.

Later:

It isn't; Google is doing HPolyC instead.

After Dual_EC_DRBG, and the early warnings and raised eyebrows, I feel like "there's no smoke without fire" is a good way to operate nowadays concerning the NSA.