Nobody said anything about a backdoor; the question was "what's suspect about Speck". Speck is suspicious (which includes more potential risks than just a "backdoor") because "Everything the NSA and the US govt touches is suspect".
This is the same kind of security-minded heuristic as the advice that you should restore from a clean backup instead of assuming you can even know how to clean a compromised host of every rootkit/backdoor/etc. Once trust has been broken, you have to assume risks might exist until proven safe. This is why burning trust is often a very bad idea; regaining that trust takes a lot of time and effort.
Also, suspicion does not require an actual risk to exist.
edit:
For the record, I don't know much about Speck, good or bad. It might be fine, but that's orthogonal to the NSA earning a reputation that invites suspicion.
This is true if and only if you can and have read the underlying math/algorithm. I haven't read Speck. My mother hasn't read the details of any type of crypto. So we don't have a basis for trusting Speck from first principles; we have to trust someone else for their expert opinion.
You're only looking at the technical details. In the real world, approximately nobody has the time and training to do that, and we must rely at least somewhat on trust. For those purposes, the NSA is no longer seen as a trustworthy expert.
(I'll point out that I haven't suggested that nobody should use Speck. Also, my opinion of it might change upon seeing some basis for trust (i.e. endorsement by other trusted experts or if I find the time to actually read the technical details myself))
Also, suspicion does not require an actual risk to exist.
No, of course not. But if you are taking that position, you are basically saying "I suffer from paranoid delusions and don't confuse me with the facts."
From what I gather from skimming this discussion, the question being put to you is "Suppose I don't suffer from the same paranoid delusions. What are the actual risks here that a rational person should be genuinely concerned with? Please and thank you."
Either way it's probably good for Google's reputation for them to roll their own. After all, they don't exactly have as high a standing as Apple appears to have for some things?
As a non techie (for the HN crowd), to me that lends weight to the possibility that there might be some genuine risk.
Inability to prove or adequately articulate a risk is not the same as there being none. It's okay to take the position "What I know and what I can prove are two different things."
My life only works at all because of my willingness and ability to act on threats before they could possibly be proven, like when I got moved to another team before the guy calling me doll and babe took it over. He was fired more than two years later for sexual harassment or similar, but he wasn't a major problem for me because I never worked for him.
(Please note the "non techie" proviso and be kind if you feel the need to point out -- and explain why, using little words -- that it simply is not possible. Thank you.)
Cryptographers ought to be suspect of everything. Reputation isn't nothing, but the key part of a design is what can be proved about it, not who proposed it.
I think there'll be many people who would find a comment like this suspicious and question its overall validity.
There's a lot of stuff the US government (and NSA) touches that isn't suspect - do we need to start making a list? Because if we do, just one item alone would invalidate the (not uncommon) point you appear to be drawing here.
To my knowledge, on Arch it's enabled as module, so unless some application uses Speck (which are none that I have installed, care about or know) then the module will not be loaded and do nothing.
A comment on the thread from the code's contributor is super useful: SPECK was added because on low-end Android devices with less than 50MB/s AES, it enables phones to have encryption enabled by default. That is, SPECK is useful in cases where the alternative would be no encryption at all.
I'd be a little surprised if SPECK was the only workable answer here.
You can read about some of the other options considered here: https://marc.info/?l=linux-crypto-vger&m=152573520705012. But in the end, a new ChaCha-based mode suitable for disk encryption (https://eprint.iacr.org/2018/720.pdf) had to be designed since there didn't seem to be any alternative block cipher that met the strict performance and security requirements. LEA-128 maybe comes close, but it hasn't undergone too much cryptanalysis yet (much less than Speck).
After Dual_EC_DRBG, and the early warnings and raised eyebrows, I feel like "there's no smoke without fire" is a good way to operate nowadays concerning the NSA.
27 comments
[ 3.5 ms ] story [ 72.9 ms ] threadhttps://en.wikipedia.org/wiki/Edward_Snowden
Skepticism isn’t the same as denial, these attitudes of permanent ignorance remind me of the late nineties with Microsoft in the Linux community.
This is the same kind of security-minded heuristic as the advice that you should restore from a clean backup instead of assuming you can even know how to clean a compromised host of every rootkit/backdoor/etc. Once trust has been broken, you have to assume risks might exist until proven safe. This is why burning trust is often a very bad idea; regaining that trust takes a lot of time and effort.
Also, suspicion does not require an actual risk to exist.
edit:
For the record, I don't know much about Speck, good or bad. It might be fine, but that's orthogonal to the NSA earning a reputation that invites suspicion.
In fact, as another commenter here rightly points out, cryptography does not in fact run on trust; if anything, it runs on the opposite: verify.
This is true if and only if you can and have read the underlying math/algorithm. I haven't read Speck. My mother hasn't read the details of any type of crypto. So we don't have a basis for trusting Speck from first principles; we have to trust someone else for their expert opinion.
You're only looking at the technical details. In the real world, approximately nobody has the time and training to do that, and we must rely at least somewhat on trust. For those purposes, the NSA is no longer seen as a trustworthy expert.
(I'll point out that I haven't suggested that nobody should use Speck. Also, my opinion of it might change upon seeing some basis for trust (i.e. endorsement by other trusted experts or if I find the time to actually read the technical details myself))
If you are doing cryptography, you do exactly that.
No, of course not. But if you are taking that position, you are basically saying "I suffer from paranoid delusions and don't confuse me with the facts."
From what I gather from skimming this discussion, the question being put to you is "Suppose I don't suffer from the same paranoid delusions. What are the actual risks here that a rational person should be genuinely concerned with? Please and thank you."
https://www.phoronix.com/scan.php?page=news_item&px=No-Speck...
Inability to prove or adequately articulate a risk is not the same as there being none. It's okay to take the position "What I know and what I can prove are two different things."
My life only works at all because of my willingness and ability to act on threats before they could possibly be proven, like when I got moved to another team before the guy calling me doll and babe took it over. He was fired more than two years later for sexual harassment or similar, but he wasn't a major problem for me because I never worked for him.
(Please note the "non techie" proviso and be kind if you feel the need to point out -- and explain why, using little words -- that it simply is not possible. Thank you.)
There's a lot of stuff the US government (and NSA) touches that isn't suspect - do we need to start making a list? Because if we do, just one item alone would invalidate the (not uncommon) point you appear to be drawing here.
And that was discussed here: https://news.ycombinator.com/item?id=17214827
I really can't judge the quality of that critique of Speck, but, its a lot more interesting than just "NSA = bad".
I'd be a little surprised if SPECK was the only workable answer here.
Later:
It isn't; Google is doing HPolyC instead.
[1]: https://www.phoronix.com/scan.php?page=news_item&px=No-Speck...
[2]: https://www.phoronix.com/scan.php?page=news_item&px=Linux-Ke...