Assuming that the preference of which algorithm is used in an encryption standard can be influenced by $10 million, then I I'd say you read the article correctly. Very alarming...
Companies that have been compromised[1] - MS, Apple, Facebook, Google, Yahoo, Carriers, Backbone providers - now they are going after security providers. From the big guys only Intel is standing. And that may as well be the next leak.
Also think if they subverted some of the big guys antiviral software - it runs at ring 0 usually.
That article is merely one piece of information in a long chain (Echelon, the Snowden revelations, Lavabit), and all of them add up to the conclusion that you better not trust any US-based/originated IT security system.
if you consider the fact that the nsa and cia often collaborate closely, and then look at the amount of influence the cia has often displayed in the past, towards foreign countries/regimes etc., gejjaxxita's question seems quite reasonable.
The same influence approach ($10m to choose a supposedly okay algorithm) would work just as well for most similar non-American companies, it isn't claimed that RSA did this because of some mandate which would fail if they'd be headquartered in, say, France.
Of course the contract must be kept secret for PR and product reputation reasons.
It's just as if an antivirus company to accept a contract with a major adware distributor to keep their products marked as appropriate - legal, but best kept secret.
"RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings."
The end of RSA (the company)? I find it absurd that a security company no less, would hear many veteran cryptographers say this is backdoored a decade ago, and still going ahead and using it - as the default! Who stakes the whole reputation of their company in the field for a meager $10 million (I assume RSA was pretty big back then, too)? It's insane.
RSA, much like NIST, can not, and should not be trusted any longer. All of their customers should be warned, and advised to quit them ASAP. Companies need to learn this is just unacceptable.
I like Yubikeys: https://www.yubico.com/. They show up as a USB keyboard, so you don't have to type the codes in.
There are some disadvantages. Yubikeys use a shared secret instead of public key crypto. Also, the one-time password is iteration-based, not time-based. On the bright side, you can program Yubikeys with your own secrets. They may not be as secure as properly configured RSA tokens, but they're much better than authing with just a password or client cert.
Yubikey NEO (latest revision) is like the one you already have + a java card that comes with a PGPcard app (and supposedly, you can write your own apps)
They don't have a timer like the RSA key fobs, and need a USB or NFC connection - but are generally very reliable, and given their constraints.
The questiion, of course, is what reason you have to believe that yubico (and for that matter, gemalto, g10code and the rest) are not similarly in bed with the NSA.
You were probably just as horrified as most of the other employees at Bloomberg when that info became public. The bad apples cost Bloomberg a lot of reputation. My point is that "trust" is very elusive, very easy to lose, very hard to gain.
OTOH, are the "bad apples" at Bloomberg who condoned that behavior still in positions of power? Did they even get a slap on the wrist? If I were at Goldman, JPM, Citi, etc. I wouldn't "trust" Bloomberg until I saw some higher up people fall on their sword for that fiasco.
If I were at Goldman et al. I would expect Bloomberg to treat employees that successfully use underhanded tactics, as business as usual, the same way I would probably have seen such employees (and maybe myself) treated by my own organization: "Job well done boys, but you better cool it for awhile. BWA ha ha ha! Have a cigar and a hooker."
One of the original developers behind OpenSSH (Dug Song) started a competitor to RSA called Duo Security just a few years ago.
They sell Gemalto IDProve 100 tokens and support Yubikey, but advise using their patent pending push based 2FA authentication because: "Login requests are signed with an asymmetric PKCS#1 v1.5 key pair, which provides a stronger identity assertion than passcodes and prevents “RSA-style” breaches." From https://www.duosecurity.com/duo-push
They're used by companies like Facebook, Twitter, Sony, Arbor Networks, MIT, etc.
I use one of these tokens for work. Spying is one thing but destroying encryption is another evil thing to do. If the NSA has introduced bugs in crypto then who's to say someone else can exploit the same crypto.
It's a bad image, because it conveys an idea that's different from the story, but I can see why they used it -- from the general public's perspective the tokens are pretty much the most recognizable symbol of RSA.
i wonder if Snowden has any detailed info on the NSA indroduced/forced backdoors (he obviously was aware about their existence in general like pretty much everybody in the world who isn't a tptacek's religious follower) and this or something like this is what keeps him alive - ie. NSA is afraid of dead man switch while other side(s) hopes that Snowden will reveal more and specifically useful for actual hacking info with time.
a nsa official just did an obvious trial-balloon of pardoning snowden in exchange for return of all the docs [1]
but now that snowden is in russia, you have to assume that many nation-states have seen all these docs. so really, the nsa is worried that you and I will see them
The conditions for the pardon have never made sense, because as I understand it Snowden has already shared most if not all of his information with at least Greenwald and Poitras. He no longer has control over what will be shared with the public.
This is one of the many issues people have with what the NSA is doing. Weak crypto means not only the NSA can exploit it but possibly many other criminals.
"RSA BSAFE Crypto Kernel offers versions of popular cryptographic algorithms optimized for both small code size and high performance. Unlike alternatives such as open source, our technology is backed by highly regarded cryptographic experts." [emphasis added]
The reaction from the average IT architect is to just select another vendor that provides yet another closed-source, blackbox hardware security solution, backdoored by who know which government(s) &| other entities. Open source hardware is (un)fortunately a necessary requirement (verilog/vhdl, firmware sources and no blackbox SoCs), samples of which are periodically verified by destructive and nondestructive means. Very, very costly, but doable and raises confidence.
I wonder if any of the executives involved with this deal will have a moment of clarity and make a public statement - "I was directly told by representatives of the U.S. Government that if we did not take this deal there would be direct and material consequences for both my company and myself. Here is the names of the people I met with, here is a log of the meetings. If I am jailed or in some other fashion publicly discredited through an otherwise seemingly unrelated matter in the future, you should always remember that I have made this public statement."
And what if it were very common to take jobs just to hack the internal network, scour it for sensitive-looking data, and dump it all publicly for the sake of fame? I am pretty sure most "executives" would not be happy with that norm
My guess is that most people educated enough and promoted enough to get access to such information wouldn't risk years of efforts for potential fame. I'd say most of the whistle-blowers want to remain anonymous.
Those aren't the only options. Anyone with any smarts can figure out how to quietly and anonymously leak a lot of these details. The fact is that they were too cowardly to do even that though.
As somebody who has been in IT for almost two decades, I can't think of a safe way to get a file off our corporate LAN without leaving a trail leading to me.
I realize it's an argument from ignorance fallacy, and maybe there are such ways, but I'm not aware of them.
These aren't the details that need to be 'leaked' anonymously - the whole point for the original suggestion to work as intended requires a public claim from aranking officer of that company; the actual info isn't important but the public testimony is.
In all honesty, Snowden is a 30 year old single dude, and as far as I know, he doesn't have kids. Do you think he would have done what he did if he had a family to look after?
In my opinion a person's first responsibility is to their family. So yeah, if you're married (like these executives probably are) and you're facing the choice between option A and option B, you should absolutely pick option A.
What are you saying? That because Snowden didn't have an extension to his own bloodline that it was easy for himself to come forward and blow the whistle?
I can't vouch for whether or not that is what he was saying, but if so, it's pretty likely to be true. People with families, right or wrong, tend to place the security of their family's future above their own political beliefs.
Snowden's actions were brave, regardless of his family status, and I don't wish to downplay that even one iota, but yes, if he had a wife and three kids, it likely would have made his actions even more of a longshot.
So the nuclear family combined with a distributed economy is basically a convenient tool for justifying atrocities of all kinds. Just feeding the kids, right?
Maybe not having kids is actually the morally correct choice, then?
Don't be a fool. You would let your children go hungry and live a worse life (directly because of your actions) out of principle? It's not simple. Having a family can be a beautiful thing. Not having one and spilling the beans on something morally reprehensible can be too.
>You would let your children go hungry and live a worse life
No. Read what I wrote. The words are right there.
If the choice is "have children and commit evil to feed them" and "don't have children and don't commit evil", I choose the former. As should, I think, any right-thinking person.
The question is probabilistic. What are the chances that the former happens? What are the chances that the latter happens?
Choose accordingly.
The question is also systemic. There exists the possibility that forces larger than the individual have decided to normalize the nuclear family (and also romanticize the vision of having said family) in order to serve evil ends. What is the probability that that is the case? As time goes on, it looks far more probable than we once thought. People like you think families are in themselves beautiful. Any means justify the ends of preserving them. Seems like an excellent tool for keeping a population right where you want them.
Look up the history of the nuclear family. Notice it didn't exist pre-industrialization. Why's that?
You're taking humans -> have children for granted. I'm arguing against that dogma. Because as paradoxical as it may sound, it is trite dogma at this point in wealthy societies. We don't need these additional people, we don't need this extravagant life. It's not a matter of survival anymore. So what is it all accomplishing? What's the end?
>Having a family can be a beautiful thing.
For my morality, concerns of beauty don't trump concerns of humanity. If my having children perpetuates a cycle of exploitation, murder, pain, suffering, etc. etc. etc, then I don't have children. Regardless of how "beautiful" my experience of those children may be. It really is that simple.
And if a (wo)man tells me "I just did it to feed my kids" after committing some reprehensible act, I sympathize, because (s)he made a terrible decision in having children to start with. But I still condemn him/her.
You are a fucking idiot. I guess it the Nazis weren't so bad after all because they all had families and its important to make sure your family is taken care of first and foremost. Assholes like you are why we can't have nice things. History has been made because people were willing to sacrifice for principles, including people with families. Just because you dont have the balls to stand up for what you believe in doesn't mean you should encourage others to be cowards like you.
Look at what happened to Qwest CEO Joseph Nacchio after challenging illegal NSA warrantless wiretapping requests. (Hint: he just got out of federal prison about two months ago.)
http://online.wsj.com/news/articles/SB1000142405270230398390...
Mr. Nacchio said he still believes his insider-trading prosecution was government retaliation for rebuffing requests in 2001 from the National Security Agency to access his customers' phone records. His plans to use that belief as a defense at trial never materialized; some of the evidence he wanted to use was deemed classified and barred from being introduced.
To Mr. Nacchio, the revelations of former NSA contractor Edward Snowden, who leaked documents saying the agency monitors the email and phone records of Americans, have justified his own stance. He contended the NSA's request was illegal. "I feel vindicated," he said. "I never broke the law, and I never will."
I'm generally curious about this. I have no idea how to judge Nacchio's career. Can you point some facts proving this point of view?
Or maybe: How was his position any different than yours, if you had a request from the NSA that you wouldn't want to fulfil, knowing that rejecting it could destroy your company, what would you do?
The issue is, imo, very murky but as I understand it:
NSA approached Nacchio and Qwest to do what they were doing with AT&T and Verizon. Qwest had previously helped the NSA intercept all comms in Salt Lake City during the Olympics but told the NSA they weren't interested in cooperating. Nacchio sells some stock. Qwest is suddenly dropped as the favored vendor for a huge government contract leading to a drop in Qwest's share price and earnings.
The US federal goverment's position was that Nacchio knew the contract was going to get dropped and cashed out early - insider trading. Nacchio contended that he was just selling stock and that the government had pulled the contract to entrap and prosecute him in the current case.
Read the indictment. Nacchio was convicted along with several other executives of running a pump and dump scam.
Despite being specifically prohibited from trading based on insider information, Nacchio first became aware that their earnings guidance was "a huge stretch", that to meet them would involve growing revenue from a line of business that had been failing to grow revenue and that had actually been underperforming that year, that they had (apparently) lost important contracts, and that it had become essentially impossible for them to hit their numbers. Then, after learning all that, but before any of it was disclosed to investors, Nacchio dumped over $100MM worth of his stock.
Nacchio controlled the earnings targets for Qwest. He set them dishonestly high and allowed them to be released to the public over the objections of many of his own executives. The stock performed as a result. Then, when it became obvious that the public would soon learn that those projections were impossible to meet, he sold his stock for $100MM.
Nacchio went down within a year of Enron and just a few years after Worldcom. It was the end of an era in which the big accounting firms had conspired with large corporations to swindle the public out of billions of dollars. Nacchio was a crook, not a Fourth Amendment hero.
Are the executives at JPMC crooks? I don't know. If they are, which is not outside the realm of possibility, they should go down too. But what JPMC people do has nothing at all to do with the fact that Qwest's executives defrauded the public to the tune of over $100MM.
So now his character is even bigger enigma. If the guy was a crook and fine with ripping stockholders out of 100MM tune, then how come he didnt want to play along with NSA? If he was greedy then he should have gone along with NSA offer. What could be his motive to say no to NSA? Wouldn't he know, at the time, saying no to the Gov may result in his contracts being shut off??
Fabricated up claims are by their nature nearly indistinguishable from real ones, and outright fabrication isn't the only unethical recourse: there is always panopticon powered selective prosecution— how many felonies have you committed this month?
Regardless, we can observe now that the result will be time in prison and tptacek on HN diligently countering any claim of governmental misconduct. The insight here isn't related to Nacchio's character, it's that claiming that the government is retaliating for failing to comply with their unlawful demands doesn't provide protection.
>>
https://news.ycombinator.com/item?id=6942165
tptacek 5 hours ago | link
I am not generally a believer in the theory that NSA actively subverts Internet standards†
†(my best guess is that the standards NSA was actively subverting were about international telephony; subverting the IETF is a little like subverting the Linux kernel --- doable, but bad tradecraft)
Does this count?(not trying to be sarcastic or a smart-a##), I just want to get a handle on what I should or should not trust these days. Seeing that RSA SecurID VPN dongle pic in the article scared me. I've pretty much been looking to your comments to give me a baseline.
Either you're insinuating that 'tptacek is a malicious actor, or that he's incompetent. That's a pretty serious allegation to make without providing any evidence whatsoever. Do you have any? I'm sure you can dig up a few examples of things that he said which were incorrect, but very few of those will not have been followed by a correction at some point, and either way your insinuations seem to go beyond "being wrong some of the time".
HN is incredibly fortunate to count members like 'tptacek as part of its community. We should be behaving in ways which encourage more comments and commenters of his ilk, not less.
Unsurprisingly you're already being down-voted. For a community that prides itself on being rational and home to spirited debate, when it comes to the NSA, any contrarian opinions (or even alternative perspectives) tend to be quickly attacked and silenced.
If you read some of the first threads when the NSA revelations broke out, there are heated discussions with various viewpoints and arguments. Now, it appears that most of these users have become tired of being instantly downvoted, and instead avoid these subjects entirely.
I hope that tptacek continues to participate in these security policy discussions, not only for his extensive domain knowledge, but also because he is not afraid to voice beliefs that disagree with prevailing opinion. And right or wrong, its very refreshing.
> If you read some of the first threads when the NSA revelations broke out, there are heated discussions with various viewpoints and arguments.
Always mixed with a steady groan of "enough of NSA stories" and "none of this is surprising". The heated discussions were in no small part about wether this was even the problem it was made out to be and wether it should even be discussed (to this extent).
Not that I agree with downvoting instead of replying, or with bashing tptacek (Everybody loves telling experts "I told you so". Doesn't make us experts tho :P), but I don't agree with your narrative either. It's not falsifiable, anyway. People might just as well have given up on trying to downplay this, and walked away instead, which would be even worse. Why speculate. Bashing and downvoting for disagreement without argument sucks either way.
Don't really have a dog in this fight, but: up until today, there was no evidence "the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products".
> Either you're insinuating that 'tptacek is a malicious actor, or that he's incompetent.
There is a large area missed called psychological bias. People who has close friends working in highly controversial areas has a tendency to become a bit irrational in the view of the controversy. An attack on the NSA becomes an attack of the friend. If NSA is immoral and wrong, the friends choice of occupation must be wrong, thus the friend must be wrong, thus an attack on NSA is an attack of the friend.
As much as he can get under one's skin, and as much as he can be abrasive, and any number of other things, I trust his opinions on security and crypto.
He's rational to a fault--unfortunately, that means that when facts change he may be left with egg on his face. I don't think there's anything wrong with how he's handled this stuff.
I'm also doing the Matasano crypto challenges and they are pretty priceless, don't know of anywhere else who offers a similar learning experience by breaking stuff, for free even.
I find tptacek's remarks to be enjoyable, generally speaking. In regards to crypto, I value his opinion highly, especially compared to my own novice opinion.
That said, I seldom trust anything I cannot verify. In matter s of crypto, that often means that I accept some things as magically working, and accept that the magic could wear off at any minute. Same thing with CPUs. I know generally how they work, and understand bitwise logic, but for the most part, they're just magic boxes that I've got enough experience with to have an expectation of.
In matters of the government, the fault I find with tptacek's arguments (and I hadn't even realized that it was a thing until this thread, but now I'm caught up) is that I think it is naive to trust the government. The federal government is something that our founding fathers encouraged us to be suspicious of. They specifically prescribed that, in order for our democracy to thrive, that we should be ever vigilant in regards to those we entrust with power.
Assuming good faith on the part of the NSA is naive, whether or not they're acting scandalously. Assuming good faith on the part of any politician is naive.
That isn't to suggest that we should never trust anything the government does, but if there's ever the potential for abuse, we should expect that potential to be abused at some point. If there's a loophole that could be exploited in any way, we should expect that it will be.
This diatribe isn't really directed at this comment, per se, but at your "have to trust __something__" comment, which I completely agree with as a generality. As humans, we routinely put trust into a great deal of people and things all the time, but I disagree that a government, even a pristine, flawless, immaculate government, is deserving of that trust, and it is our duty as citizens to thoroughly distrust it.
I disagree with many of tptacek's opinions but honestly he's one of the reasons this site is great. He is capable of arguing with people with strongly opposing views with civility, which is something that is entirely too rare these days. He's also capable of admitting when he's wrong and being gracious when proven right. Also entirely too rare these days. I'd rather have a thousand tptaceks on this site than zero.
He deleted, i.e. retracted it. In full. To harp on about it instead of talking about the story kinda sucks. We're talking about mass surveillance and everything being recorded, and look at what we are doing. Repeat after me: every day is a new day.
> He is capable of arguing with people with strongly opposing views with civility
You're clearly talking about a different tptacek, widely known on this site for his coarsely abrasive, impossibly high friction, social interactions and not admitting he's wrong on issues trivial or important. He's also widely known for a being an expert in his field.
All that being said, I agree with you that this site is more valuable with him on it and regularly participating. He's one of the actual experts in their field that makes this a much better forum than any other. IMHO, it's well worth the comment burn to talk and debate (friendly or not) with somebody of his caliber.
And being wrong every once in a while (regardless of his rightness in this case) does not make him either incompetent or malicious. It just makes him human.
tptacek, widely known on this site for his coarsely abrasive, impossibly high friction, social interactions and not admitting he's wrong on issues trivial or important. He's also widely known for a being an expert in his field.
What are you talking about? Whatever caricature you're illustrating here is not Thomas Ptacek.
With the way you've been talking, I would've suspected you were a newer member, but you've been around for three years or so. So I simply have no idea what you're talking about.
I think the thing to remember about Thomas, and me, and everyone else, is that we're all human, and we all have different moods which influence our behavior. Thomas's, on average, is exemplary.
I'm glad to see that he's got both of us defending him.
I'm talking about the same tptacek who I've personally butted heads with where he couldn't even accept being wrong about how to make stew (looking back, that was exactly 1 year ago to the day!)
I respect tptacek very much for his domain knowledge and expertise. He has great theories on hiring practices and cooking among others. He's one of the names I look for on HN.
But he requires lots of care and effort. I have to mentally peel back about half of his posts to remove the snark and assholery and get to the juicy bits. But those bits are usually there and usually worth the effort to get to.
That's okay, I'm a grown up and can deal with high friction in order to enjoy interacting with somebody who's truly intelligent. tptacek is just one of those types that comes with lots of smarts and lots of difficult personality and that's okay.
And for the record I'm also aware that I can be rather high friction and assholish as well, and not nearly as insightful as tptacek.
EDIT: You know what, I'm not going to dignify this any further, other than to say that I don't want HN to be however you think HN should be. By saying "he requires lots of care and effort," you're discouraging people like Thomas from participating, and therefore making our community worse as a result. How would you feel if you saw someone talking like that about you?
I'm not even sure what your responding to?! In no way am I insinuating that tptacek shouldn't participate here or that his voice isn't extremely valuable. I'm not being facetious when I said I'm glad we're both defending him.
I'm logically one of the last people to defend him here having butted heads with him so much, but in fact I deeply value his presence here.
> How would you feel if you saw someone talking like that about you?
I'd probably agree with them. I'm not a high-school kid afraid of how my peers will see me and neither is tptacek. I've said as much about his communication style to him directly.
I highly doubt that tptacek doesn't have enough self-awareness to know that he's a high maintenance debate partner. There's no reason to paint him as a saint, he's just a guy. A very smart guy, but he has his foibles and flaws, which are far outweighed by his contributions. But to ignore those more difficult parts of his personality does him a disservice by not seeing him in his entirety.
I respect the entire person (as much as I can see through the limited lens of HN) not just the parts I think are praiseworthy.
After reading tptacek's comments in the latest thread about Telegram https://news.ycombinator.com/item?id=6940665 I can only agree. He insisted Telegram team should abandon its custom solution without providing any actual proof that it's vulnerable. His advice was to rely only on "modern" algorithms (mostly the ones included in "NSA Suite B Cryptography"), but he provided zero evidence why these algorithms should be more secure than the ones already in use.
You guys are still failing to appreciate that your composition of cryptographic primitives is unproven, which means it is probably broken. Why is it probably broken? Because most compositions of crypto primitives are broken and your adversary is so formidable he will find the smallest problem.
In cryptography, you either prove it is safe or you consider it broken. Your choice should be considered broken until you prove otherwise.
This is a really bad and somewhat frustrating comment (if you're trolling, nicely done). He's absolutely correct about Telegram and this is not how you run crypto contests. This isn't even a tptacek opinion, it's a "everybody who has any reputation in the crypto field" opinion.
Edit: Oh, you're the Telegram employee who designed the contest. I encourage you to read moxie's blog post, and Schneiers rebuttals to crypto contests that are probably linked all over your other threads.
Ah, the Telegram HN account just said he "proposed the contest", so I assumed employee. If he is the financier, then it is not surprising that he doesn't understand why his crypto contest is a bad idea.
right and it also explains why the Telegram guys went ahead with his suggestion, because they're presumably keen to keep their main financial backer happy.
I don't think there's any attempt to sell snakeoil here, this is a case of a road to hell being paved with good intentions. To people not well versed in cryptography the things Pavel is saying and the approach Telegram is taking all seem completely reasonable, and the people who do do crypto and are responding might as well be talking a different language. To them the flaws and red flags are so obvious that their responses are incredulous, which has led to the vitriolic back and forth we've seen - neither side can comprehend the other's position. This is Dunning-Kruger[0].
With all due respect, nothing can be "obvious" unless it is proven. You cannot take something for granted just because a respected cryptographer says that. Not after we learned that NSA pushes backdoors using respected firms and people in the crypto-community.
By this reasoning you should presumably agree that the onus is on Telegram to prove the security of their system, not on the rest of the cryptography community to prove that it is insecure. Telegram have completely failed to do this. Even if Telegram had a formal proof of their system (and implementation), would you be in a position to read and understand that proof? I suspect not. Like me, you'd have to trust a group of respected cryptographers to do that job for you, so I don't really know what you're trying to say here. Just because one or two respected cryptographers appear to have become NSA tools, does not mean everyone has.
Also note that it's not a case of one random crypto guy saying that Telegram's approach is flawed, but a case of virtually the entire crypto community saying that the approach is flawed. Does this not ring alarm bells for you? How can you judge that the Telegram guys know their stuff and aren't leading you down the garden path or are themselves deluded?
With your backing, there is a real chance for Telegram to bring secure communications to the masses. This is indisputably a noble goal, but the areas that Telegram should be innovating in are in UI and features - not cryptography. There is no such thing as mostly correct, 'good enough' cryptography, either the system is secure, or it's insecure - there is basically no middle ground. If you fail, it's a bit more serious than your typical software bug - innocent people can literally die - the very people that need this the most are the most at risk. These are the reasons Telegram have been met with such a frosty reception here. Because they come across as arrogant in an area where arrogance is the absolute least desirable trait.
The wish to broaden the contest is understandable and already taken into account http://bit.ly/1htlEod
What I was saying in the comment above, however, had nothing to do with the contest. I expressed concern about tptacek's aggressive promotion of one algorithms (branded as "modern") over the other (claimed as "anachronistic") without any substantial proof. https://news.ycombinator.com/item?id=6941934
Here's an unedited Google Translate translation (I read it, and I think it conveys the message):
As I see it , there is not so much Anonymus as creators local competitor - TextSecure under Android . Telegram gathered a lot of users , and they're rightly fuss . The boys are torn between argument " either too new algorithm , why is it , if there is a proven " and your " algorithm either too old , why is it when new ." Nevertheless , trade on HN gives thousands of registrations Anglo-Saxons and tons of references .
I think the debate will be a good end to the competition announcement decoding traffic Telegram. Let's say I was ready to open all of my correspondence traffic since registration in Telegram and give $ 200,000 to anyone who will decipher it and tell you how . As a result Telegram or detect and close the loophole for special services, or - more likely - will receive another proof of the inviolability of their protocol
Я помню первый обзор о ВКонтакте на Хабрахабре, кажется, в 2006 году. Эксперты делились комментариями вроде "кто они такие", "еще одна соцсеть не нужна" и "на php пишут только нубы". Неудивительно, что HackerNews, построенный примерно тех же принципах (карма, ранжирование), создает чувство deja vu.
Тем не менее, будет здорово, если там объявятся не только любители поговорить, но и те, кто реально прочитает документацию к MTProto.
Which roughly translates to:
I remember the first reviews of VK back in 2006. The experts were saying "who are they?", "we don't need another social network", "only noobs write in php". It is not surprising that HN is built on the exact same principles (karma, rankings), brings up a deja vu.
However, it would be great if someone who actually read the MTProto docs can show up, and not just those who like to talk.
In this case, it doesn't actually matter who he is, so there is no need really. Our responses would not be different if it were someone else saying the same thing.
In cryptography, the expectation is that the person presenting the algorithm should substantiate their claims, preferably with a proof. Saying that something is secure because it hasn't been broken yet does not settle well with people. And when it does happen, it's clearly caveated ("assuming the hardness of Discrete Logarithms", for example).
That aside, your challenge smacks of snake oil. I gave an analogy earlier that captures the essence of the complaints:
Suppose I am selling fire-proof safes. These are designed to protect your documents and valuables from thieves and from fire and other events.
The normal way people set up tests is to put some documents and valuables in a box and actually try to break it (MythBusters style, bringing out cool machinery and trying different ways). For fire resistance, there is a rating system (https://en.wikipedia.org/wiki/Fire-resistance_rating) and a standard way to test.
The Telegram proposition is: we are going to place the safe in Fort Knox. If you can't break the safe that is in Fort Knox, then clearly our safe is secure.
People are arguing that in order to break the safe, you have to break into Fort Knox. And for all intents and purposes that's not going to happen. You could have put a cardboard box in Fort Knox but no one can tell the difference because of the way you structured the challenge.
In that sense, you aren't testing the real-life security.
RSA SecurID was already compromised in 2011, and RSA more or less tried to hush-hush it: digitaltrends.com/computing/rsa-securid-data-stolen-by-a-nation-state/
> Jesus, what a tool you are. I absolutely believe you: I think you read this story and eagerly awaited its implications to some random person on HN.
Huh, I've seen your patience tested on HN before, which tends to elicit mostly restrained responses save for a bit of snark, but that's the first instance of actual name calling I've noticed. I'm genuinely curious how this comment annoyed you. The tone I'd expect is more of a "yeah, you got me" <kneeslap>. Instead it sounds like I'm accidentally trolling you.
For what it's worth, I did legitimately get excited to run to HN to play "told you so". After months of debate over this issue across numerous threads, I'm not going to lie, vindication is momentarily exciting.
> For what it's worth, my take on Dual EC (before learning more about it) was the same as noted NSA apologist Bruce Schneier.
Wait, tptacek is calling Bruce Schneier an NSA apologist?
Aside from being absurd, your claim that you shared the same opinion is also false. Your own comment here directly contradicts this, and you even dismiss Schneier's credentials upthread, yet appeal to his authority in your comment:
"I am aware that Schneier believes Dual_EC to be backdoored. I'm aware that Dual_EC comes from NSA. I would not use Dual_EC and would flag it if I saw it in an app I assessed. But I would still, right now, with the information I have, bet against it being an NSA backdoor. Not because I trust the NSA, but because it's a very dumb backdoor."
Edit: In reply to a now deleted comment by tptacek.
I'd say the original comment by lawnchair_larry comes off as a bit gauche... as if the XKCD "someone is wrong on the internet!" guy came here to post. I never saw the deleted comment, but it seems that after the initial frustration wore off, Thomas thought the better of it.
I've had my disagreements with some of Thomas' positions, including several over crypto/politics stories like this, but if you run out like that to play "gotcha!" it just doesn't feel right.
Whereas repeated pro-NSA apologies are? How many people would approve of them and how would they respond to them, if the person making them wasn't also all powerful in a forum?
> Wait, tptacek is calling Bruce Schneier an NSA apologist?
I think that was intended as sarcasm. He's defending his previous position by saying that he (previously) had the same opinion as Bruce Schneier, whom no one would accuse of being partial to the NSA.
Not just 'another member of HN', the most high-rated, the most prolific member of HN who is very often found shaping the direction of discussions here and is now a considerable voice in the security community. He's also someone that new tech startup founders listen to when deciding what to use and what not to use.
I know who tptacek is, I've read some of his papers, I've applied to the crypto challenges, I've disagreed with him in the past about the importance of BSAFE to the industry. It still comes across as petty to launch into a meta discussion of who's right and who's wrong on HN when there's much more interesting topics to consider based on this article's revelations.
When 'tptacek is wrong, he's obnoxiously wrong, especially in his inability to believe in government misbehavior, and his willingness to denigrate "message board nerds" on that sort of matter. (See also his attacks on Greenwald when the Snowden story started.) So personally I was looking forward to seeing somebody comment about him.
tptacek has the most karma on HN (even moreso than pg): https://news.ycombinator.com/leaders (for reference, pg has 149712 karma at the time of writing; tptacek has 165020 and the next person has 88887) His opinion is respected by many (and many accept what he says without question). A retraction by tptacek reminds us all to think critically
lawnchair_larry's comment is equivalent to questioning the president or a major celebrity, which oftentimes isn't a personal grudge.
What I do is just not read the usernames (beyond roughly scanning the word to figure out who replied to who). No really, I mean that, I don't even know your username.
That makes for a wonderful experience really. I interact with this nameless entity and each post is largely valued by its responses (I often leave an article open for a few hours to let the comments ripen a bit, that also adds a lot).
Comparing someone with high comment karma to the president is a bit absurd, no? The president could more aptly be compared to forum moderators on any given discussion website, as both have some executive power.
He's had a perfectly friendly attitude towards GPG, and in the case of others you can see ample evidence that his skepticism is justified. Maybe if the open source cryptography projects you're referring to weren't bad projects then the attitude would be strange.
The beauty of this backdoor, for all its faults, is that it was reasonable to believe that it wasn't a backdoor. And it was also reasonable to believe that it was. This backdoor is quite deniable, elegantly so.
So far I have disagreed with tptacek when it comes to what's backdoored and not. But I can understand his reasoning, and it's quite sensible.
"RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness." - Just shake my head at this. As news is revealed that all these companies were complicit, they cry foul and "warn" users? RSA deserves to lose all international customers who refuse to buy their products because of hidden backdoors.
Quote possible that one arm of the company was an aware of the other arms actions. Probable, in fact. If most of the company knew of the backdoor, it would have leaked.
the r in rsa is ron rivest who was responsible for some very elegant ideas. his papers, that i've read, are generally very simple and clear. but he also wrote md2 [an old hash, n longer used] which contains some "magic numbers" that no-one can explain. they are supposed to be derived from pi, but no-one knows how... http://crypto.stackexchange.com/questions/11935/how-is-the-m... (i even emailed him, but was shrugged off; i know it's silly and paranoid, but...)
anyway, i wonder what happens now to all the customers that use rsa dongles? big, international, political organisations...
You are making an assumption that the primary target of SIGINT is terrorists, but in reality it's actually nation states. I think another story just came out today about GCHQ targeting EU officials and embassies.
Heh...I certainly had a good chuckle at this comment. I don't honestly think that the NSA ever paid more than lip-service to the "war on terror". They've been doing the same job since long before Sept. 11, 2001. Before the "war on terror" it was the "cold war", there just happens to have been an awkward gap in between...
The NSA is in the business of Signals Intelligence. Their job, plainly stated, is to have access to as much communication between non-US entities as humanly possible. What makes their job difficult is that, over the course of the last few decades, it's become increasingly the case that much of the communication between non-US entities travels via US-based channels using technology originated in the US. Somewhere along the line, when forced to balance "as much communication" and "non-US entities", the NSA clearly chose in favor of accessing those communications at any cost.
The core cause there would seem to be sharing comm channels with foriegn actors--the same thing that makes our position with regards to the 'net so awesome also means that the NSA is kind of forced to get involved closer to home. It's a tricky tradeoff.
It's the same reason you never see James Bond negotiating with foreign heads of state. You don't send an assassin to do a diplomat's job. Everything that is being revealed about the NSA's actions, this buying of influence especially, is positively reprehensible...BUT it is important to keep an eye on where the blame really lies: with the people that let their assassins dictate their foreign policy and domestic priorities.
If "non-US entities" includes businesses outside the US as well, I'd agree. Revelations recently [1] that the spying went beyond countries/heads of state. I wouldn't be surprised to learn that companies were being targeted for US based companies' benefit.
Privacy: Pre-internet term(from Latin: privatus "separated from the rest, deprived of something, esp. office, participation in the government", from privo "to deprive") used to describe the ability for human beings to seclude themselves or information about themselves and thereby reveal themselves selectively.
Please forgive my ignorance of these kinds of security issues....
I remember at one point, way back when, it was recommended to use RSA keys over DSA, when creating an SSH public key. Is this this the same algorithm, by the same company?
Does this mean that SSH can't be trusted if you're using an RSA key, versus some other type?
No, it doesn't mean that at all. RSA is the same algorithm based on https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29 as it always was, and it and its use in openssh have received lots of scrutiny. That the company has the same name is immaterial.
RSA the company has nothing to do with RSA the algorithm.
Well, "nothing" isn't strictly correct, but connecting them is more like the Kevin Bacon game. Rest assured that this story has nothing whatsoever to do with RSA keys.
345 comments
[ 2.8 ms ] story [ 280 ms ] threadAt least that's the message that comes through loud and clear in the rest of the world.
Companies that have been compromised[1] - MS, Apple, Facebook, Google, Yahoo, Carriers, Backbone providers - now they are going after security providers. From the big guys only Intel is standing. And that may as well be the next leak.
Also think if they subverted some of the big guys antiviral software - it runs at ring 0 usually.
[1] Blackmail, threats, bribes, lawful intercepts, warrants, NSLs
Perhaps, but the poster to which I replied said any US company, period. Could be he meant what you meant, but that's not what he said.
It's just as if an antivirus company to accept a contract with a major adware distributor to keep their products marked as appropriate - legal, but best kept secret.
Dual_EC_DRBG was a NIST standard.
"RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings."
RSA, much like NIST, can not, and should not be trusted any longer. All of their customers should be warned, and advised to quit them ASAP. Companies need to learn this is just unacceptable.
There are some disadvantages. Yubikeys use a shared secret instead of public key crypto. Also, the one-time password is iteration-based, not time-based. On the bright side, you can program Yubikeys with your own secrets. They may not be as secure as properly configured RSA tokens, but they're much better than authing with just a password or client cert.
They don't have a timer like the RSA key fobs, and need a USB or NFC connection - but are generally very reliable, and given their constraints.
The questiion, of course, is what reason you have to believe that yubico (and for that matter, gemalto, g10code and the rest) are not similarly in bed with the NSA.
Speaking of "trust", Bloomberg lost quite a lot of it when their reporters spied on their customers.
Bloomberg Spying Went On For Years After Execs Knew: Report http://www.valuewalk.com/2013/08/bloomberg-spying-went-on-fo...
You were probably just as horrified as most of the other employees at Bloomberg when that info became public. The bad apples cost Bloomberg a lot of reputation. My point is that "trust" is very elusive, very easy to lose, very hard to gain.
OTOH, are the "bad apples" at Bloomberg who condoned that behavior still in positions of power? Did they even get a slap on the wrist? If I were at Goldman, JPM, Citi, etc. I wouldn't "trust" Bloomberg until I saw some higher up people fall on their sword for that fiasco.
http://www.yubico.com/
* My preference anyway to RSA.
They sell Gemalto IDProve 100 tokens and support Yubikey, but advise using their patent pending push based 2FA authentication because: "Login requests are signed with an asymmetric PKCS#1 v1.5 key pair, which provides a stronger identity assertion than passcodes and prevents “RSA-style” breaches." From https://www.duosecurity.com/duo-push
They're used by companies like Facebook, Twitter, Sony, Arbor Networks, MIT, etc.
So yes, RSA has some strong competition.
More importantly, it confirms that DRBD is backdoored or at least weak enough to be subverted.
You mean DRBG [1], right? I hope DRBD [2] isn't backdoored.
[1] http://en.wikipedia.org/wiki/Dual_EC_DRBG [2] http://en.wikipedia.org/wiki/Distributed_Replicated_Block_De...
True, you just have to keep in mind that their customer is the NSA.
a nsa official just did an obvious trial-balloon of pardoning snowden in exchange for return of all the docs [1]
but now that snowden is in russia, you have to assume that many nation-states have seen all these docs. so really, the nsa is worried that you and I will see them
fucking amazing
[1] http://www.theguardian.com/world/2013/dec/15/nsa-edward-snow...
"RSA BSAFE Crypto Kernel offers versions of popular cryptographic algorithms optimized for both small code size and high performance. Unlike alternatives such as open source, our technology is backed by highly regarded cryptographic experts." [emphasis added]
Option A: keep mouth shut, make a shit ton of money
Option B: become a martyr, face prison time
People like Snowden are rare.
I realize it's an argument from ignorance fallacy, and maybe there are such ways, but I'm not aware of them.
In all honesty, Snowden is a 30 year old single dude, and as far as I know, he doesn't have kids. Do you think he would have done what he did if he had a family to look after?
In my opinion a person's first responsibility is to their family. So yeah, if you're married (like these executives probably are) and you're facing the choice between option A and option B, you should absolutely pick option A.
Good relationship with parents.
I'd say that is a lot to give up, in order to take the risk of being a whistleblower.
http://www.telegraph.co.uk/news/worldnews/northamerica/usa/1...
Snowden's actions were brave, regardless of his family status, and I don't wish to downplay that even one iota, but yes, if he had a wife and three kids, it likely would have made his actions even more of a longshot.
Maybe not having kids is actually the morally correct choice, then?
Classy.
>You would let your children go hungry and live a worse life
No. Read what I wrote. The words are right there.
If the choice is "have children and commit evil to feed them" and "don't have children and don't commit evil", I choose the former. As should, I think, any right-thinking person.
The question is probabilistic. What are the chances that the former happens? What are the chances that the latter happens?
Choose accordingly.
The question is also systemic. There exists the possibility that forces larger than the individual have decided to normalize the nuclear family (and also romanticize the vision of having said family) in order to serve evil ends. What is the probability that that is the case? As time goes on, it looks far more probable than we once thought. People like you think families are in themselves beautiful. Any means justify the ends of preserving them. Seems like an excellent tool for keeping a population right where you want them.
Look up the history of the nuclear family. Notice it didn't exist pre-industrialization. Why's that?
You're taking humans -> have children for granted. I'm arguing against that dogma. Because as paradoxical as it may sound, it is trite dogma at this point in wealthy societies. We don't need these additional people, we don't need this extravagant life. It's not a matter of survival anymore. So what is it all accomplishing? What's the end?
>Having a family can be a beautiful thing.
For my morality, concerns of beauty don't trump concerns of humanity. If my having children perpetuates a cycle of exploitation, murder, pain, suffering, etc. etc. etc, then I don't have children. Regardless of how "beautiful" my experience of those children may be. It really is that simple.
And if a (wo)man tells me "I just did it to feed my kids" after committing some reprehensible act, I sympathize, because (s)he made a terrible decision in having children to start with. But I still condemn him/her.
Look at what happened to Qwest CEO Joseph Nacchio after challenging illegal NSA warrantless wiretapping requests. (Hint: he just got out of federal prison about two months ago.)
http://online.wsj.com/news/articles/SB1000142405270230398390... Mr. Nacchio said he still believes his insider-trading prosecution was government retaliation for rebuffing requests in 2001 from the National Security Agency to access his customers' phone records. His plans to use that belief as a defense at trial never materialized; some of the evidence he wanted to use was deemed classified and barred from being introduced. To Mr. Nacchio, the revelations of former NSA contractor Edward Snowden, who leaked documents saying the agency monitors the email and phone records of Americans, have justified his own stance. He contended the NSA's request was illegal. "I feel vindicated," he said. "I never broke the law, and I never will."
Or maybe: How was his position any different than yours, if you had a request from the NSA that you wouldn't want to fulfil, knowing that rejecting it could destroy your company, what would you do?
NSA approached Nacchio and Qwest to do what they were doing with AT&T and Verizon. Qwest had previously helped the NSA intercept all comms in Salt Lake City during the Olympics but told the NSA they weren't interested in cooperating. Nacchio sells some stock. Qwest is suddenly dropped as the favored vendor for a huge government contract leading to a drop in Qwest's share price and earnings.
The US federal goverment's position was that Nacchio knew the contract was going to get dropped and cashed out early - insider trading. Nacchio contended that he was just selling stock and that the government had pulled the contract to entrap and prosecute him in the current case.
Despite being specifically prohibited from trading based on insider information, Nacchio first became aware that their earnings guidance was "a huge stretch", that to meet them would involve growing revenue from a line of business that had been failing to grow revenue and that had actually been underperforming that year, that they had (apparently) lost important contracts, and that it had become essentially impossible for them to hit their numbers. Then, after learning all that, but before any of it was disclosed to investors, Nacchio dumped over $100MM worth of his stock.
Nacchio controlled the earnings targets for Qwest. He set them dishonestly high and allowed them to be released to the public over the objections of many of his own executives. The stock performed as a result. Then, when it became obvious that the public would soon learn that those projections were impossible to meet, he sold his stock for $100MM.
Nacchio went down within a year of Enron and just a few years after Worldcom. It was the end of an era in which the big accounting firms had conspired with large corporations to swindle the public out of billions of dollars. Nacchio was a crook, not a Fourth Amendment hero.
Are the executives at JPMC crooks? I don't know. If they are, which is not outside the realm of possibility, they should go down too. But what JPMC people do has nothing at all to do with the fact that Qwest's executives defrauded the public to the tune of over $100MM.
Yes. (Edited for reasons)
So perhaps this guy is indeed a slimeball.
Fabricated up claims are by their nature nearly indistinguishable from real ones, and outright fabrication isn't the only unethical recourse: there is always panopticon powered selective prosecution— how many felonies have you committed this month?
Regardless, we can observe now that the result will be time in prison and tptacek on HN diligently countering any claim of governmental misconduct. The insight here isn't related to Nacchio's character, it's that claiming that the government is retaliating for failing to comply with their unlawful demands doesn't provide protection.
Does this count?(not trying to be sarcastic or a smart-a##), I just want to get a handle on what I should or should not trust these days. Seeing that RSA SecurID VPN dongle pic in the article scared me. I've pretty much been looking to your comments to give me a baseline.
HN is incredibly fortunate to count members like 'tptacek as part of its community. We should be behaving in ways which encourage more comments and commenters of his ilk, not less.
If you read some of the first threads when the NSA revelations broke out, there are heated discussions with various viewpoints and arguments. Now, it appears that most of these users have become tired of being instantly downvoted, and instead avoid these subjects entirely.
I hope that tptacek continues to participate in these security policy discussions, not only for his extensive domain knowledge, but also because he is not afraid to voice beliefs that disagree with prevailing opinion. And right or wrong, its very refreshing.
Always mixed with a steady groan of "enough of NSA stories" and "none of this is surprising". The heated discussions were in no small part about wether this was even the problem it was made out to be and wether it should even be discussed (to this extent).
Not that I agree with downvoting instead of replying, or with bashing tptacek (Everybody loves telling experts "I told you so". Doesn't make us experts tho :P), but I don't agree with your narrative either. It's not falsifiable, anyway. People might just as well have given up on trying to downplay this, and walked away instead, which would be even worse. Why speculate. Bashing and downvoting for disagreement without argument sucks either way.
Don't really have a dog in this fight, but: up until today, there was no evidence "the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products".
Were people wrong to be suspicious?
There is a large area missed called psychological bias. People who has close friends working in highly controversial areas has a tendency to become a bit irrational in the view of the controversy. An attack on the NSA becomes an attack of the friend. If NSA is immoral and wrong, the friends choice of occupation must be wrong, thus the friend must be wrong, thus an attack on NSA is an attack of the friend.
He's rational to a fault--unfortunately, that means that when facts change he may be left with egg on his face. I don't think there's anything wrong with how he's handled this stuff.
And here, ladies and gents, is exactly why we'll continue to inhabit an exploitable world forevermore.
It's okay to provisionally trust the word of someone who has previously and clearly demonstrated actual competence.
That said, I seldom trust anything I cannot verify. In matter s of crypto, that often means that I accept some things as magically working, and accept that the magic could wear off at any minute. Same thing with CPUs. I know generally how they work, and understand bitwise logic, but for the most part, they're just magic boxes that I've got enough experience with to have an expectation of.
In matters of the government, the fault I find with tptacek's arguments (and I hadn't even realized that it was a thing until this thread, but now I'm caught up) is that I think it is naive to trust the government. The federal government is something that our founding fathers encouraged us to be suspicious of. They specifically prescribed that, in order for our democracy to thrive, that we should be ever vigilant in regards to those we entrust with power.
Assuming good faith on the part of the NSA is naive, whether or not they're acting scandalously. Assuming good faith on the part of any politician is naive.
That isn't to suggest that we should never trust anything the government does, but if there's ever the potential for abuse, we should expect that potential to be abused at some point. If there's a loophole that could be exploited in any way, we should expect that it will be.
This diatribe isn't really directed at this comment, per se, but at your "have to trust __something__" comment, which I completely agree with as a generality. As humans, we routinely put trust into a great deal of people and things all the time, but I disagree that a government, even a pristine, flawless, immaculate government, is deserving of that trust, and it is our duty as citizens to thoroughly distrust it.
> Jesus, what a tool you are.
How very civil and gracious.
You're clearly talking about a different tptacek, widely known on this site for his coarsely abrasive, impossibly high friction, social interactions and not admitting he's wrong on issues trivial or important. He's also widely known for a being an expert in his field.
All that being said, I agree with you that this site is more valuable with him on it and regularly participating. He's one of the actual experts in their field that makes this a much better forum than any other. IMHO, it's well worth the comment burn to talk and debate (friendly or not) with somebody of his caliber.
And being wrong every once in a while (regardless of his rightness in this case) does not make him either incompetent or malicious. It just makes him human.
What are you talking about? Whatever caricature you're illustrating here is not Thomas Ptacek.
With the way you've been talking, I would've suspected you were a newer member, but you've been around for three years or so. So I simply have no idea what you're talking about.
Would you please point out precisely which comments you take issue with? https://www.hnsearch.com/search#request/comments&q=by%3Atpta...
I think the thing to remember about Thomas, and me, and everyone else, is that we're all human, and we all have different moods which influence our behavior. Thomas's, on average, is exemplary.
I'm talking about the same tptacek who I've personally butted heads with where he couldn't even accept being wrong about how to make stew (looking back, that was exactly 1 year ago to the day!)
I respect tptacek very much for his domain knowledge and expertise. He has great theories on hiring practices and cooking among others. He's one of the names I look for on HN.
But he requires lots of care and effort. I have to mentally peel back about half of his posts to remove the snark and assholery and get to the juicy bits. But those bits are usually there and usually worth the effort to get to.
That's okay, I'm a grown up and can deal with high friction in order to enjoy interacting with somebody who's truly intelligent. tptacek is just one of those types that comes with lots of smarts and lots of difficult personality and that's okay.
And for the record I'm also aware that I can be rather high friction and assholish as well, and not nearly as insightful as tptacek.
I'm logically one of the last people to defend him here having butted heads with him so much, but in fact I deeply value his presence here.
> How would you feel if you saw someone talking like that about you?
I'd probably agree with them. I'm not a high-school kid afraid of how my peers will see me and neither is tptacek. I've said as much about his communication style to him directly.
I highly doubt that tptacek doesn't have enough self-awareness to know that he's a high maintenance debate partner. There's no reason to paint him as a saint, he's just a guy. A very smart guy, but he has his foibles and flaws, which are far outweighed by his contributions. But to ignore those more difficult parts of his personality does him a disservice by not seeing him in his entirety.
I respect the entire person (as much as I can see through the limited lens of HN) not just the parts I think are praiseworthy.
In cryptography, you either prove it is safe or you consider it broken. Your choice should be considered broken until you prove otherwise.
Edit: Oh, you're the Telegram employee who designed the contest. I encourage you to read moxie's blog post, and Schneiers rebuttals to crypto contests that are probably linked all over your other threads.
I don't think there's any attempt to sell snakeoil here, this is a case of a road to hell being paved with good intentions. To people not well versed in cryptography the things Pavel is saying and the approach Telegram is taking all seem completely reasonable, and the people who do do crypto and are responding might as well be talking a different language. To them the flaws and red flags are so obvious that their responses are incredulous, which has led to the vitriolic back and forth we've seen - neither side can comprehend the other's position. This is Dunning-Kruger[0].
[0] http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Also note that it's not a case of one random crypto guy saying that Telegram's approach is flawed, but a case of virtually the entire crypto community saying that the approach is flawed. Does this not ring alarm bells for you? How can you judge that the Telegram guys know their stuff and aren't leading you down the garden path or are themselves deluded?
With your backing, there is a real chance for Telegram to bring secure communications to the masses. This is indisputably a noble goal, but the areas that Telegram should be innovating in are in UI and features - not cryptography. There is no such thing as mostly correct, 'good enough' cryptography, either the system is secure, or it's insecure - there is basically no middle ground. If you fail, it's a bit more serious than your typical software bug - innocent people can literally die - the very people that need this the most are the most at risk. These are the reasons Telegram have been met with such a frosty reception here. Because they come across as arrogant in an area where arrogance is the absolute least desirable trait.
What I was saying in the comment above, however, had nothing to do with the contest. I expressed concern about tptacek's aggressive promotion of one algorithms (branded as "modern") over the other (claimed as "anachronistic") without any substantial proof. https://news.ycombinator.com/item?id=6941934
This is really alarming.
https://vk.com/roem?w=wall-20537665_23327
Here's an unedited Google Translate translation (I read it, and I think it conveys the message):
As I see it , there is not so much Anonymus as creators local competitor - TextSecure under Android . Telegram gathered a lot of users , and they're rightly fuss . The boys are torn between argument " either too new algorithm , why is it , if there is a proven " and your " algorithm either too old , why is it when new ." Nevertheless , trade on HN gives thousands of registrations Anglo-Saxons and tons of references .
I think the debate will be a good end to the competition announcement decoding traffic Telegram. Let's say I was ready to open all of my correspondence traffic since registration in Telegram and give $ 200,000 to anyone who will decipher it and tell you how . As a result Telegram or detect and close the loophole for special services, or - more likely - will receive another proof of the inviolability of their protocol
Here's another comment of his further down:
Я помню первый обзор о ВКонтакте на Хабрахабре, кажется, в 2006 году. Эксперты делились комментариями вроде "кто они такие", "еще одна соцсеть не нужна" и "на php пишут только нубы". Неудивительно, что HackerNews, построенный примерно тех же принципах (карма, ранжирование), создает чувство deja vu.
Тем не менее, будет здорово, если там объявятся не только любители поговорить, но и те, кто реально прочитает документацию к MTProto.
Which roughly translates to:
I remember the first reviews of VK back in 2006. The experts were saying "who are they?", "we don't need another social network", "only noobs write in php". It is not surprising that HN is built on the exact same principles (karma, rankings), brings up a deja vu.
However, it would be great if someone who actually read the MTProto docs can show up, and not just those who like to talk.
That aside, your challenge smacks of snake oil. I gave an analogy earlier that captures the essence of the complaints:
Suppose I am selling fire-proof safes. These are designed to protect your documents and valuables from thieves and from fire and other events.
The normal way people set up tests is to put some documents and valuables in a box and actually try to break it (MythBusters style, bringing out cool machinery and trying different ways). For fire resistance, there is a rating system (https://en.wikipedia.org/wiki/Fire-resistance_rating) and a standard way to test.
The Telegram proposition is: we are going to place the safe in Fort Knox. If you can't break the safe that is in Fort Knox, then clearly our safe is secure.
People are arguing that in order to break the safe, you have to break into Fort Knox. And for all intents and purposes that's not going to happen. You could have put a cardboard box in Fort Knox but no one can tell the difference because of the way you structured the challenge.
In that sense, you aren't testing the real-life security.
Why do you think they put it there?
Edit: Nevermind, apparently he already did a mere 8 hours ago, replying to my own comment. Shortly before this broke.
https://news.ycombinator.com/item?id=6941366
Huh, I've seen your patience tested on HN before, which tends to elicit mostly restrained responses save for a bit of snark, but that's the first instance of actual name calling I've noticed. I'm genuinely curious how this comment annoyed you. The tone I'd expect is more of a "yeah, you got me" <kneeslap>. Instead it sounds like I'm accidentally trolling you.
For what it's worth, I did legitimately get excited to run to HN to play "told you so". After months of debate over this issue across numerous threads, I'm not going to lie, vindication is momentarily exciting.
> For what it's worth, my take on Dual EC (before learning more about it) was the same as noted NSA apologist Bruce Schneier.
Wait, tptacek is calling Bruce Schneier an NSA apologist?
Aside from being absurd, your claim that you shared the same opinion is also false. Your own comment here directly contradicts this, and you even dismiss Schneier's credentials upthread, yet appeal to his authority in your comment:
https://news.ycombinator.com/item?id=6424920
"I am aware that Schneier believes Dual_EC to be backdoored. I'm aware that Dual_EC comes from NSA. I would not use Dual_EC and would flag it if I saw it in an app I assessed. But I would still, right now, with the information I have, bet against it being an NSA backdoor. Not because I trust the NSA, but because it's a very dumb backdoor."
Edit: In reply to a now deleted comment by tptacek.
I've had my disagreements with some of Thomas' positions, including several over crypto/politics stories like this, but if you run out like that to play "gotcha!" it just doesn't feel right.
I think that was intended as sarcasm. He's defending his previous position by saying that he (previously) had the same opinion as Bruce Schneier, whom no one would accuse of being partial to the NSA.
This sounds like the start of a pretty angry prayer.
lawnchair_larry's comment is equivalent to questioning the president or a major celebrity, which oftentimes isn't a personal grudge.
That makes for a wonderful experience really. I interact with this nameless entity and each post is largely valued by its responses (I often leave an article open for a few hours to let the comments ripen a bit, that also adds a lot).
For the record, this is incorrect. In past interactions he has stated his concerns over certain of NSA's "misbehavior".
So far I have disagreed with tptacek when it comes to what's backdoored and not. But I can understand his reasoning, and it's quite sensible.
anyway, i wonder what happens now to all the customers that use rsa dongles? big, international, political organisations...
Crypto is something where reputation is sine qua non. After the 2011 data breech they lost a lot of it. Now how can anyone trust them ever again?
Terrorists don't use VPN dongles.
What is really going on here?
"Follow the money" is a slippery slope.
The NSA is in the business of Signals Intelligence. Their job, plainly stated, is to have access to as much communication between non-US entities as humanly possible. What makes their job difficult is that, over the course of the last few decades, it's become increasingly the case that much of the communication between non-US entities travels via US-based channels using technology originated in the US. Somewhere along the line, when forced to balance "as much communication" and "non-US entities", the NSA clearly chose in favor of accessing those communications at any cost.
The core cause there would seem to be sharing comm channels with foriegn actors--the same thing that makes our position with regards to the 'net so awesome also means that the NSA is kind of forced to get involved closer to home. It's a tricky tradeoff.
[1] http://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted...
The story isn't about VPN dongles, it's about a backdoor in an encryption product sold by RSA.
Even if you're right, Airbus does.
I remember at one point, way back when, it was recommended to use RSA keys over DSA, when creating an SSH public key. Is this this the same algorithm, by the same company?
Does this mean that SSH can't be trusted if you're using an RSA key, versus some other type?
Well, "nothing" isn't strictly correct, but connecting them is more like the Kevin Bacon game. Rest assured that this story has nothing whatsoever to do with RSA keys.
This shit must be punished.