345 comments

[ 2.8 ms ] story [ 280 ms ] thread
Perhaps I am not reading the article correctly, but it sounds to me like RSA products can no longer be trusted.
Assuming that the preference of which algorithm is used in an encryption standard can be influenced by $10 million, then I I'd say you read the article correctly. Very alarming...
No, it sounds like no product from any American company can be trusted as long as the current regime is in place.

At least that's the message that comes through loud and clear in the rest of the world.

That's quite a leap from the information in that article.
Add it to all previous and you have some basis.

Companies that have been compromised[1] - MS, Apple, Facebook, Google, Yahoo, Carriers, Backbone providers - now they are going after security providers. From the big guys only Intel is standing. And that may as well be the next leak.

Also think if they subverted some of the big guys antiviral software - it runs at ring 0 usually.

[1] Blackmail, threats, bribes, lawful intercepts, warrants, NSLs

That article is merely one piece of information in a long chain (Echelon, the Snowden revelations, Lavabit), and all of them add up to the conclusion that you better not trust any US-based/originated IT security system.
> any US-based/originated IT security system

Perhaps, but the poster to which I replied said any US company, period. Could be he meant what you meant, but that's not what he said.

What makes you think the NSA isn't willing to work with countries outside of the US, either directly or through another spy agency?
Willing, sure, but probably less able, at least outside of the close allies like the UK.
Why less able?
Threatening with legal punishment for noncompliance doesn't work, and neither does appealing to patriotism.
Are you seriously asking why a branch of the the USA's government has less power outside of the USA?
if you consider the fact that the nsa and cia often collaborate closely, and then look at the amount of influence the cia has often displayed in the past, towards foreign countries/regimes etc., gejjaxxita's question seems quite reasonable.
Plus the blackmail opportunities spying affords.
Only the same things that makes me think american companies would not accept money from foreign spy agencies.
The same influence approach ($10m to choose a supposedly okay algorithm) would work just as well for most similar non-American companies, it isn't claimed that RSA did this because of some mandate which would fail if they'd be headquartered in, say, France.
Why keep the contract secret though?
Of course the contract must be kept secret for PR and product reputation reasons.

It's just as if an antivirus company to accept a contract with a major adware distributor to keep their products marked as appropriate - legal, but best kept secret.

It sounds to me like they should be sued for selling a product that was knowingly less secure than they claimed.
TLDR: "RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit."

Dual_EC_DRBG was a NIST standard.

(comment deleted)
More specifically, it was RSA's "BSAFE" product which is problematic and was paid to be a default.
From the article:

"RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings."

The end of RSA (the company)? I find it absurd that a security company no less, would hear many veteran cryptographers say this is backdoored a decade ago, and still going ahead and using it - as the default! Who stakes the whole reputation of their company in the field for a meager $10 million (I assume RSA was pretty big back then, too)? It's insane.

RSA, much like NIST, can not, and should not be trusted any longer. All of their customers should be warned, and advised to quit them ASAP. Companies need to learn this is just unacceptable.

Serious question: Is there an alternative? I've never seen a secure fob that wasn't from RSA.
I like Yubikeys: https://www.yubico.com/. They show up as a USB keyboard, so you don't have to type the codes in.

There are some disadvantages. Yubikeys use a shared secret instead of public key crypto. Also, the one-time password is iteration-based, not time-based. On the bright side, you can program Yubikeys with your own secrets. They may not be as secure as properly configured RSA tokens, but they're much better than authing with just a password or client cert.

Yubikey NEO (latest revision) is like the one you already have + a java card that comes with a PGPcard app (and supposedly, you can write your own apps)

They don't have a timer like the RSA key fobs, and need a USB or NFC connection - but are generally very reliable, and given their constraints.

The questiion, of course, is what reason you have to believe that yubico (and for that matter, gemalto, g10code and the rest) are not similarly in bed with the NSA.

Trusting trust :) This is one of, but not the main reasons why we build our own (Bloomberg B-Unit, PDF is the only good pic I see: http://www.bloomberg.com/professional/files/2013/11/b-unit_3...)
Quis custodiet ipsos custodes?

Speaking of "trust", Bloomberg lost quite a lot of it when their reporters spied on their customers.

Bloomberg Spying Went On For Years After Execs Knew: Report http://www.valuewalk.com/2013/08/bloomberg-spying-went-on-fo...

You were probably just as horrified as most of the other employees at Bloomberg when that info became public. The bad apples cost Bloomberg a lot of reputation. My point is that "trust" is very elusive, very easy to lose, very hard to gain.

OTOH, are the "bad apples" at Bloomberg who condoned that behavior still in positions of power? Did they even get a slap on the wrist? If I were at Goldman, JPM, Citi, etc. I wouldn't "trust" Bloomberg until I saw some higher up people fall on their sword for that fiasco.

If I were at Goldman et al. I would expect Bloomberg to treat employees that successfully use underhanded tactics, as business as usual, the same way I would probably have seen such employees (and maybe myself) treated by my own organization: "Job well done boys, but you better cool it for awhile. BWA ha ha ha! Have a cigar and a hooker."
Gemalto.
I've worked with them on a chip and PIN* port from Java to the .Net Micro Framework. Very talented bunch of guys.

* My preference anyway to RSA.

One of the original developers behind OpenSSH (Dug Song) started a competitor to RSA called Duo Security just a few years ago.

They sell Gemalto IDProve 100 tokens and support Yubikey, but advise using their patent pending push based 2FA authentication because: "Login requests are signed with an asymmetric PKCS#1 v1.5 key pair, which provides a stronger identity assertion than passcodes and prevents “RSA-style” breaches." From https://www.duosecurity.com/duo-push

They're used by companies like Facebook, Twitter, Sony, Arbor Networks, MIT, etc.

So yes, RSA has some strong competition.

Maybe the 10M carrot came with even a bigger stick
$10Mi? That's a very cheap price for trashing your companies reputation.

More importantly, it confirms that DRBD is backdoored or at least weak enough to be subverted.

a better price than "do it or we will destroy you".
"it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year"
I think Dr. Evil was at the bargaining table
> [...] but RSA said in a statement: "RSA always acts in the best interest of its customers [...]

True, you just have to keep in mind that their customer is the NSA.

RSA is thinking they can claim ignorance in the case of the DRBG being weak / possibly backdoored.
They were either corrupt or incompetent. This can't look OK for them.
I use one of these tokens for work. Spying is one thing but destroying encryption is another evil thing to do. If the NSA has introduced bugs in crypto then who's to say someone else can exploit the same crypto.
I don't think this fiasco is related to the tokens but yes the tokens has other problems such that it didn't need NSA to break it.
I wasn't sure I skimmed half the article. It did have a giant image of one the tokens though.
It's a bad image, because it conveys an idea that's different from the story, but I can see why they used it -- from the general public's perspective the tokens are pretty much the most recognizable symbol of RSA.
i wonder if Snowden has any detailed info on the NSA indroduced/forced backdoors (he obviously was aware about their existence in general like pretty much everybody in the world who isn't a tptacek's religious follower) and this or something like this is what keeps him alive - ie. NSA is afraid of dead man switch while other side(s) hopes that Snowden will reveal more and specifically useful for actual hacking info with time.
so that's the thing that scares me

a nsa official just did an obvious trial-balloon of pardoning snowden in exchange for return of all the docs [1]

but now that snowden is in russia, you have to assume that many nation-states have seen all these docs. so really, the nsa is worried that you and I will see them

fucking amazing

[1] http://www.theguardian.com/world/2013/dec/15/nsa-edward-snow...

The conditions for the pardon have never made sense, because as I understand it Snowden has already shared most if not all of his information with at least Greenwald and Poitras. He no longer has control over what will be shared with the public.
This is one of the many issues people have with what the NSA is doing. Weak crypto means not only the NSA can exploit it but possibly many other criminals.
From the BSAFE product page:

"RSA BSAFE Crypto Kernel offers versions of popular cryptographic algorithms optimized for both small code size and high performance. Unlike alternatives such as open source, our technology is backed by highly regarded cryptographic experts." [emphasis added]

This is really hilarious.
Well NSA do have highly regarded crypto guys. And they do back the technology.
Typo; they left out "door".
(comment deleted)
It never claimed that those experts were working in the customer's best interest, though. ;)
This is going to end RSA
But, but, but .. Canada just made prostitution legal.
Authy was already on its way to doing it anyway. Glad to see it sped it up for a YC alum.
The reaction from the average IT architect is to just select another vendor that provides yet another closed-source, blackbox hardware security solution, backdoored by who know which government(s) &| other entities. Open source hardware is (un)fortunately a necessary requirement (verilog/vhdl, firmware sources and no blackbox SoCs), samples of which are periodically verified by destructive and nondestructive means. Very, very costly, but doable and raises confidence.
This reminds me of the MS-Novell deal, which was done in a similar way and has similar problems.
But "everyone" agreed it wasn't actually a backdoor. I wonder if that will get walked back finally.
I wonder if any of the executives involved with this deal will have a moment of clarity and make a public statement - "I was directly told by representatives of the U.S. Government that if we did not take this deal there would be direct and material consequences for both my company and myself. Here is the names of the people I met with, here is a log of the meetings. If I am jailed or in some other fashion publicly discredited through an otherwise seemingly unrelated matter in the future, you should always remember that I have made this public statement."
(comment deleted)
Think of it from the executives perspective:

Option A: keep mouth shut, make a shit ton of money

Option B: become a martyr, face prison time

People like Snowden are rare.

And what if it were very common to take jobs just to hack the internal network, scour it for sensitive-looking data, and dump it all publicly for the sake of fame? I am pretty sure most "executives" would not be happy with that norm
My guess is that most people educated enough and promoted enough to get access to such information wouldn't risk years of efforts for potential fame. I'd say most of the whistle-blowers want to remain anonymous.
Those aren't the only options. Anyone with any smarts can figure out how to quietly and anonymously leak a lot of these details. The fact is that they were too cowardly to do even that though.
As somebody who has been in IT for almost two decades, I can't think of a safe way to get a file off our corporate LAN without leaving a trail leading to me.

I realize it's an argument from ignorance fallacy, and maybe there are such ways, but I'm not aware of them.

Curiously someone claiming to have a safe way is also arguing from ignorance: "maybe there are ways to detect this, but I am not aware of them".
With sufficient level of access, it should be possible to erase trails and to create false ones.
These aren't the details that need to be 'leaked' anonymously - the whole point for the original suggestion to work as intended requires a public claim from aranking officer of that company; the actual info isn't important but the public testimony is.
If they do it anonymously nobody will believe the docs and say they are just elaborate hoaxes by tinfoil hatters...
>>People like Snowden are rare.

In all honesty, Snowden is a 30 year old single dude, and as far as I know, he doesn't have kids. Do you think he would have done what he did if he had a family to look after?

In my opinion a person's first responsibility is to their family. So yeah, if you're married (like these executives probably are) and you're facing the choice between option A and option B, you should absolutely pick option A.

What are you saying? That because Snowden didn't have an extension to his own bloodline that it was easy for himself to come forward and blow the whistle?
I can't vouch for whether or not that is what he was saying, but if so, it's pretty likely to be true. People with families, right or wrong, tend to place the security of their family's future above their own political beliefs.

Snowden's actions were brave, regardless of his family status, and I don't wish to downplay that even one iota, but yes, if he had a wife and three kids, it likely would have made his actions even more of a longshot.

So the nuclear family combined with a distributed economy is basically a convenient tool for justifying atrocities of all kinds. Just feeding the kids, right?

Maybe not having kids is actually the morally correct choice, then?

Don't be a fool. You would let your children go hungry and live a worse life (directly because of your actions) out of principle? It's not simple. Having a family can be a beautiful thing. Not having one and spilling the beans on something morally reprehensible can be too.
>Don't be a fool.

Classy.

>You would let your children go hungry and live a worse life

No. Read what I wrote. The words are right there.

If the choice is "have children and commit evil to feed them" and "don't have children and don't commit evil", I choose the former. As should, I think, any right-thinking person.

The question is probabilistic. What are the chances that the former happens? What are the chances that the latter happens?

Choose accordingly.

The question is also systemic. There exists the possibility that forces larger than the individual have decided to normalize the nuclear family (and also romanticize the vision of having said family) in order to serve evil ends. What is the probability that that is the case? As time goes on, it looks far more probable than we once thought. People like you think families are in themselves beautiful. Any means justify the ends of preserving them. Seems like an excellent tool for keeping a population right where you want them.

Look up the history of the nuclear family. Notice it didn't exist pre-industrialization. Why's that?

You're taking humans -> have children for granted. I'm arguing against that dogma. Because as paradoxical as it may sound, it is trite dogma at this point in wealthy societies. We don't need these additional people, we don't need this extravagant life. It's not a matter of survival anymore. So what is it all accomplishing? What's the end?

>Having a family can be a beautiful thing.

For my morality, concerns of beauty don't trump concerns of humanity. If my having children perpetuates a cycle of exploitation, murder, pain, suffering, etc. etc. etc, then I don't have children. Regardless of how "beautiful" my experience of those children may be. It really is that simple.

And if a (wo)man tells me "I just did it to feed my kids" after committing some reprehensible act, I sympathize, because (s)he made a terrible decision in having children to start with. But I still condemn him/her.

That's a good point actually. Maybe we need more ethical loners without emotional attachments in a positions of power.
Like a celibate priesthood?
I here note that one can be sexually active without reproducing. No children doesn't imply celibacy.
Certainly the case. Historically, less the case but still the case...
Tim Cook could have easily mentioned something then, if the profiles I've read of him are true.
Maybe, we, as a community, could lessen that dilemma by helping the families of martyrs.
Also, to reward the hiring of whistle-blowers. A company that hires people with a history of raising the alarm should be more trustworthy.
You are a fucking idiot. I guess it the Nazis weren't so bad after all because they all had families and its important to make sure your family is taken care of first and foremost. Assholes like you are why we can't have nice things. History has been made because people were willing to sacrifice for principles, including people with families. Just because you dont have the balls to stand up for what you believe in doesn't mean you should encourage others to be cowards like you.
Other executives have.

Look at what happened to Qwest CEO Joseph Nacchio after challenging illegal NSA warrantless wiretapping requests. (Hint: he just got out of federal prison about two months ago.)

http://online.wsj.com/news/articles/SB1000142405270230398390... Mr. Nacchio said he still believes his insider-trading prosecution was government retaliation for rebuffing requests in 2001 from the National Security Agency to access his customers' phone records. His plans to use that belief as a defense at trial never materialized; some of the evidence he wanted to use was deemed classified and barred from being introduced. To Mr. Nacchio, the revelations of former NSA contractor Edward Snowden, who leaked documents saying the agency monitors the email and phone records of Americans, have justified his own stance. He contended the NSA's request was illegal. "I feel vindicated," he said. "I never broke the law, and I never will."

Nacchio defrauded shareholders out of millions of dollars. Let's be careful about who we're valorizing.
I'm generally curious about this. I have no idea how to judge Nacchio's career. Can you point some facts proving this point of view?

Or maybe: How was his position any different than yours, if you had a request from the NSA that you wouldn't want to fulfil, knowing that rejecting it could destroy your company, what would you do?

The issue is, imo, very murky but as I understand it:

NSA approached Nacchio and Qwest to do what they were doing with AT&T and Verizon. Qwest had previously helped the NSA intercept all comms in Salt Lake City during the Olympics but told the NSA they weren't interested in cooperating. Nacchio sells some stock. Qwest is suddenly dropped as the favored vendor for a huge government contract leading to a drop in Qwest's share price and earnings.

The US federal goverment's position was that Nacchio knew the contract was going to get dropped and cashed out early - insider trading. Nacchio contended that he was just selling stock and that the government had pulled the contract to entrap and prosecute him in the current case.

Read the indictment. Nacchio was convicted along with several other executives of running a pump and dump scam.

Despite being specifically prohibited from trading based on insider information, Nacchio first became aware that their earnings guidance was "a huge stretch", that to meet them would involve growing revenue from a line of business that had been failing to grow revenue and that had actually been underperforming that year, that they had (apparently) lost important contracts, and that it had become essentially impossible for them to hit their numbers. Then, after learning all that, but before any of it was disclosed to investors, Nacchio dumped over $100MM worth of his stock.

Nacchio controlled the earnings targets for Qwest. He set them dishonestly high and allowed them to be released to the public over the objections of many of his own executives. The stock performed as a result. Then, when it became obvious that the public would soon learn that those projections were impossible to meet, he sold his stock for $100MM.

Nacchio went down within a year of Enron and just a few years after Worldcom. It was the end of an era in which the big accounting firms had conspired with large corporations to swindle the public out of billions of dollars. Nacchio was a crook, not a Fourth Amendment hero.

Are the executives at JPMC crooks? I don't know. If they are, which is not outside the realm of possibility, they should go down too. But what JPMC people do has nothing at all to do with the fact that Qwest's executives defrauded the public to the tune of over $100MM.

So now his character is even bigger enigma. If the guy was a crook and fine with ripping stockholders out of 100MM tune, then how come he didnt want to play along with NSA? If he was greedy then he should have gone along with NSA offer. What could be his motive to say no to NSA? Wouldn't he know, at the time, saying no to the Gov may result in his contracts being shut off??
> Are the executives at JPMC crooks?

Yes. (Edited for reasons)

> Let's be careful about who we're valorizing

So perhaps this guy is indeed a slimeball.

Fabricated up claims are by their nature nearly indistinguishable from real ones, and outright fabrication isn't the only unethical recourse: there is always panopticon powered selective prosecution— how many felonies have you committed this month?

Regardless, we can observe now that the result will be time in prison and tptacek on HN diligently countering any claim of governmental misconduct. The insight here isn't related to Nacchio's character, it's that claiming that the government is retaliating for failing to comply with their unlawful demands doesn't provide protection.

>> https://news.ycombinator.com/item?id=6942165 tptacek 5 hours ago | link I am not generally a believer in the theory that NSA actively subverts Internet standards† †(my best guess is that the standards NSA was actively subverting were about international telephony; subverting the IETF is a little like subverting the Linux kernel --- doable, but bad tradecraft)

Does this count?(not trying to be sarcastic or a smart-a##), I just want to get a handle on what I should or should not trust these days. Seeing that RSA SecurID VPN dongle pic in the article scared me. I've pretty much been looking to your comments to give me a baseline.

Personally, I think one of the things you can't trust these days are comments by tptacek.
Either you're insinuating that 'tptacek is a malicious actor, or that he's incompetent. That's a pretty serious allegation to make without providing any evidence whatsoever. Do you have any? I'm sure you can dig up a few examples of things that he said which were incorrect, but very few of those will not have been followed by a correction at some point, and either way your insinuations seem to go beyond "being wrong some of the time".

HN is incredibly fortunate to count members like 'tptacek as part of its community. We should be behaving in ways which encourage more comments and commenters of his ilk, not less.

Unsurprisingly you're already being down-voted. For a community that prides itself on being rational and home to spirited debate, when it comes to the NSA, any contrarian opinions (or even alternative perspectives) tend to be quickly attacked and silenced.

If you read some of the first threads when the NSA revelations broke out, there are heated discussions with various viewpoints and arguments. Now, it appears that most of these users have become tired of being instantly downvoted, and instead avoid these subjects entirely.

I hope that tptacek continues to participate in these security policy discussions, not only for his extensive domain knowledge, but also because he is not afraid to voice beliefs that disagree with prevailing opinion. And right or wrong, its very refreshing.

> If you read some of the first threads when the NSA revelations broke out, there are heated discussions with various viewpoints and arguments.

Always mixed with a steady groan of "enough of NSA stories" and "none of this is surprising". The heated discussions were in no small part about wether this was even the problem it was made out to be and wether it should even be discussed (to this extent).

Not that I agree with downvoting instead of replying, or with bashing tptacek (Everybody loves telling experts "I told you so". Doesn't make us experts tho :P), but I don't agree with your narrative either. It's not falsifiable, anyway. People might just as well have given up on trying to downplay this, and walked away instead, which would be even worse. Why speculate. Bashing and downvoting for disagreement without argument sucks either way.

>Do you have any?

Don't really have a dog in this fight, but: up until today, there was no evidence "the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products".

Were people wrong to be suspicious?

> Either you're insinuating that 'tptacek is a malicious actor, or that he's incompetent.

There is a large area missed called psychological bias. People who has close friends working in highly controversial areas has a tendency to become a bit irrational in the view of the controversy. An attack on the NSA becomes an attack of the friend. If NSA is immoral and wrong, the friends choice of occupation must be wrong, thus the friend must be wrong, thus an attack on NSA is an attack of the friend.

As much as he can get under one's skin, and as much as he can be abrasive, and any number of other things, I trust his opinions on security and crypto.

He's rational to a fault--unfortunately, that means that when facts change he may be left with egg on his face. I don't think there's anything wrong with how he's handled this stuff.

>...I trust his opinions on security and crypto.

And here, ladies and gents, is exactly why we'll continue to inhabit an exploitable world forevermore.

You've got to trust something, eventually.
Trusting tptacek in the form of completing and learning from the Matasano crypto challenges would lead to a much less exploitable world forevermore.

It's okay to provisionally trust the word of someone who has previously and clearly demonstrated actual competence.

I'm also doing the Matasano crypto challenges and they are pretty priceless, don't know of anywhere else who offers a similar learning experience by breaking stuff, for free even.
I find tptacek's remarks to be enjoyable, generally speaking. In regards to crypto, I value his opinion highly, especially compared to my own novice opinion.

That said, I seldom trust anything I cannot verify. In matter s of crypto, that often means that I accept some things as magically working, and accept that the magic could wear off at any minute. Same thing with CPUs. I know generally how they work, and understand bitwise logic, but for the most part, they're just magic boxes that I've got enough experience with to have an expectation of.

In matters of the government, the fault I find with tptacek's arguments (and I hadn't even realized that it was a thing until this thread, but now I'm caught up) is that I think it is naive to trust the government. The federal government is something that our founding fathers encouraged us to be suspicious of. They specifically prescribed that, in order for our democracy to thrive, that we should be ever vigilant in regards to those we entrust with power.

Assuming good faith on the part of the NSA is naive, whether or not they're acting scandalously. Assuming good faith on the part of any politician is naive.

That isn't to suggest that we should never trust anything the government does, but if there's ever the potential for abuse, we should expect that potential to be abused at some point. If there's a loophole that could be exploited in any way, we should expect that it will be.

This diatribe isn't really directed at this comment, per se, but at your "have to trust __something__" comment, which I completely agree with as a generality. As humans, we routinely put trust into a great deal of people and things all the time, but I disagree that a government, even a pristine, flawless, immaculate government, is deserving of that trust, and it is our duty as citizens to thoroughly distrust it.

I disagree with many of tptacek's opinions but honestly he's one of the reasons this site is great. He is capable of arguing with people with strongly opposing views with civility, which is something that is entirely too rare these days. He's also capable of admitting when he's wrong and being gracious when proven right. Also entirely too rare these days. I'd rather have a thousand tptaceks on this site than zero.
https://news.ycombinator.com/item?id=6944628

> Jesus, what a tool you are.

How very civil and gracious.

Sometimes it's tough to contain righteous internet rage. I think he knows that crossed the line and that is why he deleted the comment.
He deleted, i.e. retracted it. In full. To harp on about it instead of talking about the story kinda sucks. We're talking about mass surveillance and everything being recorded, and look at what we are doing. Repeat after me: every day is a new day.
He's a human being, and thus imperfect. He's still much easier to have a conversation with than 99% of the posters on HN.
> He is capable of arguing with people with strongly opposing views with civility

You're clearly talking about a different tptacek, widely known on this site for his coarsely abrasive, impossibly high friction, social interactions and not admitting he's wrong on issues trivial or important. He's also widely known for a being an expert in his field.

All that being said, I agree with you that this site is more valuable with him on it and regularly participating. He's one of the actual experts in their field that makes this a much better forum than any other. IMHO, it's well worth the comment burn to talk and debate (friendly or not) with somebody of his caliber.

And being wrong every once in a while (regardless of his rightness in this case) does not make him either incompetent or malicious. It just makes him human.

tptacek, widely known on this site for his coarsely abrasive, impossibly high friction, social interactions and not admitting he's wrong on issues trivial or important. He's also widely known for a being an expert in his field.

What are you talking about? Whatever caricature you're illustrating here is not Thomas Ptacek.

With the way you've been talking, I would've suspected you were a newer member, but you've been around for three years or so. So I simply have no idea what you're talking about.

Would you please point out precisely which comments you take issue with? https://www.hnsearch.com/search#request/comments&q=by%3Atpta...

I think the thing to remember about Thomas, and me, and everyone else, is that we're all human, and we all have different moods which influence our behavior. Thomas's, on average, is exemplary.

I'm glad to see that he's got both of us defending him.

I'm talking about the same tptacek who I've personally butted heads with where he couldn't even accept being wrong about how to make stew (looking back, that was exactly 1 year ago to the day!)

I respect tptacek very much for his domain knowledge and expertise. He has great theories on hiring practices and cooking among others. He's one of the names I look for on HN.

But he requires lots of care and effort. I have to mentally peel back about half of his posts to remove the snark and assholery and get to the juicy bits. But those bits are usually there and usually worth the effort to get to.

That's okay, I'm a grown up and can deal with high friction in order to enjoy interacting with somebody who's truly intelligent. tptacek is just one of those types that comes with lots of smarts and lots of difficult personality and that's okay.

And for the record I'm also aware that I can be rather high friction and assholish as well, and not nearly as insightful as tptacek.

EDIT: You know what, I'm not going to dignify this any further, other than to say that I don't want HN to be however you think HN should be. By saying "he requires lots of care and effort," you're discouraging people like Thomas from participating, and therefore making our community worse as a result. How would you feel if you saw someone talking like that about you?
I'm not even sure what your responding to?! In no way am I insinuating that tptacek shouldn't participate here or that his voice isn't extremely valuable. I'm not being facetious when I said I'm glad we're both defending him.

I'm logically one of the last people to defend him here having butted heads with him so much, but in fact I deeply value his presence here.

> How would you feel if you saw someone talking like that about you?

I'd probably agree with them. I'm not a high-school kid afraid of how my peers will see me and neither is tptacek. I've said as much about his communication style to him directly.

I highly doubt that tptacek doesn't have enough self-awareness to know that he's a high maintenance debate partner. There's no reason to paint him as a saint, he's just a guy. A very smart guy, but he has his foibles and flaws, which are far outweighed by his contributions. But to ignore those more difficult parts of his personality does him a disservice by not seeing him in his entirety.

I respect the entire person (as much as I can see through the limited lens of HN) not just the parts I think are praiseworthy.

You can definitely trust technical information from tptacek. But you should treat his speculation as you would anyone else.
After reading tptacek's comments in the latest thread about Telegram https://news.ycombinator.com/item?id=6940665 I can only agree. He insisted Telegram team should abandon its custom solution without providing any actual proof that it's vulnerable. His advice was to rely only on "modern" algorithms (mostly the ones included in "NSA Suite B Cryptography"), but he provided zero evidence why these algorithms should be more secure than the ones already in use.
You guys are still failing to appreciate that your composition of cryptographic primitives is unproven, which means it is probably broken. Why is it probably broken? Because most compositions of crypto primitives are broken and your adversary is so formidable he will find the smallest problem.

In cryptography, you either prove it is safe or you consider it broken. Your choice should be considered broken until you prove otherwise.

This is a really bad and somewhat frustrating comment (if you're trolling, nicely done). He's absolutely correct about Telegram and this is not how you run crypto contests. This isn't even a tptacek opinion, it's a "everybody who has any reputation in the crypto field" opinion.

Edit: Oh, you're the Telegram employee who designed the contest. I encourage you to read moxie's blog post, and Schneiers rebuttals to crypto contests that are probably linked all over your other threads.

I think Pavel is providing the financial backing for Telegram, rather than being an employee -http://en.wikipedia.org/wiki/Pavel_Durov
Ah, the Telegram HN account just said he "proposed the contest", so I assumed employee. If he is the financier, then it is not surprising that he doesn't understand why his crypto contest is a bad idea.
right and it also explains why the Telegram guys went ahead with his suggestion, because they're presumably keen to keep their main financial backer happy.

I don't think there's any attempt to sell snakeoil here, this is a case of a road to hell being paved with good intentions. To people not well versed in cryptography the things Pavel is saying and the approach Telegram is taking all seem completely reasonable, and the people who do do crypto and are responding might as well be talking a different language. To them the flaws and red flags are so obvious that their responses are incredulous, which has led to the vitriolic back and forth we've seen - neither side can comprehend the other's position. This is Dunning-Kruger[0].

[0] http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

With all due respect, nothing can be "obvious" unless it is proven. You cannot take something for granted just because a respected cryptographer says that. Not after we learned that NSA pushes backdoors using respected firms and people in the crypto-community.
By this reasoning you should presumably agree that the onus is on Telegram to prove the security of their system, not on the rest of the cryptography community to prove that it is insecure. Telegram have completely failed to do this. Even if Telegram had a formal proof of their system (and implementation), would you be in a position to read and understand that proof? I suspect not. Like me, you'd have to trust a group of respected cryptographers to do that job for you, so I don't really know what you're trying to say here. Just because one or two respected cryptographers appear to have become NSA tools, does not mean everyone has.

Also note that it's not a case of one random crypto guy saying that Telegram's approach is flawed, but a case of virtually the entire crypto community saying that the approach is flawed. Does this not ring alarm bells for you? How can you judge that the Telegram guys know their stuff and aren't leading you down the garden path or are themselves deluded?

With your backing, there is a real chance for Telegram to bring secure communications to the masses. This is indisputably a noble goal, but the areas that Telegram should be innovating in are in UI and features - not cryptography. There is no such thing as mostly correct, 'good enough' cryptography, either the system is secure, or it's insecure - there is basically no middle ground. If you fail, it's a bit more serious than your typical software bug - innocent people can literally die - the very people that need this the most are the most at risk. These are the reasons Telegram have been met with such a frosty reception here. Because they come across as arrogant in an area where arrogance is the absolute least desirable trait.

(comment deleted)
The wish to broaden the contest is understandable and already taken into account http://bit.ly/1htlEod

What I was saying in the comment above, however, had nothing to do with the contest. I expressed concern about tptacek's aggressive promotion of one algorithms (branded as "modern") over the other (claimed as "anachronistic") without any substantial proof. https://news.ycombinator.com/item?id=6941934

This is really alarming.

(comment deleted)
Could you please provide some proof that you are who you claim you are? Like a post on your VK page? Thanks.
This comment on VK by id1 (Pavel) clearly states he participates in recent HN threads. I think it's fairly safe to assume he is who he is.

https://vk.com/roem?w=wall-20537665_23327

Here's an unedited Google Translate translation (I read it, and I think it conveys the message):

As I see it , there is not so much Anonymus as creators local competitor - TextSecure under Android . Telegram gathered a lot of users , and they're rightly fuss . The boys are torn between argument " either too new algorithm , why is it , if there is a proven " and your " algorithm either too old , why is it when new ." Nevertheless , trade on HN gives thousands of registrations Anglo-Saxons and tons of references .

I think the debate will be a good end to the competition announcement decoding traffic Telegram. Let's say I was ready to open all of my correspondence traffic since registration in Telegram and give $ 200,000 to anyone who will decipher it and tell you how . As a result Telegram or detect and close the loophole for special services, or - more likely - will receive another proof of the inviolability of their protocol

Ok, thanks.

Here's another comment of his further down:

Я помню первый обзор о ВКонтакте на Хабрахабре, кажется, в 2006 году. Эксперты делились комментариями вроде "кто они такие", "еще одна соцсеть не нужна" и "на php пишут только нубы". Неудивительно, что HackerNews, построенный примерно тех же принципах (карма, ранжирование), создает чувство deja vu.

Тем не менее, будет здорово, если там объявятся не только любители поговорить, но и те, кто реально прочитает документацию к MTProto.

Which roughly translates to:

I remember the first reviews of VK back in 2006. The experts were saying "who are they?", "we don't need another social network", "only noobs write in php". It is not surprising that HN is built on the exact same principles (karma, rankings), brings up a deja vu.

However, it would be great if someone who actually read the MTProto docs can show up, and not just those who like to talk.

In this case, it doesn't actually matter who he is, so there is no need really. Our responses would not be different if it were someone else saying the same thing.
In cryptography, the expectation is that the person presenting the algorithm should substantiate their claims, preferably with a proof. Saying that something is secure because it hasn't been broken yet does not settle well with people. And when it does happen, it's clearly caveated ("assuming the hardness of Discrete Logarithms", for example).

That aside, your challenge smacks of snake oil. I gave an analogy earlier that captures the essence of the complaints:

Suppose I am selling fire-proof safes. These are designed to protect your documents and valuables from thieves and from fire and other events.

The normal way people set up tests is to put some documents and valuables in a box and actually try to break it (MythBusters style, bringing out cool machinery and trying different ways). For fire resistance, there is a rating system (https://en.wikipedia.org/wiki/Fire-resistance_rating) and a standard way to test.

The Telegram proposition is: we are going to place the safe in Fort Knox. If you can't break the safe that is in Fort Knox, then clearly our safe is secure.

People are arguing that in order to break the safe, you have to break into Fort Knox. And for all intents and purposes that's not going to happen. You could have put a cardboard box in Fort Knox but no one can tell the difference because of the way you structured the challenge.

In that sense, you aren't testing the real-life security.

(comment deleted)
Seeing that RSA SecurID VPN dongle pic in the article scared me.

Why do you think they put it there?

IETF is very different from the NIST.
RSA SecurID was already compromised in 2011, and RSA more or less tried to hush-hush it: digitaltrends.com/computing/rsa-securid-data-stolen-by-a-nation-state/
(comment deleted)
Eagerly awaiting tptacek's retraction to his insistence that this was not a backdoor.

Edit: Nevermind, apparently he already did a mere 8 hours ago, replying to my own comment. Shortly before this broke.

https://news.ycombinator.com/item?id=6941366

(comment deleted)
> Jesus, what a tool you are. I absolutely believe you: I think you read this story and eagerly awaited its implications to some random person on HN.

Huh, I've seen your patience tested on HN before, which tends to elicit mostly restrained responses save for a bit of snark, but that's the first instance of actual name calling I've noticed. I'm genuinely curious how this comment annoyed you. The tone I'd expect is more of a "yeah, you got me" <kneeslap>. Instead it sounds like I'm accidentally trolling you.

For what it's worth, I did legitimately get excited to run to HN to play "told you so". After months of debate over this issue across numerous threads, I'm not going to lie, vindication is momentarily exciting.

> For what it's worth, my take on Dual EC (before learning more about it) was the same as noted NSA apologist Bruce Schneier.

Wait, tptacek is calling Bruce Schneier an NSA apologist?

Aside from being absurd, your claim that you shared the same opinion is also false. Your own comment here directly contradicts this, and you even dismiss Schneier's credentials upthread, yet appeal to his authority in your comment:

https://news.ycombinator.com/item?id=6424920

"I am aware that Schneier believes Dual_EC to be backdoored. I'm aware that Dual_EC comes from NSA. I would not use Dual_EC and would flag it if I saw it in an app I assessed. But I would still, right now, with the information I have, bet against it being an NSA backdoor. Not because I trust the NSA, but because it's a very dumb backdoor."

Edit: In reply to a now deleted comment by tptacek.

Your series of comments in this thread is way below the threshold for positive contributions to any HN discussion.
I'm curious as to your opinion of tptacek's deleted comment, and whether that was above or below the positive contribution threshold.
It was a reply to a taunt.
I'd say the original comment by lawnchair_larry comes off as a bit gauche... as if the XKCD "someone is wrong on the internet!" guy came here to post. I never saw the deleted comment, but it seems that after the initial frustration wore off, Thomas thought the better of it.

I've had my disagreements with some of Thomas' positions, including several over crypto/politics stories like this, but if you run out like that to play "gotcha!" it just doesn't feel right.

(comment deleted)
(comment deleted)
Whereas repeated pro-NSA apologies are? How many people would approve of them and how would they respond to them, if the person making them wasn't also all powerful in a forum?
> Wait, tptacek is calling Bruce Schneier an NSA apologist?

I think that was intended as sarcasm. He's defending his previous position by saying that he (previously) had the same opinion as Bruce Schneier, whom no one would accuse of being partial to the NSA.

> Jesus, what a tool you are.

This sounds like the start of a pretty angry prayer.

you'll probably get downvoted, but it made me laugh.
It actually get 60 net up-votes
Your reaction to this story was wondering if it can be used to demonstrate another member of HN being wrong in the past? Petty
Not just 'another member of HN', the most high-rated, the most prolific member of HN who is very often found shaping the direction of discussions here and is now a considerable voice in the security community. He's also someone that new tech startup founders listen to when deciding what to use and what not to use.
I know who tptacek is, I've read some of his papers, I've applied to the crypto challenges, I've disagreed with him in the past about the importance of BSAFE to the industry. It still comes across as petty to launch into a meta discussion of who's right and who's wrong on HN when there's much more interesting topics to consider based on this article's revelations.
When 'tptacek is wrong, he's obnoxiously wrong, especially in his inability to believe in government misbehavior, and his willingness to denigrate "message board nerds" on that sort of matter. (See also his attacks on Greenwald when the Snowden story started.) So personally I was looking forward to seeing somebody comment about him.
Pretty much. Not only that, but he's incredibly influential, so to see him get knocked down a peg does a lot of good.
This is a bit much and was not at all the motivation behind my comment.
This is what happens when you make it personal, though. I try to let being right be its own reward, not a license to tell people how wrong they were.
tptacek has the most karma on HN (even moreso than pg): https://news.ycombinator.com/leaders (for reference, pg has 149712 karma at the time of writing; tptacek has 165020 and the next person has 88887) His opinion is respected by many (and many accept what he says without question). A retraction by tptacek reminds us all to think critically

lawnchair_larry's comment is equivalent to questioning the president or a major celebrity, which oftentimes isn't a personal grudge.

What I do is just not read the usernames (beyond roughly scanning the word to figure out who replied to who). No really, I mean that, I don't even know your username.

That makes for a wonderful experience really. I interact with this nameless entity and each post is largely valued by its responses (I often leave an article open for a few hours to let the comments ripen a bit, that also adds a lot).

I think HN might be designed to encourage this, judging from the lighter color given to the post metadata line.
(comment deleted)
Comparing someone with high comment karma to the president is a bit absurd, no? The president could more aptly be compared to forum moderators on any given discussion website, as both have some executive power.
(comment deleted)
Yeah, I get that a lot too. Also his attitude towards open source cryptography related projects is strange and totally unjustified imho.
(comment deleted)
He's had a perfectly friendly attitude towards GPG, and in the case of others you can see ample evidence that his skepticism is justified. Maybe if the open source cryptography projects you're referring to weren't bad projects then the attitude would be strange.
(comment deleted)
> When 'tptacek is wrong, he's obnoxiously wrong, especially in his inability to believe in government misbehavior

For the record, this is incorrect. In past interactions he has stated his concerns over certain of NSA's "misbehavior".

The beauty of this backdoor, for all its faults, is that it was reasonable to believe that it wasn't a backdoor. And it was also reasonable to believe that it was. This backdoor is quite deniable, elegantly so.

So far I have disagreed with tptacek when it comes to what's backdoored and not. But I can understand his reasoning, and it's quite sensible.

"RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness." - Just shake my head at this. As news is revealed that all these companies were complicit, they cry foul and "warn" users? RSA deserves to lose all international customers who refuse to buy their products because of hidden backdoors.
Quote possible that one arm of the company was an aware of the other arms actions. Probable, in fact. If most of the company knew of the backdoor, it would have leaked.
In case you didn't know, EMC bought RSA in 2006. Shutting down RSA just means re-branding all the products as something else.
Seems like their customers now have an excellent case for commercial fraud against RSA.
the r in rsa is ron rivest who was responsible for some very elegant ideas. his papers, that i've read, are generally very simple and clear. but he also wrote md2 [an old hash, n longer used] which contains some "magic numbers" that no-one can explain. they are supposed to be derived from pi, but no-one knows how... http://crypto.stackexchange.com/questions/11935/how-is-the-m... (i even emailed him, but was shrugged off; i know it's silly and paranoid, but...)

anyway, i wonder what happens now to all the customers that use rsa dongles? big, international, political organisations...

I believe we heard that some months before already. The biggest problem is IMHO their libcrypto still being used in Java and MS Windows.
What implications does this have for RSA?
Hopefully the end of them. It's the only thing that matters to these mercenaries...
I strongly agree.

Crypto is something where reputation is sine qua non. After the 2011 data breech they lost a lot of it. Now how can anyone trust them ever again?

The NSA's story about how they need to secretly do these things to fight the war on terror makes less sense with each new revelation.

Terrorists don't use VPN dongles.

What is really going on here?

Terrorists don't, but the banks that they use probably do. You've gotta break into a lot of systems before you get to the information you want.
Businesses use RSA VPN dongles, and the stories that are starting to surface now are more about economic espionage.

"Follow the money" is a slippery slope.

You are making an assumption that the primary target of SIGINT is terrorists, but in reality it's actually nation states. I think another story just came out today about GCHQ targeting EU officials and embassies.
Nation states are likely to roll their own dongles though. The folk that use these are bluechips meeting due diligence requirements.
NSA also does commercial espionage to harm non-US bluechip companies, which are quite likely to use those dongles for internal data.
Heh...I certainly had a good chuckle at this comment. I don't honestly think that the NSA ever paid more than lip-service to the "war on terror". They've been doing the same job since long before Sept. 11, 2001. Before the "war on terror" it was the "cold war", there just happens to have been an awkward gap in between...

The NSA is in the business of Signals Intelligence. Their job, plainly stated, is to have access to as much communication between non-US entities as humanly possible. What makes their job difficult is that, over the course of the last few decades, it's become increasingly the case that much of the communication between non-US entities travels via US-based channels using technology originated in the US. Somewhere along the line, when forced to balance "as much communication" and "non-US entities", the NSA clearly chose in favor of accessing those communications at any cost.

This is a very well-put comment.

The core cause there would seem to be sharing comm channels with foriegn actors--the same thing that makes our position with regards to the 'net so awesome also means that the NSA is kind of forced to get involved closer to home. It's a tricky tradeoff.

It's the same reason you never see James Bond negotiating with foreign heads of state. You don't send an assassin to do a diplomat's job. Everything that is being revealed about the NSA's actions, this buying of influence especially, is positively reprehensible...BUT it is important to keep an eye on where the blame really lies: with the people that let their assassins dictate their foreign policy and domestic priorities.
(comment deleted)
>Terrorists don't use VPN dongles.

The story isn't about VPN dongles, it's about a backdoor in an encryption product sold by RSA.

How do you know?

Even if you're right, Airbus does.

Shouldn't this destroy RSA as a company? If your in security, and your security can't be trusted...
It should, but AT&T's still in business and their collaboration with the state to spy on customers has been known for a long time.
AT&T is explicitly selling "we connect you", not "we secure you."
RSA is now owned by EMC
Privacy: Pre-internet term(from Latin: privatus "separated from the rest, deprived of something, esp. office, participation in the government", from privo "to deprive") used to describe the ability for human beings to seclude themselves or information about themselves and thereby reveal themselves selectively.
Please forgive my ignorance of these kinds of security issues....

I remember at one point, way back when, it was recommended to use RSA keys over DSA, when creating an SSH public key. Is this this the same algorithm, by the same company?

Does this mean that SSH can't be trusted if you're using an RSA key, versus some other type?

RSA the company has nothing to do with RSA the algorithm.

Well, "nothing" isn't strictly correct, but connecting them is more like the Kevin Bacon game. Rest assured that this story has nothing whatsoever to do with RSA keys.

I'd love to see a class-action lawsuit.

This shit must be punished.