lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTimtsu-rO17dUA4ij=itCK35rEpN47NPvke+3ZNn@mail.gmail.com>
Date: Thu, 23 Dec 2010 22:57:32 -0800
From: coderman <coderman@...il.com>
To: Marsh Ray <marsh@...endedsubset.com>
Cc: full-disclosure@...ts.grok.org.uk, mickey@...ifer.net
Subject: Re: how i stopped worrying and loved the backdoor

On Thu, Dec 23, 2010 at 10:00 PM, Marsh Ray <marsh@...endedsubset.com> wrote:
> ...
>> how i stopped worrying and loved the backdoor
>
> Note that much of that is backed up by CVS history.
> ...
> For example, as he mentions in P2 the entropy pool extraction functions

intelligently constraining key space and / or leaking key bits is the
Right Way (tm) to do a backdoor.  it requires knowledge of the
particulars to execute and provides more robustness than a class break
/ full key leak.  i hear they've got clusters of key crackers for
searching reasonable spaces ;)

also, this may not be limited to entropy pool. it would make much
sense to combine elements of hardware accelerated crypto drivers with
entropy reduction or key leakage to target specific installations or
further obfuscate effects, as mentioned in the thread so linked.

(and you could be pretty precise with such key space degradation, if desired!)


> I even pointed some of this out the other day on this thread:
>     http://marc.info/?l=openbsd-tech&m=129298665720095&w=2
> Perhaps the reaction speaks louder than words.

"good entropy is hard", is the theme of that thread.

how do you measure entropy?  a few bytes and i've turned terabytes of
entropy into simple order.

the debian openssl weak key debacle underscores just how difficult and
obscure such technicalities are in the face of random human failures.
a well funded adversary with specific targets and significant skill
would enjoy plentiful opportunity and success.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ