Silk Road forums

Discussion => Security => Topic started by: Candy on September 15, 2013, 02:37 pm

Title: Stumbled across this Blog-Post - "How to keep a secret?"
Post by: Candy on September 15, 2013, 02:37 pm
I Stumbled across this blog post the other day, and wanted to get some input on the things he is saying.

Specifically I was a little surprised about his opinions about RSA Encryption.

To be honest I don't really know much about all this stuff (Except for how to use it), but I was under the impression that RSA encryption was our preferred option.?

I guess I am posting it in an attempt to get some feedback from some of you bright minds.


This is a Google translation, so it is not perfect, but it is OK readable.

Quote from: Poul-Henning Kamp

How to keep a secret?

By Poul-Henning Kamp 12 September 2013 kl. 10:32


With recent revelations about the NSA's activities, it is clear that there is no such thing as privacy anymore, if there is electronics involved.

One of my customers asked me to sum up the case and suggested even that I shared the results with my blog readers on ing.dk.

The fact that I actually get paid for this blog post in no way affects the content.

Status of NSA revelations

All traffic passing over a telecommunications network or the Internet can and will be intercepted over the world.

All electronics you can buy are likely to contain backdoors, particularly computers and smartphones.

There is reason to believe that most cryptographic code and possibly some cryptographic protocols are sabotaged.

NSA has not a shred of track of what the little million people who have access to the intercepted data is doing and we must expect that at least a few hundred employees selling information to other countries, companies, private detectives, criminal organizations, etc.

NSA has spent 250 million dollars annually to compromise security in commercial and non-commercial software and hardware products.

NSA has worked with a lot of country intelligence services. No one will answer us if it also applies to PET / FE why the answer is likely to be "yes."

Politicians and officials who rule on the NSA's lying. They face lengthy prison sentences under torture-like conditions, to say the truth.

Bruce Schneier probably the most trustworthy krytospecialist worldwide has updated its krypton lizards .

And no, it is not exaggerated and it is possible that it gets worse.

As IT man, as one of those who helped to get the Internet to Denmark, as the author of the code that is used widely, it pains me to give the following advice:

What we can not rely on:

A) Unencrypted communication over the Internet or telephone network, including voice calls, SMS & MMS.

B) Cloud services (Amazon, Microsoft, etc.) Outsourced Services (CSC, IBM, etc.). Social Networks (LinkedIn, Facebook, etc.) Telecommunications Services (TDC, Telia, etc.)

C) Embedded computers in WiFi APs, routers, printers, copiers, TVs and anything else that can be put on the web.

D) Smartphones, Tablets and Computers where the owner sovereign control which applications are allowed to drive.

E) OS and software without inspicerbar and verifiable source (OS / X, Windows, Solaris, Chrome, Oracle, Adobe you name it ...)

F) Any service or program that requires that we download an "app" or "Extension".

G) Certificate Authorities (CAs like Verisign, TDC, etc.)

H) asymmetric crypto protocols: RSA, DSA, PGP, TLS, SSL, IPSEC (= VPN), SSH.

I) Weak symmetric crypto protocols: RC4, AES less than 256 bits.

J) OpenSSL in particular.

C) Persons who might be in the NSA or by intelligence services sold.

L) that we get to know the truth from the directors, officers and politicians.

If you have something that must be absolutely secret

(For example, if you are a member of the Parliamentary Control or human rights activist.)

You may not use electronic equipment that is, or later can be connected to the Internet, unless you can definitely prevent this (possibly by physical destruction.)

Be aware of other electronic equipment containing camera or phone nearby.

It's OK to use a computer to a local printer, provided it never comes online, either before or after, and assuming you can ensure its physical security. (Never to go traveling!)

You can not rely on electronic equipment not lie about network connections, you have to physically make sure that there is no connection. Avoid all devices with wireless features (WiFi, Bluetooth, wireless USB, etc.)

You can not trust any encryption code that comes with electronic equipment / OS. Use at least AES-256 with PSK (Find someone who knows what it means to help you.)

Anticipate that you can and will be detained and / or imprisoned indefinitely, if you're lucky only until you can prove that you can not decrypt the intercepted data. (Encrypted data and the key should never be transported together.)

Should you keep the meetings secret, leave all your electronic devices (including your travel card, access tokens, wireless car key, and check all clothing, bags and other items you bought, for if there are survivors RFID tags and hold the meeting far in nature.

It goes without saying that the "cloud" services, public computers, etc. is completely excluded.

Protection of commercial secrets

(For example, CAD drawings, chemical / medical processes, source code, patent applications, etc.)

Its network is compromised, no matter what the IT department would argue to the contrary. If nothing else, the built-in backdoors.

Purchasing new equipment, make a completely closed network used only for this single project. (See above about trusting the OS and wireless connections.)

Alternatively, if your users powers it: Obtain a damn good sysadmin and run on an Open Source Unix (Linux or FreeBSD) in a paranoid configuration.

Log all network traffic through the firewall and check constantly that you know exactly where every single packet came from and why.

No communication without at least AES256 + PSK.

Do not rely on RSA / DSA / SSL / TLS / SSH / IPSEC. Rely not on tablets, smartphones or Cloud services.

The risk of detention and confiscation is marginal, unless you are traveling with is very interesting.

It is not enough to use the "pre-pay SIM" abroad, your phone will still be monitored.

Use good strong passwords for inspiration see XKCD .

Common health protection

(Business Leaders, Engineers, sensitive personal data, etc.).

Never use "social networking" (Facebook, LinkedIn, Twitter, etc.) from the same electronic devices that you use to confidential data.

Do not rely on closed source software. If you have not done it yet, now you have started to learn Linux or FreeBSD.

Enter never a password in public / borrowed / rented units (No Net cafes, no lufthavnspc'er etc.)

Well, well! ... gee?

Exactly!

The situation is totally fucked up.

It does not seem that our politicians have grasped a meter of how serious this is, if they did they would iPads and smart phones be banned in parliament and CSC and KMD would have been nationalized, referring to the state and public safety.

The alternative explanation, more conspiratorial explanation is that they are not on our side, but perceives total electronic monitoring as a good thing.

As it stands right now, there is nothing to suggest that the situation is changing for the better so far, if at all ever.

Let me make it absolutely clear: It is not certain that this total surveillance ever cease or be reduced again.

The few and small improvements we can hope for will come from:

I) CIOs acting in accordance with the above list and therefore can make "safe enclosures."

II) Open Source crypto code that is being examined with a fine-tooth comb and preeminent in all ends and edges.

III) Voters who use stemmeblyanten sense.

Note in particular the secrets alerede have been intercepted, such as Social Security numbers of all Danes with a driver's license, it was last year, do not ever become secret again and we may never know us sure of who has access to them.

PHK

PS: This blog post may be copied, quoted, translated, printed, waved under the nose with shouting and screaming about and protest with.

Clearnet link to the translated page: http://translate.google.com/translate?sl=da&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fing.dk%2Fblog%2Fhvordan-holder-man-noget-hemmeligt-161711&act=url

Clearnet link to the Original page: http://ing.dk/blog/hvordan-holder-man-noget-hemmeligt-161711
Title: Re: Stumbled across this Blog-Post - "How to keep a secret?"
Post by: comsec on September 15, 2013, 05:25 pm
That's just summing up how the NSA can read any SSL/TLS traffic unless you generate your own RSA keys and pin the certs to your applications, so they can't be spoofed, and keep them away from certificate authorities which are notoriously unreliable.

TLS = Message Authentication Code (MAC) that works in tandem with a symmetric cipher like AES or RC4 to encrypt https traffic. 1.2 is the new "fixed" version that's not really fixed, and there's still plenty of vulnerable old TLS versions around.

SSL = Public-key crypto RSA.
 
The RC4 ciphersuite used in TLS is fucked, your authentication cookie can be recovered. A ridiculous amount of sites still use it (basically half the internet) and the NSA is probably for sure taking advantage of this. Everybody has known it's been suspect for a while hopefully the Snowden docs will kickstart the death of this stream cipher. The first 256 bytes of RC4 output isn't completely random, there's biases so if you collect enough samples of the same message being encrypted over and over again, you can add up the biases to get a full picture. Each time you make a fresh connection to Gmail, you're sending a new encrypted copy of the same cookie. A malicious attacker would then feed you a piece of Javascript that your browser will run that can then send thousands of HTTPS requests to Google very quickly to gather your traffic and steal the authentication cookie, then log straight into your account or just read your traffic. Or they can passively collect your traffic over time and do the same thing, but using deterministic values like guessing your cookie will be Base64 encoded, which dramatically reduces the number of samples they need to obtain. I would imagine NSA flips a switch and decodes RC4 in realtime.

Even worse, TLS itself is also completely broken, never mind RC4, the whole protocol is fucked. It was designed in the 1990s when nobody knew the Cryptographic Doom Principal where you must encrypt first, then verify or else you are wide open to a number of attacks. TLS is not the encryption itself, but rather the Message Authentication Code (MAC) that's used to protect the authenticity of each data record. RC4 is the actual encryption or AES-256 (which also has problems, google BEAST and Lucky-13).


As for RSA, attacks on the factoring problem have been getting better. This means that RSA key sizes have had to get bigger just to keep up. RSA-1024 is not considered safe, as it's assumed the NSA has hardware that can factor 1024-bit numbers or at least reduce their entropy low enough to perform other attacks and read the traffic. Who knows if they can reduce RSA-2048 but it seems likely, at least to Bruce Schneier and a few other crypto engineers advocating for 4096-bit keys. Increasing to 8192-bit is a waste of time, basically if 4096 isn't good enough the game is over for RSA. Since there is a ton of RSA-1024 in the wild NSA probably having a field day with this as well, slicing through SSL connections. Check the certs of any site you visit, it'll probably be SSL 1024 RSA. SSL is totally broken anyways, watch this and weep for your security: http://youtu.be/Z7Wl2FW2TcA


TL;DR It's no joke that the entire internet encryption is hopelessly broken. This is why you want to only use a .onion jabber server, and avoid going out of Tor through an exit node.
Title: Re: Stumbled across this Blog-Post - "How to keep a secret?"
Post by: comsec on September 15, 2013, 05:41 pm
I forgot to add, not only do the feds almost certainly have copies of all SSL keys for major providers like Yahoo/Google, but they can break into your cable modem, router, firewall (which also most likely has a pre-built backdoor, especially if it's linksys or cisco) and then use the TLS authentication problems to MITM your AES or RC4 encrypted https connection, so they don't even need to collect a bunch of RC4 samples, but they could if they wanted to. They can probably also convince your ISP to route traffic directly to them first. TLS 1.2 was supposed to fix the MITM problem but they applied a shit show of patches enabling another bunch of attack avenues. Basically the only proper implementation of TLS that exists is in Chromium web browser, since respected cryptographers built the TLS stack. RC4, properly implemented in Chromium used to work until recently when yet another RC4 flaw was found, but it's still better than SSL which might as well be cleartext. MITM problems were also ironed out in Chromium. However if you're using Internet Explorer, Safari, Firefox you're fucked.

This is why anything clearnet is wide open right now and has been for a while. Meanwhile here in Tor land, where every connection is encrypted we don't have these problems but you will be especially fucked if you exit a malicious exit node running SSLSTRIP or MITM attack to access Gmail and other sites. That's basically just handing your keys to the feds unless of course, you are using security Tokens (like webmoney uses), but then if you were interesting enough they could just break into your desktop or mobile and steal the token.



Title: Re: Stumbled across this Blog-Post - "How to keep a secret?"
Post by: Bazille on September 15, 2013, 07:21 pm
MITM problems were also ironed out in Chromium. However if you're using Internet Explorer, Safari, Firefox you're fucked.

You mean certificate pinning in Chrome? I think something similar can be achieved with the Certificate Patrol addon for Firefox.

https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/
Title: Re: Stumbled across this Blog-Post - "How to keep a secret?"
Post by: comsec on September 15, 2013, 07:58 pm
MITM problems were also ironed out in Chromium. However if you're using Internet Explorer, Safari, Firefox you're fucked.

You mean certificate pinning in Chrome? I think something similar can be achieved with the Certificate Patrol addon for Firefox.

https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/

That helps, but Chromium (it's the open source version of google chrome, without the spyware) implemented full TLS 1.2 stack  and NSS to iron out lot's of MITM easy attacks that were prevalent in TLS 1.0 (and to some extent, 1.1). Firefox I believe just upgraded to 1.1 and nobody knows when 1.2 is fully supported. TLS is still a gigantic pile of shit though. Both OpenSSL and TLS are terrible, outdated junkware. Think of the most confusing software you've ever looked at now multiply that by 100 complexity and you have TLS and OpenSSL.

Internet Explorer, Opera and Safari now have TLS 1.2 but since they are closed source, who the fuck knows if they've done it correctly. I don't know if they are activated by default either, I think the default is still 1.1 or even 1.0. Tor Browser Bundle is using 1.0 which means any script kiddy can intercept TLS traffic or decode RC4/AES.

I haven't kept up with it (because I gave up on all clearnet encryption back when Assange blew the whistle in 2010 and decided to take down clearnet wikileaks because no TLS/SSL could be trusted for submitting secure leaks) but I believe TLS 1.2 fixed the AES problems, though hardly anybody has implemented it except countermail. Certainly not my bank, which is using dozens of 1024 certificates wide open to hacking. Don't know what's up with banks but they buy like 20 SSL certs I guess so they will be guaranteed to work on all browsers and every country. It's an insane solution of course, wide open to abuse but I guess they don't care.
Title: Re: Stumbled across this Blog-Post - "How to keep a secret?"
Post by: Bazille on September 15, 2013, 08:12 pm
Seems like Firefox 24 will have TLS 1.2 support, but it won't be enabled by default because of compatibility issues.
Firefox 23 supports TLS 1.1, but it also isn't enabled by default. You have to enable it in about:config.

http://kb.mozillazine.org/Security.tls.version.*