# “We cannot trust” Intel and Via’s chip-based crypto



## johnblue (Dec 10, 2013)

I guess I am missing where you can search the whole site instead of individual forums so if it is in the wrong spot, eh. 

http://arstechnica.com/security/2013/12 ... opers-say/


----------



## ShelLuser (Dec 11, 2013)

Thanks for sharing, but to be honest I don't think that's the best article on this subject; it even contradicts itself. I was immediately turned off with the opening line:



			
				Arstechnica article said:
			
		

> Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries.


Which seems not to be correct. If you read the original report (which is also quoted in that same article) it becomes quite clear that the end users retain the freedom to chose their own approach:



			
				FreeBSD security report said:
			
		

> It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.


Which in my opinion provides a different view on the matter than a statement which claims that we're not given any choice.


----------



## Crivens (Dec 11, 2013)

I think this is meant a bit differently. They have no choice but to distrust the RNG, so they now pass that on to the user. You, as a user, can still decide that you trust that hardware, but the developers have no choice under the circumstances. They can no longer trust it enough to make it the default and only option.


----------



## overmind (Dec 11, 2013)

The same news is on slashdot.org now: http://it.slashdot.org/story/13/12/...velopers-will-not-trust-chip-based-encryption


----------



## kpa (Dec 11, 2013)

I don't think that there's any "planted" backdoors in those chips. It's just bad quality design done on the cheap without consulting those who really know about cryptography and how important good quality randomness is in that field. The news stories are just typical sensationalism trying to capitalize on the recent hubbub over the recent revelations about NSA activities.

The FreeBSD devs do have good reasons though not to trust those chips and their built in random number generators. Any kind weakness in those generators opens up a good number of possibilities for attacks and those possibilities are not limited to opening backdoors for NSA spying actitivies, they open the doors for everyone. This is really my beef with the news stories that they imply that those backdoors would be open only for the named intelligence agency and they are supposedly planted by the same agency, this is pure fantasy if you start to think about it more thoroughly.


----------



## throAU (Jan 14, 2014)

kpa said:
			
		

> I don't think that there's any "planted" backdoors in those chips.



I very much do.  The US government / NSA wants full surveillance.  Getting this inserted into the hardware, below whatever software platform you may be running is a fairly un-defeat-able way of doing this.

The motive is there.  The opportunity is there.  The cynic in me says this is why they are so anti-Huawei; not because the Chinese have necessarily planted bugs in their hardware (which they may well have done), but because the US friendly bugs aren't in there.  If you've seen @ioerror's recent NSA-related presentation and heard about the hardware bugs they plant in servers, the backdoors in WIFI Adapters (can turn them on if they are disabled, etc.) then you may think a little differently.


----------



## kpa (Jan 14, 2014)

If that's true the guys at NSA are really stupid. Any cryptoanalyst who knows what he/she is doing can detect regularities in the ciphertext that is weaker against attacks because of poor quality randomness and ultimately recover the secret keys. You really think the the NSA guys will be the only ones listening? So if we assume that there is a backdoor planted in those chips as you claim, all encrypted traffic in the USA that is encrypted with those chips is wide open for the "evil chinese" for eavesdropping.


----------



## throAU (Jan 14, 2014)

kpa said:
			
		

> If that's true the guys at NSA are really stupid. Any cryptoanalyst who knows what he/she is doing can detect regularities in the ciphertext that is weaker against attacks because of poor quality randomness and ultimately recover the secret keys. You really think the the NSA guys will be the only ones listening? So if we assume that there is a backdoor planted in those chips as you claim, all encrypted traffic in the USA that is encrypted with those chips is wide open for the "evil chinese" for eavesdropping.



The Chinese don't necessarily have any access to it.

The encrypted cipher-text could be untouched, they just sniff at the endpoints, pre/post encryption/decryption.  And optionally re-encrypted before being sent/broadcast to a third party NSA collector device (via WIFI (it has come out that they can transmit from otherwise de-activated WIFI cards), or whatever).

I'm not saying it is always turned on, always broadcasting, but I very much suspect that there exists ways and means for the NSA to turn the bugs on if required for collection via nearby team.


----------



## Crivens (Jan 14, 2014)

I spent the last days' free time looking at the videos from http://media.ccc.de, where the 30c3 proceedings are located. The speakers often mention the idea to switch their profession to gardening or carpenting. Once you watched some of the presentations, you will get the same feeling.

One presentation showed how to use a 32bit RISC unit in your NorthBridge (Intel systems) which is normally used for things like wake-on-LAN or system management, for really spooky stuff. Like, scan the main memory for signatures of the active OS, parse OS data structures, look for keyboard buffers, copy passwords and transmit them out of the system by massaging the timing for the ethernet. So you can pick up the transmitted passwords by watching the packets from that machine, and watching the time between these. No data is changed in the traffic so a packet dump will not show anything.


----------



## zspider (Jan 24, 2014)

Crivens said:
			
		

> I spent the last days' free time looking at the videos from http://media.ccc.de, where the 30c3 proceedings are located. The speakers often mention the idea to switch their profession to gardening or carpenting. Once you watched some of the presentations, you will get the same feeling.
> 
> One presentation showed how to use a 32bit RISC unit in your NorthBridge (Intel systems) which is normally used for things like wake-on-LAN or system management, for really spooky stuff. Like, scan the main memory for signatures of the active OS, parse OS data structures, look for keyboard buffers, copy passwords and transmit them out of the system by massaging the timing for the ethernet. So you can pick up the transmitted passwords by watching the packets from that machine, and watching the time between these. No data is changed in the traffic so a packet dump will not show anything.



Yeah I know what you mean, the NSA revelations have made me wonder if there's any point in trying to maintain a secure system anymore. Makes me wonder if pursuing a career path in something manual labor oriented would be better. But around here you get treated like you're crazy if you want to do any real work. :x


----------



## sossego (Jan 24, 2014)

I do physical labor for money. Everything that I do concerning computers rarely has a price tag.


----------

