Read the Beforeitsnews.com story here. Advertise at Before It's News here.
Profile image
By Patriot Net Daily
Contributor profile | More stories
Story Views
Now:
Last hour:
Last 24 hours:
Total:

‘We cannot trust them anymore’: Engineers abandon encryption chips after Snowden leaks

% of readers think this story is Fact. Add your two cents.


The developers of the FreeBSD operating system say they no longer trust computer processor chips manufactured by two of the top tech companies — and cite National Security Agency secrets spilled by former contractor Edward Snowden as the reason why.

Journalist Richard Chirgwin of the UK IT website The Register reported on Monday this week that the developers of the free, Unix-like OS have abandoned faith in two random number generators — Intel’s “RDRAND” and Taiwanese company Via Technology’s “Padlock”— after leaked NSA documents attributed to Mr. Snowden have suggested that the United States government and their allies at foreign intelligence agencies have compromised the security of major cryptographic tools.

Chirgwin was the first reporter to catch wind of the news that FreeBSD decided during a developer summit in Malta this past September to relinquish trust in those companies’ random number generators, or RNGs, and meeting minutes obtained by Dan Goodin of the website Ars Technica confirms that programmers became suspicious after leaked documents within the trove pilfered by Snowden accused the NSA of breaking widely-used encryption protocols.

FreeBSD has until now relied on a “random generator framework” within the OS, according to the notes spotted by Chirgwin, containing three RNGs: RDRAND, Padlock and another named Yarrow, designed in 1999 by security wiz Bruce Schneier, among others. Individually and in tandem, these generators rely on digital entropy to randomize a computer’s output, thus masking operations through multiple layers of encryption that were once thought largely impossible to crack. Recently leaked NSA documents, however, have suggested otherwise.

The OS is on the verge of releasing their latest version, FreeBSD 10, but any users that upgrade to that edition won’t be able to rely solely on Intel or Via’s RNGs anymore.

For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead,” reads an excerpt from FreeBSD’s summit “special status report.”

The developers go on to acknowledge that it will still be possible for end users of FreeBSD to access hardware RNGs — namely RDRAND and Padlock — but the programmers behind the OS say, “we cannot trust them anymore.”

In the Developer Summit minutes discovered by Goodwin, FreeBSD offers some insight into why exactly they’ve decided to abandon two highly-used encryption chips. They reference Snowden by name and admit that his leaks suggest there’s a “v[ery] high probability of backdoors” in some hardware RNGs, and that those generators simply can no longer be trusted to provide “good entropy directly.”

This year’s FreeBSD Developer Summit was an invite-only event in late September that was hosted roughly three weeks after reporters with The New York Times, ProPublica and The Guardian simultaneously released a report detailing the NSA’s attack on encryption methods that drew from never-before-published top-secret documents leaked by Snowden.

The NSA, the outlets reported on Sept. 5, “is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age.”

Elsewhere in the report, the journalists said the NSA has spent billions of dollars during the last several years to break complex encryption algorithms — and in other instances where supercomputers weren’t successful, they compelled the makers of those tools to install government-friendly backdoors.

Cryptanalytic capabilities are now coming online,” reads a 2010 memo supplied to the reporters by Snowden. “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

Schneier, the crypto-expert partially responsible for the Yarrow RNG, worked with The Guardian on disseminating those Snowden documents ahead of publication and described the revelations contained therein as “explosive” when they were finally printed.

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,” he wrote in an early Sept. essay for the Guardian. “If the back door is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.”

The NSA documents failed to name any specific manufacturers that have aided the intelligence community’s operations, but security experts were quick to voice suspicion, and RSA, the makers of one of the world’s most widely-used RNGs, told customers they should discontinue using some of their products after the early-Sept. Snowden leak.

That same week, MIT-educated cryptographer and Linux developer Theodore Ts’o stated publically that he was happy with his decision to resist earlier pleads from Intel engineers to have that operating system commit entirely to RDRAND for encryption.

“Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea,” Ts’o said. Now just three months later, FreeBSD is rescinding their reliance on Intel and Via’s RNGs.

When a petition began circulating in mid-Sept. imploring Linux to stop relying on RDRAND, one of the OS’s leading developers, Linus Torvalds, called those who made those pleads “Ignorant.”

source: rt.com

www.patriotnetdaily.com


Source: http://www.patriotnetdaily.com/we-cannot-trust-them-anymore-engineers-abandon-encryption-chips-after-snowden-leaks/


Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world.

Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.

"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.

Humic & Fulvic Liquid Trace Mineral Complex

HerbAnomic’s Humic and Fulvic Liquid Trace Mineral Complex is a revolutionary New Humic and Fulvic Acid Complex designed to support your body at the cellular level. Our product has been thoroughly tested by an ISO/IEC Certified Lab for toxins and Heavy metals as well as for trace mineral content. We KNOW we have NO lead, arsenic, mercury, aluminum etc. in our Formula. This Humic & Fulvic Liquid Trace Mineral complex has high trace levels of naturally occurring Humic and Fulvic Acids as well as high trace levels of Zinc, Iron, Magnesium, Molybdenum, Potassium and more. There is a wide range of up to 70 trace minerals which occur naturally in our Complex at varying levels. We Choose to list the 8 substances which occur in higher trace levels on our supplement panel. We don’t claim a high number of minerals as other Humic and Fulvic Supplements do and leave you to guess which elements you’ll be getting. Order Your Humic Fulvic for Your Family by Clicking on this Link , or the Banner Below.



Our Formula is an exceptional value compared to other Humic Fulvic Minerals because...


It’s OXYGENATED

It Always Tests at 9.5+ pH

Preservative and Chemical Free

Allergen Free

Comes From a Pure, Unpolluted, Organic Source

Is an Excellent Source for Trace Minerals

Is From Whole, Prehisoric Plant Based Origin Material With Ionic Minerals and Constituents

Highly Conductive/Full of Extra Electrons

Is a Full Spectrum Complex


Our Humic and Fulvic Liquid Trace Mineral Complex has Minerals, Amino Acids, Poly Electrolytes, Phytochemicals, Polyphenols, Bioflavonoids and Trace Vitamins included with the Humic and Fulvic Acid. Our Source material is high in these constituents, where other manufacturers use inferior materials.


Try Our Humic and Fulvic Liquid Trace Mineral Complex today. Order Yours Today by Following This Link.

Report abuse

    Comments

    Your Comments
    Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

    MOST RECENT
    Load more ...

    SignUp

    Login

    Newsletter

    Email this story
    Email this story

    If you really want to ban this commenter, please write down the reason:

    If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.