Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

‘We cannot trust them anymore’: Engineers abandon encryption chips after Snowden leaks

Published time: December 10, 2013 20:30
Protesters hold up pictures of US whistleblower Edward Snowden in front of the Reichstag building housing the Bundestag  in Berlin (AFP Photo / Johannes Eisele)

Protesters hold up pictures of US whistleblower Edward Snowden in front of the Reichstag building housing the Bundestag in Berlin (AFP Photo / Johannes Eisele)

The developers of the FreeBSD operating system say they no longer trust computer processor chips manufactured by two of the top tech companies — and cite National Security Agency secrets spilled by former contractor Edward Snowden as the reason why.

Journalist Richard Chirgwin of the UK IT website The Register reported on Monday this week that the developers of the free, Unix-like OS have abandoned faith in two random number generators — Intel’s “RDRAND” and Taiwanese company Via Technology's “Padlock”— after leaked NSA documents attributed to Mr. Snowden have suggested that the United States government and their allies at foreign intelligence agencies have compromised the security of major cryptographic tools.

Chirgwin was the first reporter to catch wind of the news that FreeBSD decided during a developer summit in Malta this past September to relinquish trust in those companies’ random number generators, or RNGs, and meeting minutes obtained by Dan Goodin of the website Ars Technica confirms that programmers became suspicious after leaked documents within the trove pilfered by Snowden accused the NSA of breaking widely-used encryption protocols.

FreeBSD has until now relied on a “random generator framework” within the OS, according to the notes spotted by Chirgwin, containing three RNGs: RDRAND, Padlock and another named Yarrow, designed in 1999 by security wiz Bruce Schneier, among others. Individually and in tandem, these generators rely on digital entropy to randomize a computer’s output, thus masking operations through multiple layers of encryption that were once thought largely impossible to crack. Recently leaked NSA documents, however, have suggested otherwise.

The OS is on the verge of releasing their latest version, FreeBSD 10, but any users that upgrade to that edition won’t be able to rely solely on Intel or Via’s RNGs anymore.

For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead,” reads an excerpt from FreeBSD’s summit “special status report.”

The developers go on to acknowledge that it will still be possible for end users of FreeBSD to access hardware RNGs — namely RDRAND and Padlock — but the programmers behind the OS say, “we cannot trust them anymore.”

In the Developer Summit minutes discovered by Goodwin, FreeBSD offers some insight into why exactly they’ve decided to abandon two highly-used encryption chips. They reference Snowden by name and admit that his leaks suggest there’s a “v[ery] high probability of backdoors” in some hardware RNGs, and that those generators simply can no longer be trusted to provide “good entropy directly.”

This year’s FreeBSD Developer Summit was an invite-only event in late September that was hosted roughly three weeks after reporters with The New York Times, ProPublica and The Guardian simultaneously released a report detailing the NSA’s attack on encryption methods that drew from never-before-published top-secret documents leaked by Snowden.

The NSA, the outlets reported on Sept. 5, “is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age.”

Elsewhere in the report, the journalists said the NSA has spent billions of dollars during the last several years to break complex encryption algorithms — and in other instances where supercomputers weren’t successful, they compelled the makers of those tools to install government-friendly backdoors.

Cryptanalytic capabilities are now coming online,” reads a 2010 memo supplied to the reporters by Snowden. “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

Schneier, the crypto-expert partially responsible for the Yarrow RNG, worked with The Guardian on disseminating those Snowden documents ahead of publication and described the revelations contained therein as “explosive” when they were finally printed.

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,” he wrote in an early Sept. essay for the Guardian. “If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.”

The NSA documents failed to name any specific manufacturers that have aided the intelligence community’s operations, but security experts were quick to voice suspicion, and RSA, the makers of one of the world’s most widely-used RNGs, told customers they should discontinue using some of their products after the early-Sept. Snowden leak.

That same week, MIT-educated cryptographer and Linux developer Theodore Ts’o stated publically that he was happy with his decision to resist earlier pleads from Intel engineers to have that operating system commit entirely to RDRAND for encryption.

“Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea,” Ts’o said. Now just three months later, FreeBSD is rescinding their reliance on Intel and Via’s RNGs.

When a petition began circulating in mid-Sept. imploring Linux to stop relying on RDRAND, one of the OS’s leading developers, Linus Torvalds, called those who made those pleads “Ignorant.”

Comments (22)

 

funkytowel 24.12.2013 18:17

Theodore Ts'o 16.12.2013 02:52

The article didn't give the full context for why Linus called the petitioners ignorant for wanting to remove RDRAND from /dev/random. He called them ignorant because Linux was mixing RDRAND with other entropy sources. That was a change I made a year before the Snowden revelations, and it's the change that the FreeBSD developers only belatedly made now.

  


Th anks for submitting that. It jumped right out at me, when the mentioned Linus, and I was like, what?! I've been using GNU/Linux for about seven years now.

 

mergon 18.12.2013 10:36

If i needed to send some documents to another part of the world i would not use a computer ,i would make them work for it and use an encoded SW burst transmitter , people rely to much on computers these days !

 

Rohan Molloy 16.12.2013 08:50

Theodore Ts'o 16.12.2013 02:52

The article didn't give the full context for why Linus called the petitioners ignorant for wanting to remove RDRAND from /dev/random. He called them ignorant because Linux was mixing RDRAND with other entropy sources. That was a change I made a year before the Snowden revelations, and it's the change that the FreeBSD developers only belatedly made now.

  


He y aren't you the guy that first brought /dev/random to Linux?

View all comments (22)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us