HackerTrans
TopNewTrendsCommentsPastAskShowJobs

philodeon

119 karmajoined hace 2 años

Submissions

No Bounty: A Story of a Serious Privacy Leak in iOS

paradisefacade.com
4 points·by philodeon·hace 9 meses·0 comments

comments

philodeon
·hace 4 días·discuss
Yes, that’s the deflect part of deflect and minimize.
philodeon
·hace 4 días·discuss
Because both the article and your continued arguments about ML-KEM demonstrates that in confirmed cases of NSA sabotage and in hypothetical cases of NSA sabotage, your job is to deflect, minimize, and avoid any responsibility being doled out. I hope you’re well paid for this job.

When we find out that the ML-KEM math was thoroughly broken by NSA for years, your response will be “gosh, nobody could have known that. It’s best not to hold anyone responsible though, certainly not the NIST employees whose names are all over the evidence…”
philodeon
·hace 4 días·discuss
Ok, let me be clear: the NIST is a proxy organization for the NSA. The declassified internal history of the NSA makes it clear that they were subverting the NIST back when they were still called the National Bureau of Standards.

Just because NIST engages in some wholesome activities doesn’t mean that their core purpose isn’t to do the bidding of the NSA.
philodeon
·hace 4 días·discuss
I was making the point that if you have subverted the NIST to do your bidding in what appears to be a neutral way, obviously you’re going to have some feel-good projects in your portfolio. Otherwise, the folks that the Soviets called “useful idiots” wouldn’t have anything to point to to exonerate them.
philodeon
·hace 4 días·discuss
As your article points out, Hoffman wrote a specification for spewing as many NSA-controlled “random” bytes into TLS packets as he could get away with, after Rescorla’s attempt failed. Hoffman’s work became an experimental RFC.

Yet, your article says “In at least one case, Hoffman even attempted to provide a cryptographic rationale for extra randomness. Of course, naming-and-shaming either of them is pretty silly.” This makes no sense. We have names for criminal equivalents of his behavior: criminal mischief, disturbing the peace, conspiracy, etc. But if you do these things on a standards board, you get a pass? This was a concerted well-funded effort to compromise your security and my security. I think he should be put in a pillory and tarred-and-feathered.

You continue to cover for malicious actors with your “but the NSA didn’t write it!” insistence. The classic anti-Schneier Dual-EC take around 2007 was “but the NSA wouldn’t insert a backdoor, they would destroy their public image!” Your insistence is the equivalent of “but the NSA wouldn’t do that AGAIN!” Fool me once…
philodeon
·hace 4 días·discuss
To quote you: “ (I'm among an elite cadre† of cryptography-adjacents who felt it probably wasn't, but only because I thought it was too stupid to actually be used anywhere --- as soon as it was disclosed that (a) it was a default-yes algorithm in BSAFE and (b) big companies actually used BSAFE in important products, it was immediately clear what was going on).”

The BSAFE disclosure happened in 2013 with Snowden. In 2015 you published an article still questioning whether Dual-EC was a backdoor, and providing an immense amount of plausible deniability for folks like Hoffman.

https://sockpuppet.org/blog/2015/08/04/is-extended-random-ma...

You don’t even remember the historical Ptacek Gut Logic!
philodeon
·hace 4 días·discuss
The Godfather Part 2 demonstrated overwhelmingly that a good part of Vito Corleone’s ill-gotten gains went to strengthening his community. The Italians in his neighborhood adored him.
philodeon
·hace 4 días·discuss
DJB wrote a short history of NSA’s malicious meddling in the cryptography we all use, based on a declassified internal history of the NSA.

https://blog.cr.yp.to/20220805-nsa.html
philodeon
·hace 4 días·discuss
> pure ML-KEM is much more "proven" than people are discussing. The core hardness assumption dates back to 2005, and has been intensely studied (the paper introducing it got a cryptography version of a Nobel prize (Godel prize), as did several follow-up works only achievable using that hardness assumption.

The inventor of the lobotomy won a Nobel Prize in Medicine for it.
philodeon
·hace 4 días·discuss
> Incorrect. My argument is that they aren't the same entity.

Your mind is going to be blown when you learn about proxy organizations and cut-outs.
philodeon
·hace 4 días·discuss
To be clear, the Schneier Facts on Dual-EC turned out to be far more accurate than the Ptacek Gut Logic.
philodeon
·hace 4 días·discuss
You do realize that the NSA spends many millions on employing mathematicians, right? And that they wouldn’t keep doing that if all the mathematicians did was get really shit-hot at Kerbal Space Program?

An analysis of the comparative risks of these crypto systems should include “The NSA knows a lot of math they’re not sharing, and if they really really like ML-KEM, that’s concerning even if Ptacek keeps pointing out NSA didn’t write it”
philodeon
·hace 4 días·discuss
But the NSA didn’t throw their weight around in the NIST or IETF processes trying to standardize McEliece, isogenies, HQC, or UOV. They threw their weight around trying to standardize ML-KEM.

And anticipating your “but SIKE turned out to be easily breakable, why didn’t they try to standardize it?” The answer is “it made it shockingly far, but more importantly, SIKE was broken in the unclassified literature, but ML-KEM is broken in the classified literature.” Secrets in unclassified literature are not NOBUS secrets.
philodeon
·hace 4 días·discuss
No, because if the NSA didn’t already know how to break one of the cryptosystems, their engagement with the contest would have looked much different. They’d genuinely engage with the contestants and provide accurate security margin estimates. They wouldn’t barge in and make illegal procedural demands.

This is called praxeology. One would think that someone who has already been a useful idiot on behalf of the NSA regarding Dual-EC-DRBG might learn to keep their naivete to themselves.
philodeon
·hace 4 días·discuss
It means that your argument is “the NSA couldn’t have subverted ML-KEM, it was written by Europeans”.

You assiduously pretend that this scenario isn’t possible: * The NSA reviewed the PQ submissions and realized that there’s one they already know how to break at scale: ML-KEM, because their army of math PhDs spent a couple decades understanding it better than the rest of the world * The NSA decides they want ML-KEM deployed everywhere so that the world is full of transparent-to-NOBUS cryptography * The NSA spends the entire PQ contest placing their thumbs on the scale of the process, violating their 2014 post-Snowden promises of increased transparency, to make their NOBUS dreams happen

The actions of NSA and NIST personnel make the most sense with the assumption that they desperately want to standardize ML-KEM and ML-KEM alone because _they already know how to break it_. What doesn’t make any sense is why the private sector is cheerfully going along with it —- even Charlie stopped letting Lucy hold the football at some point.
philodeon
·hace 4 días·discuss
[flagged]
philodeon
·hace 26 días·discuss
I’ve tried to submit code that removed old drivers from the kernel build in some distros, and they were universally rejected.

Everyone is afraid of breaking users until Torvalds says it’s ok.
philodeon
·hace 2 meses·discuss
Not only are there a vast amount of modules you’ll never need, the distros build and distribute most of them.
philodeon
·hace 5 meses·discuss
There is no support for M3/M4/M5 GPUs, period. Asahi Linux is only installable on M1 and M2 Macs.
philodeon
·hace 7 meses·discuss
Consider that a car made of plastic is something that only works pre-Ralph Nader. Now the NTSB would veto it in milliseconds.