Re: how i stopped worrying and loved the backdoor

[coderman <coderman () gmail com>]

On Thu, Dec 23, 2010 at 10:00 PM, Marsh Ray <marsh () extendedsubset com> wrote:
> ...
> > how i stopped worrying and loved the backdoor
>
> Note that much of that is backed up by CVS history.
> ...
> For example, as he mentions in P2 the entropy pool extraction functions

intelligently constraining key space and / or leaking key bits is the
Right Way (tm) to do a backdoor.  it requires knowledge of the
particulars to execute and provides more robustness than a class break
/ full key leak.  i hear they've got clusters of key crackers for
searching reasonable spaces ;)

also, this may not be limited to entropy pool. it would make much
sense to combine elements of hardware accelerated crypto drivers with
entropy reduction or key leakage to target specific installations or
further obfuscate effects, as mentioned in the thread so linked.

(and you could be pretty precise with such key space degradation, if desired!)


> I even pointed some of this out the other day on this thread:
>     http://marc.info/?l=openbsd-tech&m=129298665720095&w=2
> Perhaps the reaction speaks louder than words.

"good entropy is hard", is the theme of that thread.

how do you measure entropy?  a few bytes and i've turned terabytes of
entropy into simple order.

the debian openssl weak key debacle underscores just how difficult and
obscure such technicalities are in the face of random human failures.
a well funded adversary with specific targets and significant skill
would enjoy plentiful opportunity and success.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/