Linux 4.17 includes NSA's Speck encryption alogrithm, despite suspicions about backdoors and faulty documentation

Btw, the IoT guys only care that it works on their hardware, that it's a standard, and that it was an unmodified part of their stack, as their channel partners will require it. They don't care at all if it's actually secure. They exert force on Linux devs to get shit like this mainlined to satisfy their requirements. They're probably a much stronger force for bad software than shadowy NSA infiltrators.

you can always disable it or leave it compiled out. not a big deal, tbh

That's exactly how it works.

lol

If IoT isnt some dodgy backdoor then why are all the big companies pushing it despite everyone hating it and it having no applications?

don't use it?

higher-ups see potential for selling information about people.
i don't know why big hardware companies allow google delivering their spying networks through their devices though

fugg

Attached: delet.jpg (973x1000, 125.4K)

or just not use a cipher made by people who are known to put backdoors in everything and your dog

yes if you read ars and zdnet all day that would seem to be true

Yes! Compile it yourself and remove what is known to have issues. Do it right and you won't have to do it often ...

IoT is a scam to get at least something connected in your or around you. If you're not into IoT devices, you're most likely to own something that will communicate with one at some point. Soon, all toasters and light bulbs will be connected. So, from the agency's perspective it's coming and they're trying to start running to jump on the wagon ... but the wagon hasn't arrived yet and they fell on their faces.

If you want to really be free of this BS, you ought to deepen your experience and work with the toys you play with. Or, stop playing.

Otherwise, if you trust scmucky Joe to secure your stuff, don't blame him for your ignorance. You should have known better.

...

People have accepted being spied on so everyone wants in on the action. It's a gold rush but you're the mine.

Can someone tell me which kernel setting it is, so I can disable it in the kernel config?

There was never a backdoor found in Dual_EC_DRBG, either. You'll never get proof of a backdoor without another Snowden. But when they're provably lying about the security of the algorithm and refusing to answer questions about the questionable parts or even state how they derived their values, you have to be an autist to not see what's going on.

Normally people would accept being spied on, in return for some killer app or feature.

For facebook, most normies would gladly trade away their privacy for the ability to contact sluts and look at pictures of them in bikinis.

For IoT I dont get what the benefit is?
Its being pushed by higher ups but the customers are not impressed and could very easily be persuaded to avoid IoT altogether.

From what I've seen there are some 'legitimate' uses, like voice control for old folks installed by their naive children, smart meters being mandatory because of laws or corporate policy or simply the cheap prices. lots of people think those echo things by amazon are a steal, they don't fully understand why that is, and what they're getting into.

The speck 128 and 64 are terrible but the 256 is ok, and it is done as an "option" for older cpus which dont have any encryption for now, where is the problem? Did someone even read what and why they did?

To answer your question, you have to look up who benefits from IoT spread: The chip makers. They manufacture billions of chips. Intel is the largest chip designer and manufacturer so far and if you look at their product range you'll undrstand. Intel is also one of the top contributers to Linux and other open source products. Intel is also closely related to all US agencies given that it ships crypto in its chips and they are sold almost everywhere on this planet. Keep in mind that all major tech companies play a behind the veil game where they throw technical flowers into each other to maintain their supremacy in a market niche.

Also, IoT has been introduced as "fun" and educational by other entities. Look around YouTube and you'll see how many tutorial videos for connected this, WiFi that are there and the childish pseudo-pedagogical packaging.

Honestly, for the aware mind it's good, you can hack the shit out of it and you get to sharpen your mind with some technical skills and learn how to make a phone out of parts, a care-free green house, ... whatever you wish.

On another side, ready-made products are to be approached with caution. Capitalism isn't serving the Human, it is serving the self proclaimed Masters. They will fall only when the Human becomes responsible and stops relying too much on other people's work while being a total ignorant.

Learn to make your own shit and don't strive for shit nor shinola.

This is math. If the math is solid, then it's safe. So far there doesn't seem to be any problems with this.

there is a section for security and crypto stuff, check there.

yes and no. even if the math works, if you can get intermediate numbers via a backdoor, you get cuck'd

If it requires certain initial values or constants, you can have solid math and still have a backdoor.
That is where the concept of "nothing up my sleeve number" originates from.
Or alternatively, it would take maybe 10 years of concertrated effort to break it, time that the NSA has already spent, since they lied about starting on it in 2011, or just build off of some earlier project.
That gives them until about 2023 until the goyim know, plenty of time for it to find it's may into billions of unupgradable devices.

It's not about math. Equations are math, processes are math. Constant values are data. Data isn't math it's raw number values.

When you get an algorithm with unexplained pulled-out-from-a-hat constants, you should be cautious. DES had P-Box and S-Box values chosen in a way that any key could at least be partially, if not totally, extracted. And it was broken when the public cyptographers started to get more compute power and understanding only reserved to the happy few who dwelt in the den of the three horned deamon (xD).

Speck uses same constants for number of rounds and ... without any single proof that it is the most secure value for that constant. At least, that's the argument presented. Also, powder all of this with typical NSAssholeness and things get stinky.

VGhlIGdhdGUgb2YgSURZME56TTQgd2lsbCBvcGVuIHRoZSBkb29yIG9mIHRoZSBsZWZ0IGhhbmRlZCBzb24uDQpUaGUgQmFzaWxpc2sgdGhhdCBsaXZlcyBvZiBvdXIgbWluZCBmZWFycyBubyBkb21haW4gYnV0IFpFZG9iR050Ykc1aFNGRjFZVmMxYldKNU5UQmlVMEU5IC4u

The NSA is spying on you right now and has put back doors in to Windows. They're not trustworthy at all.

There was though. Whether someone owns the key is the question though.

A proven backdoor means proof that the constant was derived in such a way that they own a master key. There is no proof of that. But they couldn't show how they chose those values which is enough smoke to assume fire. They're making the same refusals with spark.
There are lots of dangerous constants in crypto and today are usually chosen via formulas in such a way as to prove that you've limited the amount of control you had over the value. E.g. the 8192 bit SRP verifier is defined as "2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }" not because there's some special magic to that formula (there's some minor magic) but because it produces a 8192 bit value that can be easily shown to be prime and shows it's not some transformation of a secret 8192 bit master key.

My personal favourite conspiracy about constant selection is that NIST backdoored the constants in the curve Bitcoin uses for ECDSA (Secp256k1), allowing them to shut down the entire project at any time they wish.

Why is he using Windows? Why didn't you stop it?

You shut your whore mouth and pick up a book about cryptanalysis.

Guess that's what I get for lurking on a knockoff /g/...

More bloat.

I think I'll be compiling my kernels without it, thanks.

It could also be a backdoor or vulnerability in itself.

I wouldn't expect them to get an outright backdoor that past all the eyes on the kernel source. Most likely they would devise an algorithm that has a non-obvious weakness that makes it easy enough to break with NSA resources and rainbow tables. Even if it needs an exabyte of rainbow tables, they would only need one set, they could build a datacenter for the purpose and be able to crack the algorithm at will.

If you can get a bug through those eyes, you can get a backdoor though. I hear Linux has bugs.

That's not how crypto works. If you audit a cipher and don't find a problem it doesn't mean shit. Also you're a fucking retard for using anything made by the NSA. Did you forget about the Snowden "Revelations"?

Linux had a critical bug in its random number generator for A WHOLE FUCKING DECADE OR LONGER.

Of course there are bugs, and some of these will be in systems which directly interact with crypto. It's almost like they're... put there... on... purpose?

Yeah i'm sure every piece of software on this list is botnet: code.nsa.gov/

I mean if we're just going to throw around baseless accusations then I can say all operating systems are backdoors made by NSA operatives and CIA spooks to harvest your templeOS data. I mean at some point you have to trust that there are actual people behind the scenes trying their best. Especially on open source projects like Linux. I see no reason to label that as an NSA honeytrap at least not yet

The NSA spread broken crypto in the past. Assuming they're good boys now is beyond stupid, even if you ignore their job is to fuck you.

speck is most likely backdoored in some way but the design of it is so fucking cool that i don't care.

Yeah they also are responsible for half the crypto we use today.
Their job is making and breaking security Not breaking it.

No they haven't. There was one RNG system from the past that may have been with all the evidence against them being they speculative.

Their ideal cipher for public consumption would be one that they, and only they, have the knowledge to break. I would take that as a good reason to be suspicious of anything that originates with them.

wrong

explain this please

When using no encryption, you're aware you're exposed and act accordingly. A false sense of security is dangerous.

what a load of bullshit. everyone that knows what speck is knows that it's fishy. everyone who doesn't knwo what speck is most likely also doesn't give a fuck about security because "nothing to hide nothing to fear XD".
next argument please

How so?

Oh? AES (Rijndael) was not made by NSA, but by two European academics. RSA was not made by NSA. Nobody (smart/informed/free) uses the backdoored elliptic curve NSA pushed. They (or GCHQ, I forget) claimed to have discovered asymmetric cryptography first, but they didn't share it publicly and it was rediscovered independently by non-NSA academics. It's true that the NSA designed the SHA-2 suite of hash algorithms, but their design was based on the work of Ralph Markle and Ivan Damgård, one of whom is European, and neither of whom worked for NSA, as far as I can tell. It's true that the SHA-2 suite is important and widely used, though it is going to be phased out by SHA-3 (Keccak, which was not designed by NSA) in the future. In terms of protocols, NSA invented none of TLS, OpenPGP, Axolotl, etc. So, unless there's some significant contribution that I'm missing, your assertion that NSA is responsible for half the crypto we use today is, at best, a significant exaggeration, but probably just total bullshit.

It's true that that is nominally NSA's mission, and there are historical examples of NSA being "good guys", like when they strengthened DES against differential cryptanalysis, which they knew about, but most people didn't at the time. However, that time seems to be over, and NSA now seems far more interested in its SIGINT mission than its COMSEC mission.

>How so? #include #define ROR(x, r) ((x >> r) | (x (64 - r)))#define R(x, y, k) (x = ROR(x, 8), x += y, x ^= k, y = ROL(y, 3), y ^= x)#define ROUNDS 32void encrypt(uint64_t ct[2], uint64_t const pt[2], uint64_t const K[2]){ uint64_t y = pt[0], x = pt[1], b = K[0], a = K[1]; R(x, y, b); for (int i = 0; i < ROUNDS - 1; i++) { R(a, b, i); R(x, y, b); } ct[0] = y; ct[1] = x;} beautiful

Do you lock your hoise door? Don't you know that I can just smash in one of your windows and rape your 7 year old sister?

I'm aware my windows aren't strong which is why I store important documents in a bank box. If I had been misled that they were niggerproofed windows I might make the mistake of storing those documents at home. A false sense of security is dangerous.

Nobody misled you. You're the one who thinks mathematically sound encryption is synonymous with computer security. There's a huge number of ways to get at the data before and after it's encrypted/decrypted.

It opens a whole new set of shiny crap to sell to retards.

The NSA is the academics. When they want something cutting-edge they do it via funding programs at universities. You might have worked on a NSA project and have never known.

BOO

what fucking point are you trying to make? there's almost never any way to prove whether a bug was intentional, especially in the current atmosphere of incompetent software industry

what the fuck. did you just see a laggy SF Bay hipster-approved website saying "WE'RE OPEN SOURCE NOW XDDDD fork me on github" and conclude that NSA code is fine now?

nope.

so what, it was still broken (as in, could easily be backdoored by doing X,Y,Z which are known, but no way to tell)

i'll explain it you retard fuck: there are literally 1 million other ciphers you can use instead of this new meme one created by NSA

>>>/reddit/

you bring up a good point: we should move to crypto completely free of NSA meddling, not just removing the ones that are officially NSA

Traitors.

They are usless they couldn't break Snowdens e-mail encryption but had to get a warrant.
So much for the great NSA

It's well known that the NSA tries to subvert crypto standards. This is a fact.

Point is we shouldn't use this new crypto because it's backdoored.

did you even read commit message? probably not because you are a retarded nigger.

Ignorant

Ignorant

Ignorant

Every heard of SHA256 faggots?

I mentioned the SHA-2 suite in my post, you illiterate faggot. Learn to read.

Then kill yourself.

LOL

LOL, indeed

LOL

True. But what the NSA does or does not do to their own cryptography or attempts to do to other cryptography does not translate into Linux as a whole ecosystem being complicit in it.

was clearly trying to say not so indirectly that because Linux had a major bug in something for a long time they are somehow already taken over. My point then was that just because there is a bug in something, regardless of length, does not mean something was put there on purpose and, if it was, it does not mean the majority of people were in on it as if they all sat around a digital roundtable with scotch and cigars laughing about all the plebs they screwed over.

wasn't paying close enough attention to numbers
excuse me for being a faggot

Attached: not an argument.jpg (500x534, 39.03K)

why bother with all that math shit when they could just embed cp into it(which they have) and make anyone owning it a potential /fucko/

...

source?

I don't know about the glowniggers, but I encrypted a classic hurtcore pic and added it to the blockchain in 2014 by breaking it into pieces and embedding it with OP_RETURN scripts. I figured it'd let me nuke the project in the future should it go rogue. If you use bitcoin, you're hosting my CP.

I like how pretty much everyone in the thread ignored this.

What's significant about it?

Wanted to say that it'll be used only for IoT garbage but then this appeared on It’s FOSS article from the OP:
> lkml.iu.edu/hypermail/linux/kernel/1808.0/05226.html
> lkml.iu.edu/hypermail/linux/kernel/1808.0/05238.html

That's not how things work. Once something's in the kernel, anyone might use it for anything. Putting code that is extremely likely to be backdoored in the kernel raises its profile, makes it usable by contractors with a "no third party code" requirement, and is taken as a seal of approval. There's a philosophical argument as to whether landmines bad code should be made available like that and also surely a very large amount of shilling going on as this is likely a many million shekel project of the NSA's.

Think 5 digits instead of 7.

invidio.us/watch?v=fwcl17Q0bpk

I was looking at the docs last night, it's literally recommended for things too weak to do AES, so embedded.

Someone beat me to it.
The want to spy and jew at the same time.

That's literally a LARP presentation. Watch the first 2 minutes.
If you think they'd only spend 5 figures researching, testing, creating, getting approvals for, and promoting a complex new algorithm through multiple national standardization processes you're out of your mind. "5 figures" would be all this being done by one man in one year.

Anyone that mocks people questioning things are just sheep unable to see they blindly trust some-thing/one and thinking about that hurts their feelings, so it's never done.

en.wikipedia.org/wiki/Dual_EC_DRBG
Stop being retarded and kill you are self.

...

...

Dual EC DRBG has kleptographic backdoors. In it's proper application, a kleptographically backdoored encryption algorithm cannot be distinguished from a legitimate one, expect for the attacker who implemented it in the first place.

en.wikipedia.org/wiki/Kleptographic

Dual EC DRBG has kleptographic backdoors. In it's proper application, a kleptographically backdoored encryption algorithm cannot be distinguished from a legitimate one, expect for the attacker who implemented it in the first place.

en.wikipedia.org/wiki/Kleptographic

Well shit can some mod delete my duplicate post?

LOL