Blowfish on 24, Again

Three nights ago, my encryption algorithm Blowfish was mentioned on the Fox show 24. The clip is available here, or streaming on Hulu. This is the exchange:

Janis Gold: I isolated the data Renee uploaded to Bauer but I can't get past the filed header.

Larry Moss: What does that mean?

JG: She encrypted the name and address she used and I can't seem to crack it.

LM: Who can?

JG: She used her personal computer. This is very serious encryption. I mean, there are some high-level people who can do it.

LM: Like who?

JG: Chloe O'Brian, but from what you told me earlier she's too loyal to Bauer.

LM: Is her husband still here?

JG: Yes, he's waiting to see you.

LM: He's a level 6 analyst too.

...

JG: Mr. O'Brian, a short time ago one of our agents was in touch with Jack Bauer. She sent a name and address that we assume is his next destination. Unfortunately, it's encrypted with Blowfish 148 and no one here knows how to crack that. Therefore, we need your help, please.

...

Morris O'Brian: Show me the file.

MO: Where's your information. 16 or 32 bit wavelength word length?

JG: 32.

MO: Native or modified data points?

JG: Native.

MO: The designer of this algorithm built a backdoor into his code. Decryption's a piece of cake if you know the override codes.

LM: And you do?

MO: Yeah.

LM: Will this take long?

MO: Course not.

LM: Mr. O'Brian, can you tell me specifically when you'll have the file decrypted?

MO: Yes.

MO: Now.

O'Brian spends just over 30 seconds at the keyboard.

This is the second time Blowfish has appeared on the show. It was broken the first time, too.

EDITED TO ADD (4/14): Avi Rubin comments.

Posted on March 19, 2009 at 12:18 PM • 134 Comments

Comments

AlanMarch 19, 2009 12:32 PM

Pity. And I always thought Bruce wrote reliable code without backdoors!

I guess I'll have to start using Twofish instead.... ;->

RowanMarch 19, 2009 12:39 PM

Bruce,

Don't suppose you could share how you feel about this?

Very few of us will ever have the same experience, so it might be interesting to know. Are you angry as hell? Proud to have your algorithm depicted in such a popular show? Sad? Or couldn't care less? Otherwise?

wiredogMarch 19, 2009 12:40 PM

OK. Now we're gonna have to set up a perimeter around the blog, shoot Allen at Division in the thigh, and drink.

SheldonMarch 19, 2009 12:44 PM

By comparison, the tech talk on the show Big Bang Theory is generally accurate. So it is possible for a fictional show to have correct references to technical information. Probably they just don't care. I don't watch 24 partly because the tech talk is absurd, so it ruins the story.

Mark LenahanMarch 19, 2009 12:44 PM

I have to wonder, in picking the specific algorithm to name (where any would suffice), did getting 24 mentioned (again) on a prominent security blog figure in their decision?

wiredogMarch 19, 2009 12:47 PM

@Mark Lenahan
They get mentioned almost daily on Dave Barry's blog, and they haven't mentioned oosiks, the WeinerMobile, or other silliness yet.

fadeddaysMarch 19, 2009 12:50 PM

The tech talk on 24 has been especially painful this season. I about fell out of my chair when they started talking about Blowfish. Absurdity!!

Anyways, the Ryan Burnett character was not involved in this dialog. It was FBI Agent Larry Moss.

JeffMarch 19, 2009 12:52 PM

I'm curious as to what Bruce thinks as well.

In the meantime, doesn't it seem curious that the writer knew enough to write "Blowfish", but not enough to get the rest of the details? Doesn't it seem very curious that after that, the rest of the sentences (148, backdoor) are just plain old gibberish?

This is part of 24's charm - if you can call it that - the intentional misspeaks that cause "people in the know" to throw up their arms - or laugh out loud, as the case may be. It might require Myers-Briggs to determine which type you are, but there are instances of this sort of deliberate half truth in every minute of every show.

Personally, if I were Bruce, I'd consider this to be a great honor - sort of like a politician being the subject of a good cartoon - you gotta laugh!

DolphinMarch 19, 2009 12:53 PM

If I have learned anything by watchign the new Knight Rider it is that ALL good programmers build backdoors into their programs.

ppatinMarch 19, 2009 12:56 PM

"16 or 32 bit wavelength"

Oh dear, the stupidity of that line is almost painful.

MithrandirMarch 19, 2009 12:57 PM

24 is possibly the worst show on television for technical accuracy. They clearly just don't care. I'm actually quite surprised they didn't just make up an encryption algorithm name. I mean, "wavelength" measured in bits?

mcbMarch 19, 2009 1:00 PM

Rowan,

"Don't suppose you could share how you feel about this?...Are you angry as hell? Proud to have your algorithm depicted in such a popular show? Sad? Or couldn't care less? Otherwise?"

I've only watched 24 once by accident while stuck on a poorly chosen elliptical at the club. Jack was busy torturing some politican with a Taser, and threatening permanent neurological damage or sumsuch. I imagine its mfg feels much the same way Bruce does.

Nicolas WardMarch 19, 2009 1:00 PM

At least they used the name of an actual cipher. That's a step up for 24. I would take a paycheck of $0 just to correct their technobabble inaccuracies.

MusashiMarch 19, 2009 1:09 PM

I don't believe you built a backdoor into your code!
How could you!?

Oh wait, sorry... the show is on FOX!
Given what passes for News and Opinion, how much credence can be given to fiction?

I'd still sue them for defamation. Backdoor indeed!

matt aMarch 19, 2009 1:11 PM

Could have been worse. They could have had an intern break the code with a People magazine and a calculator....Level 6 is SERIOUS!

Mark J.March 19, 2009 1:24 PM

A few seconds to type in the backdoor code seems reasonable. I mean, how long does it take to type "Joshua?"

Western InfidelsMarch 19, 2009 1:27 PM

"Blowfish" is a cool-sounding name that the audience can actually Google. I wonder if that played a role in the writer's selection. To an inexpert audience, it doubtless will lend an air of authenticity. "Hey, I Googled that Blowfish thing and it turns out to be real!"

Just what we need. More people thinking that 24 is realistic.

EvanMarch 19, 2009 1:38 PM

Actually, there is no backdoor. O'Brien just built a GUI interface in Visual Basic and saw that he could track an IP address, because it was realtime.

andy fletcherMarch 19, 2009 1:41 PM

Its not a good way of publicising Blowfish though. There will be lots of people out there who are now convinced that the system has a back door engineered by no less than Mr Schneier himself. I'm wondering if it could be regarded as an act of defamation.

I'm sure that Ford would have something to say if the show had a section in which they explained that their cars had a dangerous fault and the manufacturer had engineered a back door into the engine management which caused them to fail early.

I've heard 'clarifications'after broadcasts in the past and am wondering if this is another case where one should be transmitted.

After all Mr Schneier makes exceedingly good cryptosystems...

derfMarch 19, 2009 2:09 PM

24's plots are too obvious. At every possible place in the story where anyone of consequence is able to make a decision, they always choose the wrong one. It's the only way they can stretch a 2 hour narrative into 24.

Adrian LopezMarch 19, 2009 2:11 PM

I've never bothered to watch 24, but what I've read suggests we're talking about a show that's tried numerous times to sell viewers the notion that torture is an effective way to solve a terrorist plots in under 24 hours. If so, Blowfish having a back door is just par for the course.

JasonMarch 19, 2009 2:20 PM

I still need to know: 16 or 32 bit wavelength and are you *sure* the data points are native?

Oh God, oh God.

If you don't tell me within the next commercial break, the hostages die!

AnonymousMarch 19, 2009 2:30 PM

I'd be fuming mad if my algo was defamed like that.

There are shows like MacGuyver that teach us that a little ingenuity and clever thinking can go a long way.

There are movies like Oceans 11 that remind us that even the most drastic security measures are subject to being severely violated.

Then there's crap like this that completely and totally misrepresent security. Evan, you hit it spot on!

Baron Dave RommMarch 19, 2009 2:33 PM

Bruce: You should demand to go on The Daily Show with Jon Stewart to defend yourself. That's all the rage these days, and the interview will be a lot of fun.

Dave VincenteMarch 19, 2009 2:39 PM

In the closed captions for this episode, it actually reads "16 or 32 bit word length" instead of wavelength.

anon twoMarch 19, 2009 2:55 PM

@Dave Vincente
I thought "wavelength" didn't sound right. I'm pretty sure I remember it being "word length"

SimonMarch 19, 2009 3:13 PM

Personally, I would have written a GUI in Visual Basic so I could have tracked Renee's IP address :-)

HJohnMarch 19, 2009 3:38 PM

Add that to the list of brilliant things Hollywood teaches us:
1. A cop can only solve a case after he is suspended.
2. If someone is 22 and pretty, they can bring down the federal government from any computer connected to the Internet.
3. A cable repairman can disrupt an entire fleet of far techologically advanced UFOs with a laptop.
4. Strange noises at night must always be investigated in one's most revealing underwear (especially when a serial killer is on the loose).
5. And a super genius working for the government can break complex equipment in 30 seconds by typing alone.

:)

Bruce SchneierMarch 19, 2009 3:42 PM

"Don't suppose you could share how you feel about this? Very few of us will ever have the same experience, so it might be interesting to know. Are you angry as hell? Proud to have your algorithm depicted in such a popular show? Sad? Or couldn't care less? Otherwise?"

I've never seen the show, and don't really care to. As to how it feels: it feels surreal. I'm not proud to be mentioned, angry they claimed I put a back door in, annoyed they get the details wrong. If anything, I am amused by the whole situation. It's, well, it's surreal.

Bruce SchneierMarch 19, 2009 3:43 PM

"'Blowfish' is a cool-sounding name that the audience can actually Google. I wonder if that played a role in the writer's selection."

That's my guess, too. It's a cool-sounding name. Let's face it, Rijndael or AES just doesn't sound as codewordy.

Rich RumbleMarch 19, 2009 3:56 PM

I bet you've got a fan who writes for the show, and or your name seems to be synonymous with crypto, so why not use a cool sounding "codewordy" name as blowfish.
If you did do what they claim, I bet the backdoor "code" would be:
ChuckN0rris&24_r_4_suckers~!
or perhaps
backdorz-r-kewl(FU-NSA)
-rich

periMarch 19, 2009 3:57 PM

I have never watched "24" but I might be willing to watch the English version "3."

ModeratorMarch 19, 2009 4:10 PM

Thanks for the transcript corrections. (Though I did like the sheer absurdity of "wavelength.")

Rich WilsonMarch 19, 2009 4:15 PM

Back when I watched TV, I saw an episode of Prison Break in which someone had their hand severed completely, through the bone, above the wrist. A few hours work, with no anesthesia, by a veteranarian, and he was ready to use it to drive away.

That was my "Why am I watching this garbage?" moment. I'm now one of those "I only watch it for PBS documentaries" nerds.

Best piece of advice I've ever heard from Bruce, and there has been a lot is "don't watch TV"

Bryan FeirMarch 19, 2009 4:25 PM

@Rich Wilson:

This sort of TV (in fact most of TV) falls into the same category as the old line about news:

Have you ever watched the news about a subject you had personal knowledge on, and found yourself grinding your teeth at the blatant and obvious inaccuracies? ... Well, what makes you think any of the rest of the news is any more accurate, just because you don't know enough details to nitpick?

Honestly, given things like exploding cars and loud booming gunshots that are utterly unrealistic (but for which most people now believe the Hollywood version over the real version), most TV producers obviously haven't cared about even basic levels of accuracy for a long time...

PackagedBlueMarch 19, 2009 4:28 PM

I wonder if this might count as the third remote hole in the default install of OpenBSD.

Other TV funny, safecracking or window cutting with a laser and NO eye/body protection, especially when the beam reflects back.

spaceman spiffMarch 19, 2009 4:34 PM

The thing about backdoor passwords, once they are out, everyone knows them. Bruce, what were you thinking! :-)

Personally, I prefer keeping my secret stuff in plain sight. No one thinks of looking for it there... Besides, if it is REALLY well hidden, then I can't find it either! "Dear, did you see what I did with my super decoder ring?"

Brian TungMarch 19, 2009 4:52 PM

@Bryan Feir: Loud booming gunshots aren't nearly as bad as silencers that make the gun sound like someone playing Tiddlywinks.

RHMarch 19, 2009 4:54 PM

If they really ment "key length" not "word length" I could see there being a backdoor... mainly that an overclocked TI-82 could brute force it!

Christopher BrowneMarch 19, 2009 5:05 PM

I think this is pretty awesome...

When we're talking about a show where the first episode of season 2 ended with Jack Bauer:

a) Murdering a federal witness,
b) Then saying "I think I'm going to need a hacksaw"

in order to remove said head to put it in a gym bag to give him "credibility" to infiltrate a group of domestic terrorists...

I don't think that you have to worry about people taking its realism too seriously.

http://theonlycritic.wordpress.com/category/...

I think this well deserves an full-fledged article debunking common ridiculousness about IT in spy programs.

It should probably include things like:

- Differential cryptanalysis means that if you have a bunch of messages, and do a WHOLE BUNCH of comparisons, you may get somewhere in cracking a cipher. (Where "WHOLE BUNCH" may on the order of thousands-to-hundreds-of-thousands...) That's not the same as "Guessing the key in your head."

- What do firewalls protect against, versus NOT protecting against. Probably to be conspicuously compared with the 24 conceit of "Oh, I need to open up a socket to that server to do my work!" Explaining what a socket *actually* is might be pretty useful!

- Explaining that the conceit of "we deleted everything from the database!!!" doesn't work because when the database is important, the transaction logs get copied to write-only locations and can be pretty easily made sufficiently "untied" from the online system that they are fairly invulnerable.

Dr KildereMarch 19, 2009 5:11 PM

"a) Murdering a federal witness,
b) Then saying "I think I'm going to need a hacksaw"
in order to remove said head ..."

Yeah, that was so obviously fake. All you really need is a Swiss Army knife with the mini-saw blade.

Timmy303March 19, 2009 5:20 PM

"Yeah, that was so obviously fake. All you really need is a Swiss Army knife with the mini-saw blade."

I can do it just by thinking. About Feistel networks.

a_lexMarch 19, 2009 6:04 PM

Bruce. With. All. Due. Respect.

You absolutely have to sue them.

Because, that is defamation. Even if the people did not know what are they talking about, that is still defamation.

And that should also teach them that doing some fact-checking of their scripts is a nice thing.

P.S.:

GUYS, DO WE HAVE LAWYERS HERE?!

Dr SeussMarch 19, 2009 6:15 PM

One fish, two fish, red fish, blow fish

You expect any kind of technical accuracy out of an American TV show? Bwahahaha

James SutherlandMarch 19, 2009 6:26 PM

The sad thing is, it could have been so much more realistic ... "ah, this'll be quick, they're using some proprietary encryption - give it 30 seconds, I'll have it - there."

The whole premise this season seems absurd. Building a piece of hardware to break through a firewall - in order to transmit on an analogue radio frequency? Talking airliners into crashing into each other? Again, SO easy to fix: a classified new anti-hijacking system gone wrong, intended to allow the FAA to seize control using a private key which has now fallen into the wrong hands, say. Maybe not perfect, but orders of magnitude more believable than this season so far!

mattMarch 19, 2009 6:35 PM

Ridiculousness like this is one of the main reasons I stopped watching 24. If they went with complete technobabble, or they actually got things right, then I could stand it. Using real technical words and concepts, but getting them all wrong annoys me way too much though.

Oh, and a level 6 analyst. That sounds serious.

BetaMarch 19, 2009 6:46 PM

@FP: Bruce, next time, you should insist on a cameo appearance.

With the right to choose your costume. I'm thinking facial scars and a robotic hand, but maybe you're more of a top-hat-and-opera-cape kind of guy...

Daniel LarssonMarch 19, 2009 6:52 PM

I have to agree with previous poster; it would have been so easy to make it more believable - Make it a simpler algo, add access to a top-secret government data-center and Tadaa! You have actual tech accuracy and a plot..

clocksolMarch 19, 2009 7:08 PM

That transcript is almost as ridiculous as the dialogue between two "senior" IT consultants I met recently. It's all about delivery, if you say it confidently enough people will believe anything. If I wasn't cursed with scruples I could do anything.

stinky whistlesheetsMarch 19, 2009 7:20 PM

i dont worry bout the makers of 24 believing their own drek. they said they dont. our fellw amuricans do. that scares me. and a better reason to sue. hey bruce you might end up owning the sho. teach em a good security lesson...never try to eat any thin bigger than your own head.

BF SkinnerMarch 19, 2009 7:57 PM

Someone asked the producers to stop being graphic in their depiction of torture 'cause yahoo's on both sides were trying what they saw on 24 on their own prisoners.

They said "Duuuuuude, it's just a tv show and if we stop with the violence no one will watch."

Clive RobinsonMarch 19, 2009 9:08 PM

@ Beta,

"With the right to choose your costume... ...but maybe you're more of a top-hat-and-opera-cape kind of guy..."

Somehow I don't think Bruce has the face to be he Phantom of the Opera.

Mind you others have sugested he could be a Chuck Norris stand in so I guess anything is possible.

Maybe we should call him Bruce "Polymorphic Polymath" Schneier or 2'Pol for short.

Not to be confused with T'Pol where it's not just the ears he hasn't got...

Just kidding 8)

AnonymousMarch 19, 2009 9:27 PM

It's defamatory alright.

But unless Bruce can show damages, he doesn't have a case.

So, at the very, very best, Bruce might be able to get something like, "Have your lawyer call my lawyer, and they can do lunch!"

More likely, he'll only get someone to patiently explain that it's *fiction* before they hang up the phone. That is, if he can get through to anyone at all.

Myself, I'd still sue. Just to fuck with those bastards.

Clive RobinsonMarch 19, 2009 10:22 PM

@ Aguirre,

'“No good fish goes anywhere without a porpoise”
Lewis Carroll'

Ah Charles Lutwidge Dodgson (AKA Lewis Carroll) one of the finest minds of his time. Logician, author, photographa and part time cryptographa. His books much liked by Queen Victoria to the amusment of the courtiers but then that is another story...

kenMarch 19, 2009 10:51 PM

Considering the verbiage for interrogation techniques used on the prisoners of Guantanamo had more references to "24" than they did the constitution, I'd be pretty upset if a sho with that kind of power defamed my intellectual property.

John CampbellMarch 19, 2009 10:53 PM

Of COURSE Bruce put in a "back door"... sadly, no one has yet caught on to the fact that using it will convert any provided ciphertext into a plain-text containing obscene references to policians.

And, of course, the last phrase:

"Security... you keep using that word... I'm not sure you understand what it actually means".

Clive RobinsonMarch 19, 2009 11:03 PM

@ Anonymous at 9:27 PM

"But unless Bruce can show damages, he doesn't have a case."

Well that depends on what part of the world he decides to sue.

Fox pushes 24 to many many parts of the world.

As Counterpane was bought by BT (UK PLC) and he has a job with them he has the option of the English court system.

Which in recent times under "Lord Justice Eady" and law firms "Olswang" and "carter-ruck" have been very advantageous to those with an axe to grind.

Carter-Ruck have in the past taken on many "no win no fee" cases and along with Lord Justice Eady have made numerous aperances in the UK magazine "Private Eye".

Brian BoykoMarch 19, 2009 11:14 PM

I'd start looking into legal options. Yes, it's a work of fiction, but considering that they used the name of YOUR algorithm to defile rather than just making something up (Starfish, maybe?) - well, I think you'd have a case.

It would be like saying, as someone pointed out above: "As an expert knows, all Ford cars blow up when you hit the exhaust pipe with a heavy object."

ToddMarch 20, 2009 12:10 AM

Sue? Are you guys serious. Lighten up. It's not like it was a lengthy diatribe on the vulnerabilities of Blowfish on a respected tv show. It was a 30 second conversation on a (FICTIONAL) low rated Fox TV show.

The ImpMarch 20, 2009 12:40 AM

Arguments of fiction aside, I'd interpret what was said differently. I interpret as: the specific *implementation* that was used in this case contains an override.

Blowfish is a published standard, but anyone is free to write the code that implements that standard. That includes implementing it wrongly, either unintentionally (bugs) or intentionally (backdoors). Although, technically, it might not really be Blowfish anymore; but the output might well be decryptable by the standard Blowfish decryption routine if the backdoor was implemented cleverly.

"The designer of this algorithm built a backdoor into his code."

The backdoor would have to be in the algorithm, not the code, to have been Bruce's work. They're not clear on which they really mean, but only because they're not trying to be.

Ah, yes, Lewis Carrol's works:

"The best book on programming for the layman is "Alice in Wonderland"; but that's because it's the best book on anything for the layman."
-- Alan Jay Perlis

I'm sure Bruce would agree that this includes the subject of cryptography, at least to some degree. Mathematics, language idiosyncrasies, logic, social engineering, it's all there.

Law&Order goofed tooMarch 20, 2009 1:28 AM

From "Law and Order - SVU": (Kidporn suspect)

Forensics guy: "His hard drive was encrypted, so I removed it and did a forensics scan". (With what, a rubber hose?)

Same guy: "I looked in his Internet Cache ..." OK, there are still probably a lot of people who don't clear the cache on exit, and maybe some are kidporn traders, but really...

alMarch 20, 2009 1:34 AM

"This is clearly why Rijndael won the AES competition."

Because American actors can say "Blowfish", but haven't a clue how to pronounce "Rijndael".

ytMarch 20, 2009 3:28 AM

This is the main reason why I can't watch 24: I can't suspend my disbelief enough to accept the technobabble. My ex used to watch the show, so I've seen most of the first season. My coping mechanism was to supply my own alternate MST3K-style dialog.

shadowfirebirdMarch 20, 2009 5:00 AM

The problem is that in this sort of fiction, the only point in the writer putting in a reference to encryption is so they can show someone breaking it.

Román RamírezMarch 20, 2009 5:09 AM

So you guys take on mind that movies and series don't have to be absolutely a match of technical knowledge?

I mean, when you watch ER or Dexter you are not expecting to see medical or forensic science at all.

Fiction is fiction and media wants something than could appear as truth for the average.

I'm quite sure no one will watch 24 if they spend the whole season in front of a screen looking at prime numbers with comments like "oh, this factor attack is quite powerful, it just took 2^28 cycles to got the top of the curve".

NeighborcatMarch 20, 2009 5:28 AM

Bruce, as this is the second mention in 24 you really should ask for a cameo. It can go something like this...

Janis Gold: I isolated the data Renee uploaded to Bauer but I can't get past the filed header.

Larry Moss: What does that mean?

JG: She encrypted the name and address she used and I can't seem to crack it.

LM: Who can?

JG: She used her personal computer. This is very serious encryption. I mean, there are some high-level people who can do it.

LM: Like who?

JG: The guy who wrote it, Bruce Schneier.

LM: Get him on the phone....

(3 am phone-call to a very groggy Mr. Schneier)

LM: Mr. Schneier, a short time ago one of our agents was in touch with Jack Bauer. She sent a name and address that we assume is his next destination. Unfortunately, it's encrypted with Blowfish 148 and no one here knows how to crack that. Therefore, we need your help, please.

BS: Huh? You want me to crack what?

LM: A drive, encrypted with Blowfish, which I'm told you wrote.

BS: Um, yeah...I wrote it, and you are totally SOL...

LM: What? I know you high level programmers always put in back doors and stuff. You mean you wrote the program and you can't break it?

BS: That's right, I can't get you in. Crazy isn't it? Life's not always like it is on TV.

LM: (slamming down phone) @$!&* nerd!

BernieMarch 20, 2009 5:57 AM

Since we're talking about backdoors, does anybody know how hard or easy it is to put a backdoor into an algorithm? Specifically, I'm wondering about algorithms that are available for public scrutiny, so the backdoors must be really hard to find.

AnonymousMarch 20, 2009 6:50 AM

Sue? Are you guys serious. Lighten up.

@Todd

Was U.S. Supreme Court Justice Antonin Scalia serious when he made his controversial remarks back in 2007?

The original report from the Globe and Mail is behind a paywall now, but here's part of a brief writeup in the WSJ Law Blog:

- - - - - - - - - - - - - - - - - - - - - - -

"Justice Scalia Hearts Jack Bauer" (20 Jun 2007)

...

During a panel discussion about terrorism, torture and the law, a Canadian judge remarked, "Thankfully, security agencies in all our countries do not subscribe to the mantra "What would Jack Bauer do?"

Justice Scalia responded with a defense of Agent Bauer, arguing that law enforcement officials deserve latitude in times of great crisis. "Jack Bauer saved Los Angeles . . . . He saved hundreds of thousands of lives," Judge Scalia reportedly said. "Are you going to convict Jack Bauer?"

...

http://blogs.wsj.com/law/2007/06/20/...

- - - - - - - - - - - - - - - - - - - - - - -

If our ruling class --people like Justice Scalia-- are forming policy based on "24", then the show's defamation of Bruce deserves to be taken a little bit seriously.

Suppose that's the first impression Justice Scalia forms about Blowfish? That it was designed with a backdoor?

Jack BauerMarch 20, 2009 7:11 AM

Yeah, we've been hacking common crypto algorithms for years - and not just using obvious back-doors implemented by their creators.
We use QC, or Quantum-Crypto, when we come across something nasty. We have probablistic-trees pre-computed in the supercomputing cluster, all primed and ready to "get a feel" for the password, if it's a code we can't hack. Some of these terrorists use header-stripping so that we jest can't detect from the layout of the binary what kind of file it is, or how it's been encrypted. So, we throw it into the cluster, it disgests it, and tells us how likely it is at being a certain type of file, encrypted with a certain algorithm, of a certain key. The rest is simply matching up the keys from the pre-compute.

You crypto-kids no nuthin' what we do at CIA/NSA/FBI/DOE/DOA/ER - we're jest too good to lest you guys catch up.

Oh, and don't go believing everything you see on TV. Afterall, folks like those on TBBT just don't exist in The Real World [TM, Fox Entertainment].

Jonadab the Unsightly OneMarch 20, 2009 7:47 AM

Honestly, I think Star Trek was at least as realistic as most of the stuff on television these days. At least the Star Trek writers were sufficiently aware of the various impossibilities to include hand-wave explanations for them (e.g., "inertial dampers" to explain away some of the more impossible aspects of shipboard gravity, "Heisenburg compensators" to explain away the fact that transporter technology obviously violates the uncertainty principle). Bothering to do that proves that they *knew* what was impossible about their show, and were asking the viewer to suspend disbelief for the sake of the story. I don't think the writers on most television shows these days are up to that standard.

Ilmari SusiahoMarch 20, 2009 9:16 AM

The best part of 24 is indeed the way they talk about technology, missing a fact but not missing a beat. It seems perfectly reasonable to assume that if you do not notice it, you have a good time watching the show and if you do, you have a laugh and a jolly good time writing and ranting about said mistakes for days on end. Until the next show comes. Which we watch over and over, to be able to properly rant about it. Good fun, is it not?

Clive RobinsonMarch 20, 2009 9:21 AM

@ Bernie,

"Since we're talking about backdoors, does anybody know how hard or easy it is to put a backdoor into an algorithm? Specifically, I'm wondering about algorithms that are available for public scrutiny, so the backdoors must be really hard to find."

It depends on how you look at it. It is easily possible to design a secure algorithms that when implemented efficiently in modern CPUs will open up covert channels via such things as cache hits (AES suffers from this problem...)

But that is possibly not what you mean. I guess you are asking if it is possible to design algorithms that have hidden design flaws specificaly put in to aid in key or plaintext recovery?

If so the simple answer is yes and it's called Kleptogrophy,

http://dimacs.rutgers.edu/Workshops/Intellectual/...

(If you don't like the idea of downloading a PPT use google to get an HTML version)

Briefly most symetric block ciphers use a one to one plaintext to ciphertext mapping against each key. This makes it difficult but not impossible to put in a covert or (Simmons) subliminal channel to disclose the key.

However the design of things like Sbox's can be such that they might contain deliberate but publicaly unknown weakneses (see debate about NSA/IBM and DES Sbox design).

Hashing algorithms appear to be quite susceptable to various weaknesses (hence the current SHA3 face off). Any one of the weaknesses could be a "deliberate back door".

Stream ciphers can be fairly easily back-doored but again it has to be subtal to get away with it in an Open Algorithm. For instance RC4 (Ron's Code 4) turned out to have a number of weaknesses in the way the algorithm was used in practical systems, but where fairly easily solved by such simple things as running the generator for a while after the initial keying of it's Sarray before using for encrypting plaintext.

Public key can be back doored by the key generation process. It is easily possible to hide a short cut to finding one of the primes in the upper bits of the composit key.

Adam Young and Moti Yung have published a number of papers on this sort of thing and they called it Kleptography.

They also published a book about Cryptovirology, that has a website with selected chapters,

http://www.cryptovirology.com/

But at the end of the day as Bruce point's out the crypto is not the weak link in the system. In practice it's the human each and every time. Be it due to unconcidered attack vectors (timing etc giving rise to timing attacks), poor implementation, poor key handeling or the many other crypto sins individuals commit.

My own take is that "efficiency" is the mortal foe of security. The more efficient a system is the more it inadvertaintly reveals about it's internal state via covert or side channels.

Colossal SquidMarch 20, 2009 9:41 AM

I know wikipedia isn't the most reliable source, but this line from the entry on defamation seems applicable:
"English law allows actions for libel to be brought in the High Court for any published statements which are alleged to defame a named or identifiable individual or individuals in a manner which causes them loss in their trade or profession, or causes a reasonable person to think worse of him, her or them"

And stating that a renowned security resarcher and consultant deliberately built a backdoor into his algo. is surely going to lead people to think the worse of him.

Though whether '24' viewers can be considered 'reasonable' might be a sticky point.

So yeah, when it airs in England then I say you sue.

HJohnMarch 20, 2009 9:43 AM

@Bruce

I'd probbably be offended if I were you, but there is a compliment buried in it. On screen, they never have a scripted super-genius break something that's easy to break. I it takes a hollywood hero 30 seconds to break it, they are saying it is unbreakable to mere real-life mortals.

JasonMarch 20, 2009 10:13 AM

You know, NCIS used to do the same thing. Tim and Abby tossing absurd techno-babble back and forth like it meant something. They've gotten better. Maybe in a few seasons, 24 will get some better advisers, too.

24 LoverMarch 20, 2009 10:41 AM

My theory is that Bruce Schneier and Morris O'Brian are brothers. (of course Morris can not use his real name) That is how Morris knew the backdoor that no one else knows. You must admit there is some resemblance. I think it is a good conspiracy theory anyway. 24 needs to write it into the show, and it started here.

old guyMarch 20, 2009 10:50 AM

I don't know why they went through the hassle of making up the story about the back door. Everyone knows that if you subject encrypted data to enough gravatational force it will separate plain text form the cypher. It's like panning for gold - works every time.

RudenMarch 20, 2009 10:51 AM

Wait.. if 24 mentions a real technology that exists.. how does that change the 24 drinking games? do we chug the whole bottle?

-fishMarch 20, 2009 11:43 AM

Then there was that 733t hacker performance in "Swordfish" by Hugh Jackman, alongside John Travolta and 'Ginger'. "Log on. Hack in. Go anywhere. Steal everything." (Man, good thing Jackman had other things going for him besides "Swordfish").

AviatrixMarch 20, 2009 12:46 PM

Blowfish is the current encryption Klingon.

You remember on Star Trek when they wanted to show that the alien of the week was really tough, they'd have him beat up Worf, the token Klingon in Starfleet. Now in order to show that the decryption guy is really smart, they have him crack blowfish.

Fred PMarch 20, 2009 1:20 PM

@Jonadab the Unsightly One -

I don't know... I choked when I watched a couple episodes recently (I think of Voyager) featuring a visible dark matter asteroid, Tachyons moving slower than light, and creating their own name for Neutron radiation (which also interacted with light incorrectly, was moving inexplicably at highly variable speeds, etc...)

While I may despise the show for other reasons, 24 at least did realize that Blowfish is an encryption algorithm.

JanMarch 20, 2009 6:48 PM

It's all a conspiracy. Indoctrinating people to believe encryption is not secure will make them use it less ;)

BF SkinnerMarch 20, 2009 7:25 PM

@romain ramierz "when you watch ER or Dexter "

I don't watch ER or Dexter or CSI. I watch Dollhouse. Much more real to life...and pretty people.

@yt "supply my own alternate MST3K-style dialog" no offense but was this main cause of the 'ex'? Unless you are alone or with fellow travelers? It's annoying dude.

Okay let's talk about professional cyberwarriors using crypto they know is flawed and breakable in 20 seconds. How good are these people we're paying ... I mean a Level 5 analyst has to be what carrying a graduate degree in math and a GS-11? I want my money back. and the

@chas...he's right Bruce...and the hat is cool! It's a good look. Update your webphoto.

Nathan MyersMarch 20, 2009 7:53 PM

It wasn't real Blowfish, it was Blowfish 148. You know, the one with the back door in it.

David LightmanMarch 20, 2009 9:04 PM

I swore I'd never tell anyone this, but the backdoor into Blowfish is "Joshua".

Jerry MangiarelliMarch 21, 2009 7:31 AM

OK, the timelines are a little short ... :) I'm a huge fan of 24, but this one had me on the floor.

Pat CahalanMarch 23, 2009 11:55 AM

IMO, the "go on The Daily Show" idea is the best one so far.

Bruce would make a great guest, and I can just imagine Jon Stewart riffing through the screen dialogue and then turning to Bruce and saying, "So, how realistic *is* that?" and Bruce saying, "About as realistic as the DHS approach to airport security" [cue audience laughter].

Bruce, your logical operators are ambiguous in your reply:

> As to how it feels: it feels surreal. I'm not proud to be
> mentioned, angry they claimed I put a back door in, annoyed
> they get the details wrong. If anything, I am amused by
> the whole situation. It's, well, it's surreal.

That can be read:

I'm NOT (proud to be mentioned OR angry that they claimed I put a back door in OR annoyed that they get the details wrong)

or

I'm (not proud to be mentioned AND angry that they claimed I put a back door in AND annoyed that they get the details wrong)

(although the "It's, well... it's surreal" does imply the first) :)

Pete AustinMarch 23, 2009 2:44 PM

@everyone worried about the backdoor.
This is "24", which means they had to crack the code in seconds, and the only other slightly plausible method would have been to exploit a schoolboy error in the algorithm, and that's impossible. Consider the whole incident a "backdoor compliment".

NeilApril 15, 2009 6:48 AM

Get real, everyone knows that high level passwords are the last name spelled backwards. That way you can, during a national emergency, send any encrypted file to anyone necessary in a matter of seconds and not have to worry about agreeing to a password over open communications. The only problem is that Morris O'Brian called it a backdoor instead of a predefined standard. Which obviously does not sound as sexy.

ExothermicusApril 15, 2009 9:55 AM

I have learned to just ignore the absurdness of such things and try to enjoy the entertainment value. But sometimes the absurdness can be entertaining when they make simple mistakes like wavelength for word / key length, etc,...

When I heard the mention of Blowfish in the dialog, I commented to the others in the room, that the mention should incite some interesting discussion over here.

LOL,
Exo

AltiferApril 15, 2009 11:19 AM

The fact that people need to be reminded that this is fiction, is a bit scary. Just because something real is mentioned on fiction, it doesn't mean that a single word that follows will have any truth to it.

Brad M.April 15, 2009 7:07 PM

It's a freakin TV SHOW. While I'm proud to be a geek, I'm ashamed of you nerds who just can't seem to get over yourselves. You don't have to be a dolt to be able to use suspension of disbelief - just mature, I guess...

Garry April 16, 2009 1:44 AM

Guys!! wow get a life, everybody knows there is a back door that's how the US government get to see what is in my e-mails

AnonymousApril 19, 2009 11:56 PM

The only way that could have gotten better is if at the end you had two more lines:

LM: How did you do that.

MO: Its a special trick I picked up, rubber hose cryptography.

enigmaApril 23, 2009 11:41 AM

I wouldnt worry about it, RSA's not much good either.

Recall a film called swordfish where the guy cracks a DoD database protected with "128" bit RSA in under 60 seconds while being threatened with a gun and being given intimate attention by a hooker ...

Shame on the DoD for using a ridiculously small asym key size. Ironically, RSA presumably paid for the privilege of advertising their product name on the big screen, even if it did suggest it was absolutely trivial to break with the right incentive :-)

dwmw2April 27, 2009 2:25 AM

I don't think it's that far-fetched at all. To encrypt something in practice you need more than just an encryption algorithm -- you need a _program_.

It's perfectly believable that someone would write a tool which uses Blowfish internally, and call it 'Blowfish 148'. The number might be derived from the author's birthday, or anything else. It's believable that the author could put a backdoor into it too.

It's also perfectly believable that moronic government employees/contractors would _buy_ such a tool, instead of using decent peer-reviewed software where they have access to audit the source. It makes me sad, but it doesn't mean I don't believe it.

What more do we need to believe? That a few non-technical people in the heat of the moment might refer to a specific program as an 'algorithm'? I'll buy that one too.

And some aspect of this program's file format is dependent on endianness -- hence the question about word size and native vs. "modified".

It's _fiction_, for crying out load -- it's all about willing suspension of disbelief.

And it's Fox, so get drunk first.

Ralph DratmanMay 9, 2009 10:20 AM

"3. A cable repairman can disrupt an entire fleet of far techologically advanced UFOs with a laptop."

Seriously, that one is true.

Bruce SchneierJanuary 19, 2010 6:56 AM

"Shame on you, Bruce Schneier, building in a backdoor into your code.''

Hollywood made me an offer I couldn't refuse.

RichardDecember 11, 2012 6:25 PM

Unfortunately, I think this purely fictional 'backdoor' account, comes painfully close to the truth.

You see it turns out the most widely published Blowfish code that Bruce himself distributed DID have the rather unfortunate property that it could be broken in seconds due to an 'accidental' implementation 'bug'.

A 'bug' which compromised it to the point that for a large number of key selections the security of Blowfish was indeed pretty much ZERO (could be broken in seconds to minutes even on home PC grade hardware).

Quoting from the original sci-crypt posting -

"For a randomly
selected 32-bit key, there is a 50% chance that 3/4 of the key could be considered as all '1's, even if they weren't that way to begin with. "

This problem also occurred with longer keys, for ANY key with 1's in the highest bit of ANY 32 bit block, canceling out large portions of the key-space.

Ooops!

Thing is - and this is coming from someone who has tested software for a living for decades - I just can't see HOW this kind of thing could have 'accidentally' happened? Are we supposed to believe that, before publishing this code for the whole world to see, they never tried any key test vectors with 1's in the most significant bit - COME ON GIVE ME A BREAK!!!

Add this to the fact that this kind of subtle bug, a 'sign extension bug' that would not be obvious even when the code was fairly closely examined - but which, in practice, severely weakens the cyphers break-ability by shortening the key - is EXACTLY the kind of crypto crippleware thing that both Phil Zimmermann, and Bruce himself, have described the NSA as trying to force on developers (with appeals to patriotism, and outright coercive threats if that doesn't work).

So, just guessing here, this is probably the source of the "backdoor in blowfish" rumors that were circulating long before the 24 writers seized upon them for this fictionalized account.

Clive RobinsonDecember 12, 2012 12:24 AM

@ Richard,

Add this to the fact that this kind of subtle bug, a 'sign extension bug' that would not be obvious even when the code was fairly closely examined

I cann't comment on this particular bug personaly (because I was not aware of it back then so did not dig into it, and have had no reason to since), But I would think that I would probably have missed it on just reading the C code (yes I'm human ;-)

But I have seen other implementation bugs where the paper design calls for a "32 bit rotate" and the code implementor either misunderstands the written symbols used or the difference between a "rotate" and "rotate through carry" or the various "shifts" (like the difference between LSR and ASR). I've even seen a cipher designer "talk rotate" in the text but "write shift" symbols on the diagram...

I've likewise seen things slip in when "the code gets cleaned up for release or other reason (like debugging a different problem).

Then there are the anoyances of "go faster coding"... When somebody actualy gives you source code in some high level language (C being a case in point) they may well have used not just the anoying habit of putting multiple actions on the same "code line" but they may also have used some of the languages less obvious features to get a speed advantage and you need to be aware that things may not happen in the order it looks like or at all...

C for instance has a major anoyance with precedence and case convertion which gives rise to amongst other things sign extension problems. I've seen an older and wiser programer put in the appropriate parentheses to ensure correct function only to have a younger "code cutter" take them out during a code tidy up because they assumed they were redundant and looked messy...

A quick Internet search showss this problem crops up quite often (I like this example because not only does it refer to the bug you talk about but it also nicely illistrates how you can get stuck looking for the wrong bug, http://stackoverflow.com/questions/3724549/... )

And even worse with C it has anoying little comments in the language definition about things being dependent on the underlying hardware, thus making some things language implementation speciffic. So the same code will work differently on two different hardware platforms (you tend not to see this these days unless you do cross platform development for embeded systems).

So yes "To Err is Human" but as you say it's little subtleties that the likes of the NSA and many others look for to backdoor or weaken security.

In fact there was an "Underhanded C Contest" where somebody used a common (but stupid) "trick" to swap two variables using XOR and save on storage, http://underhanded.xcott.com/?page_id=16 (Note the name of one of the contestants ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..