Schneier on Security
A blog covering security and security technology.
« Acoustic Cryptanalysis |
| Yes, I'm Leaving BT »
December 20, 2013
Eben Moglen and I Talk about the NSA
Last week, Eben Moglen and I had a conversation about NSA surveillance. Audio and video are online.
EDITED TO ADD: The site seems to be down, so here's a YouTube link.
Posted on December 20, 2013 at 6:30 AM
• 17 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I am having difficulty loading the webpage and when I did so earlier I was unable to download either the mp3 or ogg file. (ca 1400 central european time 20. Dec).
Looks like the site has been /Schneiered ;)
Is there such a thing as Intellectual Communism? What does it look like?
Use the torrent, and prune it to only get the ogg, VLC has no issues with it.
www.softwarefreedom.org is entirely unresponsive now. A torrent/magnet link would be appreciated.
I share the opinion that Snowden's revelations are authentic. I am in doubt whether humanity can withstand surveillance: The last attempts resulted in revolutions, but the ultimate fight for humanity is right now when we have to deal with high tech surveillance which was not available in former times. Aggressive surveillance affects our conscious behavior until we are humanoid robots. The constant surveillance of every transaction and instant cruel punishment without considering the contexts will unconsciously force us into the allowed thought patterns (to that of the average consumer).
I have non-technical friends who no longer carry their cellphones around with them everywhere they go. They now sometimes leave them at home when they go out, because of government releases and admissions that it's tracking everything you do and everywhere you go.
I have another friend who sat his son down and lectured him about the dangers of searching on the internet nowadays for things, when his son was researching different guns online.
I have also tried using cash a bit more instead of plastic every time I buy things... it's not as hard as you might think...
This mass surveillance is already altering the behavior of society already on a mass scale. The differences may seem subtile now, but it will get worse before it gets better I think.
4:30 ET, still down. Silly people, better a slow server than no server at all.
Simplify your web pages! Static HTML.
@DB, trying to hide is not solving the problem if at least the majority of people are surveilled, because the system can identify you as unobservable and punish you accordingly after a surveilled transaction. And the rules are not necessarily published because this would address only your conscious behavior and not train you unconsciously.
Does anyone else wonder if AES extensions built into the Intel chips and the Apple chips have similar weaknesses built into by the NSA? A pseudo clipper chip?
A bad random number generator?
Bruce Schneier says in the talk (at about 34 minutes) that OpenBSD no longer trust the hardware random number generator on Intel chips because Intel are known to co-operate with the NSA and a researcher recently published a theoretical method of creating an effectively undetectable backdoor in a hardware RNG.
I am not a security researcher, but IMHO If OpenBSD think sommething is dodgy, it probably is.
We can't know for sure. We do know they provide the same output for a given input, (so unless there's a problem with AES the output is fine) but we don't know if they allow a side-channel attack.
OpenBSD NEVER trusted the RDRAND generator alone, and always mixed it with other sources. FreeBSD is the distro that just changed. Linux also never trusted RDRAND alone. No one should ever trust a single random source, but should instead combine sources with something like the Fortuna algorithm.
"No one should ever trust a single random source, but should instead combine sources with something like the Fortuna algorithm. "
I'll add this is always a good idea even if one isn't worried about subversion. RNG's, esp black box units, might experience any number of faults in their lifetime. Redundancy is very justified here due to importance of quality randomness and how quick/easy it is to gather data from many sources into a pool.
Great talk, Bruce. Thanks for doing it.
In the Q&A, someone asked a question about the Underhanded C Contest, and you countered that if someone wrote code suitable for the Obfuscated C Contest then it would be rejected and/or rewritten.
Note that these are different contests, and the one that the questioner was talking about specifically is: "The goal of the contest is to write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil." - somewhat in the manner of the 2003 attempt to backdoor the [Linux] kernel.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.