The Myth of Consumer-Grade Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications."

The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials -- heads of state, legislators, judges, military commanders and everyone else -- worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.

This wasn't true during much of the Cold War. Before the Internet revolution, military-grade electronics were different from consumer-grade. Military contracts drove innovation in many areas, and those sectors got the cool new stuff first. That started to change in the 1980s, when consumer electronics started to become the place where innovation happened. The military responded by creating a category of military hardware called COTS: commercial off-the-shelf technology. More consumer products became approved for military applications. Today, pretty much everything that doesn't have to be hardened for battle is COTS and is the exact same product purchased by consumers. And a lot of battle-hardened technologies are the same computer hardware and software products as the commercial items, but in sturdier packaging.

Through the mid-1990s, there was a difference between military-grade encryption and consumer-grade encryption. Laws regulated encryption as a munition and limited what could legally be exported only to key lengths that were easily breakable. That changed with the rise of Internet commerce, because the needs of commercial applications more closely mirrored the needs of the military. Today, the predominant encryption algorithm for commercial applications -- Advanced Encryption Standard (AES) -- is approved by the National Security Agency (NSA) to secure information up to the level of Top Secret. The Department of Defense's classified analogs of the Internet­ -- Secret Internet Protocol Router Network (SIPRNet), Joint Worldwide Intelligence Communications System (JWICS) and probably others whose names aren't yet public -- use the same Internet protocols, software, and hardware that the rest of the world does, albeit with additional physical controls. And the NSA routinely assists in securing business and consumer systems, including helping Google defend itself from Chinese hackers in 2010.

Yes, there are some military applications that are different. The US nuclear system Barr mentions is one such example -- and it uses ancient computers and 8-inch floppy drives. But for pretty much everything that doesn't see active combat, it's modern laptops, iPhones, the same Internet everyone else uses, and the same cloud services.

This is also true for corporate applications. Corporations rarely use customized encryption to protect their operations. They also use the same types of computers, networks, and cloud services that the government and consumers use. Customized security is both more expensive because it is unique, and less secure because it's nonstandard and untested.

During the Cold War, the NSA had the dual mission of attacking Soviet computers and communications systems and defending domestic counterparts. It was possible to do both simultaneously only because the two systems were different at every level. Today, the entire world uses Internet protocols; iPhones and Android phones; and iMessage, WhatsApp and Signal to secure their chats. Consumer-grade encryption is the same as military-grade encryption, and consumer security is the same as national security.

Barr can't weaken consumer systems without also weakening commercial, government, and military systems. There's one world, one network, and one answer. As a matter of policy, the nation has to decide which takes precedence: offense or defense. If security is deliberately weakened, it will be weakened for everybody. And if security is strengthened, it is strengthened for everybody. It's time to accept the fact that these systems are too critical to society to weaken. Everyone will be more secure with stronger encryption, even if it means the bad guys get to use that encryption as well.

This essay previously appeared on Lawfare.com.

Posted on August 28, 2019 at 6:14 AM • 44 Comments

Comments

RealFakeNewsAugust 28, 2019 8:13 AM

I can't help but think this is just more of the same in-fighting between different departments on the same side.

One group want access to everything; another want to secure everything.

My only criticism: while these arguments are on-going, are they delaying innovation to strengthen security?

While most commercial devices are Western, other countries are working very hard to break them for their own uses, so the question they need to ask is whether these arguments are putting the nation at risk while they argue.

PeanutsAugust 28, 2019 8:14 AM

And what would Barr propose when in his fantasy world as business grade devices flow legally in to teh consumer markets.
In his unhinged technologically illiterate world, doe he imagine to license and require registration for purchases of commercial grade technologies
It is lies on lies of FUD that unravel on casual observation of the security theater

BobAugust 28, 2019 8:22 AM

"Look, I don't want to break security for the military or businesses. I just want to make it impossible for regular jackoffs to operate securely." - William Barr's keynote rough draft

MeAugust 28, 2019 8:28 AM

Can confirm. At least in my previous career: hard drives. We had three types of encryption: Full disk, Secure Erase, and Government Grade (I can't recall the acronym off hand).

Secure erase was just full disk, but the key was "under the mat" so to speak. The reason it existed is that erasing the entire drive involved just erasing that key and replacing it with a new one. You now have a disk with nothing but noise written to it.

The government grade encryption pretty much just involved different labeling (tamper evident I think). Otherwise, it was the same stuff. It didn't make sense to design two systems.

Ross SniderAugust 28, 2019 9:02 AM

I'd make the point that as a matter of fact, company laptops are brought home by employees and used for personal purposes (Facebook, email, online purchasing, news - if not even more personal activity) and employers allow, or even encourage, the use of BYOD (e.g. personal cell phones for oncall situations).

Basically: Consumer grade technology is used to operate critical infrastructure and enterprise equipment.

That - and the Justice Department isn't merely seeking the ability to open consumer system data retrospectively - even if that's the first level take and the immediate discussion point with respect to the FBI. Modern Western law enforcement, national security and intelligence service is deeply embedded with routine surveillance, predictive crime and threat scoring, and public information management including censorship.

It doesn't seem right to me that this would be allowed on its own merits - for civil liberty.

Barr-barianAugust 28, 2019 10:22 AM

Actually military grade crypto is quite different from commercial grade one in its implementation and validation, but that's not the point (NSA's approval of AES is for specific situations and you bet that for TS SCI/marked information they are not even close to using it).

Barr is heading the wrong way but he oversees the FBI and needs access to any plaintext - they say. His attempt is just another one to weaken commercial solutions and in line with his predecessors' rants about crypto and all the crap about going dark.

Paragraph 4, last bit: replace "sturdier" by "turdier" and you'll be closer to reality.

JackFrontsAugust 28, 2019 11:29 AM

@RealFakeNews - Democracy as exercised through the lens of the Republic, demands a bit of debate around such things for the greater good. Its closely tied to a vast panorama of people from journalists to the average Joe on the street to our government's assets. The debate is required as to not infringe across lines that are already blurred, and in this case needs extra scrutiny.

For the sake of "just get it done", a much broader stroke is required I do believe.

TRXAugust 28, 2019 11:47 AM

> The US nuclear system Barr mentions is one such example -- and it uses ancient computers and 8-inch floppy drives.
---
My first question would be, "Why are computers involved in the launch system at all?"

That's something best done with telephone or radio and printed paper keys.

"Just because you *can* hook a computer to it, doesn't mean you *should*"

DenisAugust 28, 2019 2:55 PM

@TRX I'm wondering how do you expect the nuclear launch to look like without computers. Should there be a loud horn signalling to a team of stokers that they need to start shovelling coal into the nuclear missile's furnace? I also wouldn't trust radio or phone to transmit launch authorizations (just imagine the prank calls). At least with the 8-inch diskettes the nuclear codes are safe - who else still got the floppy drives to read them after all these years? As long as you keep the diskettes away from magnets, of course...

Who?August 28, 2019 3:23 PM

After reading Susan Landau's article it is clear to me that any FIPS-supported cryptographic algorithm should be banned.

Is FIPS a reference to anyone except those corporations that want to add another certification to their projects?

In the last years more and more countries, apart of U.S. and Canada, are supporting FIPS. Is it a clever movement or a global threat against encryption?

VinnyGAugust 28, 2019 3:30 PM

All great arguments, and will be completely lost on someone like Barr. He should just be told the simple truth at a level he can handle: you cannot have access to this, because you are too stupid to play with it...

MarkHAugust 28, 2019 4:21 PM

@TRX, Denis:

A core concept of the U.S. ground-based nuclear missile system, is that the Launch Facilities operate by remote control. Nobody is present at an LF, except when maintenance operations are underway.

Launch control is not a mere binary, but includes contingent time delays and automatic fail-overs to alternate communication channels.

Further, the LGM-30 Minuteman missiles are not only launched remotely, but can also be re-targeted remotely.

While it is perhaps feasible to achieve such capabilities without computers, I suggest that this would be quite difficult, and perhaps less dependable.

In any case, no ICBM can function without a computer onboard to steer the warhead toward its target.

There's nothing inherently insecure about using computers for such purposes. I'm quite confident that launch control systems are not connected to the public internet.

MarkHAugust 28, 2019 4:34 PM

@Denis:

I love the imagery of coal stokers!

But I wouldn't volunteer to be the guy who lights off the rocket by shoving in an iron rod with a length of burning cloth bound to its tip ...

CowbertAugust 28, 2019 6:51 PM

@Who?: FIPS compliance is often required if the company wants to become/remain eligible to bid on or perform work on government contracts, so it is exactly the opposite of what you just implied.

Petre Peter August 28, 2019 7:36 PM

Barr has made a mistake for which apologetic statements will be very difficult to create. There is just no way to make encryption stronger without making it stronger for the bad guys, and there is no way to make encryption weaker without making it weaker for the good guys.

MikeAugust 28, 2019 8:10 PM

I don't get the rationale saying consumer electronics are fair game but business systems are not. Businesses should be watched more so than consumers because the damage of their misbehavior is magnified in multitudes. They could have prevented Madoff from stealing millions from his victims.

MadgeAugust 28, 2019 9:49 PM

The USA wanted to make sure enemies couldn't use GPS against them during a war. They set it up so that one would need a military receiver and a daily cryptographic key to get full accuracy; but, quoth Wikipedia: "During the 1990–91 Gulf War, the shortage of military GPS units caused many troops and their families to buy readily available civilian units. Selective Availability significantly impeded the U.S. military's own battlefield use of these GPS, so the military made the decision to turn it off for the duration of the war."

MarkHAugust 28, 2019 11:57 PM

@paul:

Not quite ... the all-zeros code was applied to Permissive Action Links, analogous to combination locks for the enabling of warheads.

The various military services effectively bypassed them, based in part on their beliefs that less technical safeguards against unauthorized use were sufficient.

The PAL codes were never sufficient to command an ICBM launch.

Launch is authorized via Emergency War Orders, which must convey an actual secret code.

Ismar August 29, 2019 1:48 AM

@Bruc, i think that we should let them break it , no point in explaining and explaining over and over again why this may not be a very good idea, as it looks like that we as a human race have a real talent for choosing stupid leaders.
At least we will have a chance to say I told you so when everything goes pear shaped (or will we ?!?!)

Christoph JaggiAugust 29, 2019 2:10 AM

" Customized security is both more expensive because it is unique, and less secure because it's nonstandard and untested." Not sure about that. It depends on many factors. The lower the network layer to be protected, the more "customized" the solutions. Even when using "standard" architectures and protocols such as IPsec, there is a lot of active and passive customization by each vendor. Lack of support of optional security protocols (such as AH), lack of support for certain cryptographic primitives and active support for obsolete cryptographic primitives can be considered customizations.

What is a standard? There are "official" standards and de-facto standards. There are more efficient ways to secure IP networks than IPsec. There are much better, established and tested ways to secure Carrier Ethernet networks than MACsec (which is a standard for LANs).

Untested doesn't mean that a solution is insecure, while tested does not mean that a solution is secure. It depends on what has actually been tested.

Example: A firewall product from a well-known vendor. Has FIPS and CommonCriteria certifications. The pentests during the Common Criteria certification didn't come up with any findings. The pentest done by an independent team resulted in 14+ findings.

There are secure and properly tested solutions for network encryption on the market that use a combination of different standards to create a state-of-the-art secure solution. This is especially true for network encryption for Carrier Ethernet. Such solutions are engineered for security, performance, network compatibility and longevity.

To sum it up:
- not every standard solution is secure, because it is standard and tested
- not every customized solution is less secure because it it nonstandard and untested

Clive RobinsonAugust 29, 2019 7:37 AM

@ Madge,

The USA wanted to make sure enemies couldn't use GPS against them during a war. They set it up so that one would need a military receiver and a daily cryptographic key to get full accuracy...

The story as to why the Selective Availability (SA) position scrambling signal got turned off and left off is a bit more complicated than just turning off Selective Availability during the Gulf war.

The designers of the US "GPS" Satellite Navigation System made a number of assumptions during the process that put weaknesses in the system that still exist today. The idea behind the SA scrambling code shows all the hallmarks of being either a bad assumption or a retro fitted cludge, or both. It's known that it was originally assumed that commercial receivers would not be sufficiently sensitive to get a better than 300ft accuracy, where as most these days due to technological advances in low noise device technology can get 50ft or better unaided...

The fundemental issue was that the military 10Mhz (L2) and civilian 1Mhz (L1) chiped signals were generated at their full design accuracy all the time. What SA did was to then add a tiny amount of time jitter to the civilian L1 code, thereby adding a synthetic noise code to it that reduced the accuracy to around 100 meters.

The important thing to note is that the underlying signal was at it's design accuracy. Thus people reasoned that as the SA provided the same noise signal where ever you are, you could strip it off fairly easily if you had an inverse refrence signal. So if you had a high sensitive very low noise receiver at a fixed point you knew to very high accuracy, then you could produce a difference signal by subtracting the known position from the SA position. If you then transmitted that difference signal to other GPS users they could subtract the difference signal from their SA position to quickly get the more accurate position.

Such "difference signals" were and are still generated and transmitted by entities outside of US control[1] and DGPS receivers were commercially available prior to the gulf war. I still have one sitting in a junk box somewhere that I built.

As for the Wikipeda reason for what went on during the gulf war, they left some things out of the story...

The reasons that there were few military GPS units was in part due to Newton's laws. Mil Specs called for a certain degree of what you might call ruggedness as well as reliability, the result was overly large electronics in heavy metal casings with specialised seals and gaskets etc. This made the units larger and heavier, and because of Newton's laws the cases had to be made even bigger and stronger to survive things like "The Postal Service Drop Test" which is effectively drop it from four foot onto a hard surface in the 14 different orientations --eight corners and six faces-- repeatedly and ensure it still works.

The evolution of commercial produced GPS receivers was different and basically to make them small enough and light enough to put in peoples pockets and later in wrist watches (Casio). Thus they solved the drop test issue by going lighter and smaller using plastic containment casings with rubberised outer shock casings, some even floated unlike the Mil versions that were heavy enough to pull you down like a rock if you hung onto them.

Worse the mil units had at best rudimentary functionality where as the commercial units due to marketing specmanship had bells and whistles features added that were specific to certain sporting activities some of which nicely alined with what infantry soldiers do.

Thus the Mil units were very unpopular with squadies and seen as "useless dead weights" that were not reliable single points of failure at most levels in the armed forces.

The UK "Soldier 2000" program carried out by the UK Defence Establishments Research Agency (DERA) had highlighted early on the benifits of having each soldier having their own lightweight GPS unit that could communicate via secure radio to all other members of a squad. The prototypes they used were small commercial units with NEMA outputs, with the external antenna mounted near the top of the rear left slope quadrant of the helmet (so it would work in standing, kneeling, prone and firing positions).

But it would be unwise to consider that SA has gone away for good, and many have taken precautions and still do...

The Gulf War was a fairly unique battle field in many respects as well as being on the edge of a technology cusp. The differential signal TX stations of DGPS are still around as are new portable systems that can give a local accuracy for farm and similar automated machinery of 1-3cm (2/5 to 1&1/5 inches). However most hand held units do not have DGPS receivers built in as most people do not need the acuracy or want to pay for it. Thus if SA were turned back on most handheld and similar small GPS receivers would go from a better than 10m accuracy to 100m or worse. Whilst this would not be overly disruptive to many users it would make GPS of no use for the use of weapons such as conventional artillery or smart weapons. However even if the enemy used DGPS receivers, the transmitters of such signals in the enemy area would become primary targets on day one for either jamming or attack by a modified HARM, cruise missile or stealth bomber.

But... Technology moves on and in this century DGPS is now available not just via the 300Khz LF band, but thanks to the EU and the European Space Agency (ESA) European Geostationary Navigation Overlay System (EGNOS) via Geo-stationary satellites.

However many feel the US Gov has sufficient influance over satellite operators that they may well be able to have such signals turned off. Also such satellites are not always visible or usable to GPS receivers in what many call the "urban canyons" of modern cities. Or as they are sparsly populated and at quite an oblique angle the higher latitudes aproaching the poles, in part because the satellite operators do not have the "link budget".

This worried a number of people including many European Governments thus the EGNOS was extended to solve this problem. They have developed an internet based solution they call SSSNeT which provides the correction information you can then plug into a DGPS "capable" receiver[2]. Due to this and the requirment for mobile phones to have GPS built in, Smart Phone GPS systems can collect the DGPS information from the internet and then apply it to correct the readings from it's GPS receiver, getting significant accuracy improvments as a result.

It's actually quite a security issue that many either don't know or forget about when talking about GPS location "meta-data" held in mobile phone company databases. Whilst such data might appear to be only good to 50-100meters, there is also an acurate time stamp in the record. Thus this can be looked up in a DGPS database and the error reduced down considerably via an iterative process, in a similar way to surveying systems increase their accuracy in "postprocessing". In theory the location acuracy could be about that of the area of a small dinner plate or if you like, slightly better than the size of your head when viewed from above...


[1] Such signals still exist and can be found in the LF aeronautical beacon frequency bands between 200-500KHz.

[2] Whilst most GPS receivers are called "DGPS capable" this does not mean they have DGPS receivers built in. There is a standard format (RTCM-104) for DGPS information that can be plugged into a DGPS capable GPS receiver via a low baud rate serial link. However RTCM-104 does not cover all the potential correction factors, which is why a number of high precision "local" Differential system beacons transmit a non standard code.

meAugust 29, 2019 10:13 AM

@Clive Robinson
i'm wondering how do you know all these things?
you seem to know many aspects of computer security but also electronics and more.
amazing!

Paul SuhlerAugust 29, 2019 12:41 PM

@Who? and @Cowbert:

FIPS certifications aren't just marketing chest-thumping. In the data storage world (e.g., tape, HDD, SSD), if it weren't for 140-3 our customers would invent security testing requirements. That means that vendors would have to do many different certifications per product. And if the customer doesn't really understand security, their private requirements may be broken.

So, the vendor can do one certification per product and customers can simply require that certification.

Both vendors and customers still have to understand security and the politics; I knew enough not to use Dual_EC_DRBG in a product.

Yuhong BaoAugust 29, 2019 5:39 PM

In particular, note the November 17, 1954 date on encryption export controls being added to the USML. I found out in the early days it was set by presidential proclamations, but encryption was added just after that.

lurkerAugust 29, 2019 6:19 PM

@ Paul
00000000 would be as secure as 88888888, which is widely used on WPA/WPA2 Personal wifi systems: it's an extremely lucky number to Chinese.

@ the doorbell Lurker (impostor?)
if I hadn't seen it in WaPo I'd have said this is an April Fools' joke, and even if WaPo has missed one of its vaccinations against fake news, there's so much detail there it must be a case of Only in America...

Clive RobinsonAugust 29, 2019 6:27 PM

@ me,

i'm wondering how do you know all these things?

They say with age comes wisdom, well it might not be true...

Let's just say I've been around a while at four decades working in several different engineering and related industries. The reason it's several is I've have the "bad habit" of turning hobbies and interests into professions.

The reason I've turned them into professions is I'm insatiably curious especially at things that are new in engineering. All to often I can as our host says "think hinky" about things, in such a way I can not just see how they are put together but more importantly how they should have been put together to avoid all sorts of issues the original designers did not even think about. As part of that is I drag experience from one engineering domain to another before other people catch up. I then get bored and seek out something new.

The reason it's a "bad habit" is you run out of hobbies, and everyone needs a hobby or three as it gives balance to your life.

My advice for what it's worth is not only never turn down the opportunity to learn something new in life, but to actively seek out such opportunities, then apply what you've learned to what you allready know so you see it in a new light or point of view. Thus expand your knowledge not just by the new but a new view on the old, giving you both greater depth and breadth of knowledge and new ways to investigate other new things and knowledge.

You often hear respected Software developers talking about learning a new programing language every year. Well take it from me they are being both slow and limiting their outlook on life. You should be learning at atleast four to five times that rate and not limit yourself to what is essentially a repetative task.

Instead for instance go learn about say robotics, kinesiology and biomechanics, control theory and electronics. You can easily learn about the rudiments of control theory and electronics by building a model railway, that alows you to easily step up to robotic arms and thus the practical study of 3D movment thus get a grounding in kinesiology and thus into biomechanics. All of which will open up career paths as well as substantially improving your understanding of how software relates to the physical world around us, something few software developers ever learn. It will also importantly teach you how, where and why to be efficient something computer science appears to have compleatly lost sight of.

But a fun challenge for people who have a little time on their hands. Using just a childrens hoop and Pythagoras's theorm work out by simple observation the basic equations of elipses and from there orbital calculations. Two hint's, firstly use graphical proofs as they are generally easier and more satisfying for most people. Secondly, for this excercise remember that both a circle of the same diameter as the hoop and a straight line of a length equivalent to the hoop's diameter are the limits of all elipses made with a projection of the hoop.

MooseAugust 29, 2019 9:26 PM

@Barr-barian
AES-256 is authorized in the CNSA suite and can definitely be used in a TS/SCI environment. The modules implementing it have to go through a specific validation process, but they can still be using AES-256

@Who?
Why should AES, SHS, RSA, DH, ECDH, etc be banned? Using well known and tested algorithms is a good practice for any environment. If having these validations was not a requirement to sell equipment to the federal government, most companies wouldn't bother. They don't do it just to throw on the ugly FIPS logo. Nobody would want to waste the time and $$$ required for that let alone the headaches of the actual certification process.

John ThackerAugust 29, 2019 9:27 PM

Some of us also remember that in the mid 1990s one of our best allies in fighting key escrow schemes (like the Clinton Adminstration proposed "Clipper chip") was Senator John Ashcroft, and how there were bipartisan groups on both sides of the issue. The Executive Branch always stands for the Executive Branch, but oh for the days when members of the Legislative Branch on both sides would stand up for its authority.

GokuAugust 30, 2019 4:56 AM

The issue is not only that most algo, software and hardware are the same for military and consumer.

A second huge issue is that most of critical services (communicatiin, e-gov, healthcare, home banking...) are networked to consumer-grade endpoints, weakening them would create an huge ddos and attach surface.

A third huge issue - already brought out in previous posts - is that people running critical services, and their families, friends, doctors, banks etc... would own consuner grade devices and consequently will be more accessible to social engineering and blackmail attacks.

Long story short: introducing insecure machines in a world where both machines and people are increasingly more deeply networked is an increasingly more terribly bad idea.

VinnyGAugust 30, 2019 11:57 AM

@ Clive Robinson re: preparing for SA resumption - Very, very interesting stuff, sir. Is there a (reasonably) generic method to fetch SSSNeT correction factors/algorithms via internet, and apply those to a "DGPS-capable" GPS receiver that lacks the actual DGPS circuitry?

Who?August 30, 2019 2:28 PM

@ Cowbert, Paul Suhler, Barr-barian, Moose, and perhaps others I miss.

Sorry if I upset some of you with my comment. Susan Landau wrote on her article that NSA was against including RSA in the set of FIPS certified algorithms in the nineties. That is odd, RSA was old technology at the time (i.e. tested on field for years) so it should be better than most alternatives. It was and, for what I can tell it is yet, secure even if slow when compared to more recent counterparts.

Right now a few ECC-based algorithms are part of FIPS. These FIPS-certified algorithms require fixed domain parameters whose origin is unknown. On the other hand, some fast, open and well understood algorithms like Ed25519 are not approved. It seems there is a strong opposition against these alternatives. FIPS may be a requirement to work on government contracts, compromised algorithms may be ok for a government if they think the key to the backdoor remains undisclosed.

@ Moose

Must an AES256 implementation pass a certification process when used to protect data that is not in flight? In the past there had been a few ways to exfiltrate information that helps breaking AES256 but these were timing-related side-channel attacks.

What really worries me is that FIPS is like another certification. You do not certify a product but a given version of that product, what makes it a profitable business. Operating systems like OpenBSD never got FIPS certification, Windows has it.

An example: BAE Systems Applied Intelligence certified Junos OS 12.1X46-D20.6 as FIPS-compliant. The 12.1X46-D20.6 release was never made public, I guess it was just the D20.5 version plus a fix to disable SSL. So, anyone that wants to sell an old Juniper Networks firewall to government should not upgrade to a release more recent than D20.6, even if new ones have obvious security improvements, without starting a new certification process. It looks so POSIX...

MooseAugust 30, 2019 3:40 PM

@Who?
Edward curves are actually now allowed in FIPS. This was pretty recent, but that's just because NIST is pretty conservative in taking on new algorithms.

For AES, any AES implementation needs to be tested under FIPS, whether for transit or storage. The reason for only validating versions is because changes in versions can include pretty important security updates which need to be validated. This process, as long as the changes aren't considered a 30% change can be a shorter process than a full validation. Even if the changes are not security relevant, they need to be reviewed to ensure this. There is actually a very streamlined process for non security relevant updates to products, where they can be updated within a month through the whole process.

VinnyGAugust 31, 2019 8:42 AM

@ Clive RObinson re: DGPS - NM It appears that even if it would be theoretically possible to apply a static correction table to SA-corrupted position reports for a finite area, it is not practical. There is what appears to be a reasonably lucid summary here:
https://www.gpsinformation.org/dale/dgps.htm

Clive RobinsonSeptember 1, 2019 5:48 AM

@ VinnyG,

... theoretically possible to apply a static correction table to SA

SA is "random" jitter not static jitter therefore you can not use a static table. So I'm not quite sure what you are getting at.

As for the document you link to it's well over a decade old, and I can't see anything in there that disagrees with what I've said.

So if you'd care to beva bit more precise about what aspect it is that you are thinking about, we can discuss it further.

jmmSeptember 2, 2019 9:27 AM

what it all boils down to is: is your encryption secure or not. there is no middle ground.

Joe Tag,jrSeptember 2, 2019 10:13 AM

@Bruce You are absolutely correct. I hope this article posted spreads.
@Barr-barian you have made some good point s also, thank you.

@Everyone: There was / is 4 grades of encryption: Type I and Type II for US Govt (Mil), Type III DES, now AES-NNN, and Type IV.

Two companies that made Type IV crypto were Datotek(DallasTX) and Technical Communications Corporation (WestConcordMA). I encourage readers learn about the Secure Telephone Unit - STU-III (pronounced "stew 3" ) program. Datotek then TCC sold models 41NN, as Motorola and Nortel sold model 9600. See Cryptomuseum, and website of Cryptologic at Jerry Proc.

Keep learning, teaching!

,,s,, JOSEPH.G.TAG@pm.me

Joe Tag,jrSeptember 2, 2019 12:18 PM

Added Note: The quoted article by professor Susan Landau, which mentions the STU-III / STU-3 program is NEARLY 5 years on.
AT&T Network Systems developed the 3A Encryptor box, unit approximately 24"x30" -- the size of a dorm refrigerator. This unit was for telco Central Office to Central Office. The algorithm inside was NSA designed. ### .

VinnyGSeptember 2, 2019 1:56 PM

re: Clive Robinson re: SA - intent of my follow-up was to agree with your conclusion and state that I didn't think it was worthwhile to discuss further here. I only furnished the link in case someone else reading the thread might want an overview with diagrams. Sorry for any confusion...

meSeptember 4, 2019 10:47 AM

@Clive Robinson

Thanks a lot for your answer, i might be a bit late but thanks a lot again for your complete answer, i hope you will read this comment (let me know by writing "read it" and make me happy)
i'm somehow the opposite, while i love learning new things complex or easy, and i'm curious even to watch someone changing the lamp of a semaphore to see how does it works inside, i don't like make it a profession, i sometimes think that i'm stupid and wasting my potential but for example i got quite good with computers and found a zeroday that can pwn worldwide iot devices (even got paid for this) but instead of making information security a profession i switched to new hobby because i was "good enough" with computers.
not that have completly dropped computers or lost interest, i also know that there is a lot more to learn, but i'm good enough for me.

> you run out of hobbies

You could start playing piano, that's my new hobby :)

Clive RobinsonSeptember 4, 2019 12:55 PM

@ me,

You could start playing piano, that's my new hobby :)

I used to play --badly-- a number of musical instruments when young. Whilst I don't have a couple of bunches of bananas instead of hands, and I used to be quite ambidextrous when it came to using tools, for some reason whilst my mind took to music they did not. Mind you similar with writing, my cursive script is on a good day a good approximation to a "drunkards walk" as performed by a three legged spider[1] ;-)

Oddly though my body and feet took naturaly to music as they did to dingy sailing and free form rock climbing. I also used to dance reasonably well for someone who was 6' 6". I don't know how old you are but when I was a student I used to earn "away money" for my sporting activities in amongst other things "Break dancing[2] competitions", though I never attempted the likes of "Head Spins" as I figured that was asking for trouble at my size ;-)

[1] You know it's bad when neither a pharmacist or a medical secretary can read it, and the Dr asks you to read it out...

[2] Another term invented by journalists that don't listen. It's actually just "Breakin" and it started before hip-hop and similar music styles came about. Back when I was younger fitter and healthier the music of choice was Soul Jazz Funk and the dreded Disco. Top dance progressed from 50's and early 60's dance styles like the "lindy hop" and even "Robotin" and bottom dance was mainly gymnastic moves, though some were incorporating some marshal art moves as openers.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.