November 18, 2007

NSA backdoors and encryption standards

It's on every security related websites: according to Schneier (actually Shumow and Ferguson) the NSA might have placed a backdoor on one of the new NIST approved random number generators.
This mathematical backdoor could allow the NSA to guess the random numbers given only a small sample: a huge problem for any security algorithm using those numbers. SSL (well, TLS), encryption, anything.
There are huge concerns in the security community about this story: while the standard itself can be easily not implemented - since it's just one of the three generators proposed - one could wonder what's lurking in the other algorithms.

This story reminds me the DES "scandal": NSA modified part of the IBM algorithm (sort of, constants) and shortened the key. No one actually knew was going on then, but after 20 (20!) years it was discovered that the tweaks actually improved the security of DES: NSA knew about differential cryptanalysis, thanks to an IBM engineer, and kept the secret for years while improving DES' resistance to it.
But still, NSA was able to break DES white relatively little effort, due maybe to the reduced keysize. You can read more here.

What's the lesson here? You can be 100% compliant and still be vulnerable in a matter of seconds: a new research is published, a new tool becomes available, and your "one million years guaranteed" encryption can be beaten in 24 hours. And it's likely that someone somewhere is able to break that encryption right now.

So, what are we - what are you - going to do about this? No, the answer is not "stop trusting encryption". You can't do it anymore, not in this world.

Instead, change the way you think about encryption. Most organizations, most people, think about encryption like a commodity, like something that is "hard-coded" and immutable, at least for some years. We'll change the encryption when we'll change the software is a very common quote. It's not enough anymore.

Start thinking about encryption like any of your security-related component: you have to monitor it, you have to upgrade it, maybe you even have to patch it. Here, standards are your friends: what's the chance of getting an upgrade for some obscure proprietary algorithm (Oracle anyone) ?

So, the next time you hear about encryption - anywhere: in a new software, in your network, in a new server - demand it to be modular, to be open. You want to manage it like any firewall, any antivirus, any IDS in your infrastructure.

Otherwise, you can just let NSA handle the problem, right?