[CentOS] Can we trust RedHAt encryption tools?

Thu Jan 9 22:30:51 UTC 2014
Robert Moskowitz <rgm at htt-consult.com>

On 01/09/2014 04:55 PM, John R Pierce wrote:
> On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote:
>> I think everyone should assume the entire ecosystem is compromised and
>> shouldn't trust anything.  Code should be reviewed and bugs/weaknesses
>> removed IMMEDIATELY.  The problem is obviously not everyone is a
>> programmer and not everyone will have the knowledge to understand how to
>> fix/improve the security issues.  Of course, some software is still
>> good, but who's going to verify that and when?  If you don't use free
>> software, you're a goner because now you have no ability whatsoever to
>> audit the code!
> I've programmed for 40 years, and I don't understand encryption
> algorithms nor can I evaluate their strengths and weaknesses.   I know
> very few programmers who can.  None personally, in fact.

I work with real cryptographers.  I do not consider myself one.  I am a 
crypto protocol designer; a different breed.  You basically trust the 
math and the arguments put forward by the real cryptographers.  There is 
LOTS of public review and comment.  But we recognize that the largest 
employer of mathmeticians is the NSA.  If there is an exploitable lever, 
they will know about it before we will; I have a real experience with 
this back with IPsec and the implicit IV ESP proposal.

So some programmer has to take the math for the crypto algorithms and 
implement it correctly.  In many cases, this ends up being done at least 
in firmware, and in some cases actual chips (I work mostly, these days, 
with sensors).  Then you have to trust the likes of me to design the 
crypto protocol right.  There are lots of subtle traps here; I have the 
scars to show it.  Then programmers again have to take our crypto 
protocols and do them right....

You get the picture.

If you do not trust the NIST (read NSA) EC curves, you have two 
choices.  Dan Berstein's curves (Dan is a long time anti guy, and Bruce 
Schneier is a long time friend of Dan, and me).  Or the Braintrust 
curves; they are published in an RFC (seems good to me, and I have heard 
some good references on their work).

But really, the NIST curves have been under extensive review.  They are 
used both by the govs and banking; NSA knows if they can figure out 
weaknesses, so can other large gov funded math teams.  The big event was 
the RNG that NSA had added, and the public community came down on it 
almost from the get-go.

You want to talk about leaky code?  Look how corporate mail proxies work 
to enable them to read encrypted emails.  Simple lying about certs.