At 4:09 PM -0500 5/24/2000, Rick Smith wrote:
>Before continuing, let me state my three opinions that this is based on:
>
>1) There is a non-zero risk of backdoors in commercial software, but the
>perpetrators are as likely (IMHO more likely) to be outside parties and not
>US agencies like NSA.
Given the present sorry state of Microsoft software security there is
no way to argue with you on this. I expect that over time Microsoft
will clean up its security act and there will be fewer opportunities
for outsiders to compromise MS software without at least tacit
cooperation.
>
>2) A persistent backdoor in Windows would have to be a localized thing with
>limited effects, like a broken RNG, but such a thing might be detectable by
>examining its behavior and/or binary implementation.
>
>3) A more sophisticated backdoor in Windows would involve a lot of people
>who can't be covered by government secrecy agreements. It would be
>extremely difficult to keep such a thing both functioning and secret for
>more than a few years.
Maybe this is where our outlooks differ the most. I view a
"localized thing with limited effects" as *more* sophisticated than
some big lump of snuck-in code that searches your hard drive and
sends periodic e-mail to [EMAIL PROTECTED] Another example of
a more subtle approach might be a race condition that cause the
memory segment that contains the secret key to be unprotected every
so often. Or a key-pair generator that sometimes forgets to check for
primality. Think subtle, not brute force: leave doors open a crack,
don't bust through walls.
>
>To continue the discussion, Arnold Reinhold wrote:
>
>>Done properly, there is no way anyone is going to detect a weakened
>>RNG by analyzing its output. That is why RNG attacks are so
>>attractive.
>
>What if we examine the RNG's binary implementation as well as its output?
>Consider what happened to the weak Netscape RNG.
>
>Given that, how would one go about constructing a broken RNG that would
>resist detection? I'm not saying it's impossible, but the strategy isn't
>clear to me.
Well, I would expect them to patch the RNG code dynamically. Might
only happen when a special packet is received, or as part of a
foreign language localization. Or just let a virus know how to find
the right place on disk to insert the patch. Out of the box, the RNG
code will look just fine.
> >The best answer to [Microsoft secrecy doubts] is a report Lucky Green gave
>to this
>>list on 9/3/1999 when the _NSAKEY story broke:
>>
>>"After watching the NSAKEY talk at the Crypto rump session [name elided], by
>>his own account at the time the person ultimately responsible for CAPI at
>>Microsoft, told a group that even he had not know about the second key. In
>>addition, he informed us that access to the Windows source code is heavily
>>compartmentalized, making it easy to insert modifications without the
>>knowledge of even the respective product managers."
>
>I think this argues in favor of attacking the RNG and against building a
>more flexible backdoor, since the latter will involve multiple
>compartments, and require interfaces that might not othewise exist or be
>used in particular ways. That involves the cooperation of more people.
Subtle backdoors should not need much cooperation, but if cooperation
is needed, put trusted people in each group and have them meet off
campus.
>...
>
>The problem is that you're talking about finding some people with top-notch
>software development skills that can believably be inserted into Microsoft
>under deep cover. They'd have to be able to pursue their backdoor
>installation objectives secretly while continuously justifying their work
>with other, diversionary explanations. They have to be smart enough to do
>all this and have the sort of personality that allows them to continuously
>and successfully mislead their co-workers. I think that's where all this
>would break down. Where do you find enough such candidates to make it
>likely you can actually hire some of them for that job?
I dare say that NSA has a number of competent programmers on staff.
Rotating a few through Redmond every couple of years would be simple
enough.
>
>>NSA seems to know how to motivate folks to keep
>>their mouths shut.
>
>NSA knows how to apply institutional pressure when they have a lever (i.e.
>export controls) and they know how to establish legal pressure through
>security classifications. I don't see how either of those would apply. I
>suppose those undercover superprogrammers would keep their own activities
>secret, since their NSA connection might not look good on their resumes.
>NSA would have a hard problem treating the programmers' activities as
>classified information, since so much of what they do is in unclassified
>environments.
I lost a programmer to NSA once. He gave up stock options, took a 28%
pay cut and had to go through 3 lie detector tests. Yet we couldn't
come close to talking him out of it. NSA motivates people with a
combination of patriotism, important cutting edge work, and a strong
sense of community. Note that there have been no leaks of any US
classified ("Type 1") ciphers since World War II. Not one. That's
long term secrecy.
As for being able to classify backdoors, I believe they would be
considered intelligence gathering methods and would receive the
highest levels of protection (up to TS/SCI). The administration has
asked for new legislation to insure that methods such as these would
not have to be revealed in court in the event of civil litigation or
criminal prosecution. If I recall correctly, there is a provision
to allow the government to get a suppression order even if both
parties to a civil suit wanted to reveal the information. The fact
that they are asking for such laws is a strong indication of the
government's intent.
...
>While I suspect that the open source software concept is the only practical
>strategy for healthy long term evolution of software, it doesn't
>automatically yield bug-free, vulnerability-free, or backdoor-free
>software. At best, it gives us an obvious way to track down trouble after
>it pops up. But it doesn't guarantee we'll look for backdoors, or find them
>if they're there. Most of us know this, but given the discussion, it seemed
>worthwhile to repeat for the general audience.
>
I heartily agree. Eternal vigilance, and all that.
Arnold Reinhold
