NSA 付錢給 RSA 放後門的事件...

Edward Snowden 再次丟出 NSA 內部文件,表示 NSA 付錢給 RSA 在演算法裡面放後門:「Exclusive: Secret contract tied NSA and security industry pioneer」。

RSA 的回應則是完全不想提到這筆錢是做什麼用的:「RSA Response to Media Claims Regarding NSA Relationship」。

現在一般在猜測,這個後門應該就是 RSA BSAFE 的預設偽隨機數產生器 Dual_EC_DRBG

對於 Dual_EC_DRBG 的攻擊,2006 年的「Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator」就這樣寫:

Our experimental results and also empirical argument show that the DEC PRG is insecure. The attack does not imply solving the ECDLP for the corresponding elliptic curve. The attack is very efficient.

在 2007 年,Bruce Schneier 寫了一篇「Did NSA Put a Secret Backdoor in New Encryption Standard?」,提到這個弱點並沒有大到使得這個演算法不堪用,但看了總是不爽:

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

並且建議不要用 Dual_EC_DRBG:

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

現在回頭看這件事情... hmmm...

對 /dev/random 的攻擊...

Bruce Schneier 的 blog 上寫了一篇「Insecurities in the Linux /dev/random」,針對 /dev/random 的亂度找出弱點攻擊,雖然目前的攻擊看起來影響不大...

論文被傳到 Cryptology ePrint Archive 上,名稱是「Security Analysis of Pseudo-Random Number Generators with Input: /dev/random is not Robust」。

NSA 向世人展示了任何實做上的問題都可以成為漏洞的能力,這些純理論的研究也愈來愈被重視...

PHP 5.5 的改善...

因為 PHP 5.5.0 Alpha1 在十一月放出來,國外論壇上也陸陸續續都開始在討論 PHP 5.5 的文章,像是這篇列出了 PHP 5.5 的新功能:「What to Expect From PHP 5.5」。

目前看起來,PHP 5.5 導入 Generators 與 yield,可以讓 iterator 的行為寫得更自然,以前要自己得用 class 包起來模擬...

不過,可以直接寫 "Hello World"[1] 得到 "e" 究竟會讓 PHP community 產生出來的 code 變成什麼樣子呢...