

Ask HN: What security mechanisms have been compromised? - Milagre

In the wave of recent disclosures of the NSA&#x27;s intrusions, I&#x27;d like to know more about security&#x2F;cryptography practices.  Most articles are geared towards one of two audiences: the consumer (make it simple), or the expert (discuss extreme details).  The technical details are hard to come by in a way that I can understand.<p>Many articles say, &quot;If you are not an expert in cryptography, don&#x27;t try.&quot;  Well, I&#x27;m not an expert, and I don&#x27;t want to fake it.  I want to understand to the best of my ability, and make informed decisions.<p>I am a general developer, and I&#x27;m one of many who needs help understanding how to apply recent news to my development practices and production environments.<p>Can someone summarize what general developers should be thinking about moving forward, that we haven&#x27;t been considering before (i.e. not password management).
======
kjs3
The first thing to understand is that the NSA hasn't (or hasn't proved to
have) undermined fundamental security technology. There is no indication of a
magic attack that breaks AES, just like no magic attack existed for DES before
it. What has been disclosed is the massive scale upon which 2 things have
happened:

1) The NSA's comprehensive subversion of information technology vendors into
making it easy for the NSA to gain access to data. 2) The scale to which the
NSA has been allowed to siphon that data from the most optimal places for an
attacker.

One of the first things I point my developers at when they ask about crypto is
[http://www.daemonology.net/blog/2009-06-11-cryptographic-
rig...](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-
answers.html). Nothing in there has changed. However, you probably want to
assume that if you're using, say, the Microsoft CrypoAPI or Java JCE that you
cannot be assured that a mechanism to access your data isn't present.

~~~
Milagre
So all the attack vectors the NSA has used to date are based upon backdoors
(voluntary or otherwise) to existing vendors?

Something I've been confused and/or mislead about is that if root/CA ssl
certificates are compromised, then all derivative ssl certificates are also
compromised. Is this true? Are these some of the companies the NSA has
'backdoors' with?

Sorry, I'm not even sure about the terminology here -.-

~~~
kjs3
Yes, what we _know_ is that the NSA has compromised many vendors, including it
seems some of the CA vendors. So it's possible that a CA could issue the NSA a
certificate that could fool you into thinking an NSA surveillance node was a
valid site, or that a bit of software was written by a legitimate vendor and
is safe to run. The devil is in the details, of course...if the goal is to
have a valid, signed Microsoft key, you really need the Microsoft CA to sign
it, but 1) the vast majority of people don't check so close is often good
enough, and 2) I personally think Microsoft would cave faster than Verisign,
so...

And you are correct: if a CA has disclosed their root signing certificate,
then the NSA could issue seeming legitimate certificates for pretty much
anything.

