
New Linux kernel debuts, adds more suspect NSA-sourced crypto - mindfulhack
https://www.itnews.com.au/news/new-linux-kernel-debuts-adds-more-suspect-nsa-sourced-crypto-500094
======
amaccuish
Google has decided not to use it [1], so there is discussion of it being
removed [2].

[1]: [https://www.phoronix.com/scan.php?page=news_item&px=No-
Speck...](https://www.phoronix.com/scan.php?page=news_item&px=No-Speck-Yes-
HPolyC-Encryption)

[2]: [https://www.phoronix.com/scan.php?page=news_item&px=Linux-
Ke...](https://www.phoronix.com/scan.php?page=news_item&px=Linux-Kernel-RFC-
Remove-Speck)

------
dagenix
This email outlines some potential issues with Speck:
[https://www.spinics.net/lists/linux-
crypto/msg33291.html](https://www.spinics.net/lists/linux-
crypto/msg33291.html)

And that was discussed here:
[https://news.ycombinator.com/item?id=17214827](https://news.ycombinator.com/item?id=17214827)

I really can't judge the quality of that critique of Speck, but, its a lot
more interesting than just "NSA = bad".

~~~
tptacek
A comment on the thread from the code's contributor is super useful: SPECK was
added because on low-end Android devices with less than 50MB/s AES, it enables
phones to have encryption enabled by default. That is, SPECK is useful in
cases where the alternative would be no encryption at all.

I'd be a little surprised if SPECK was the only workable answer here.

 _Later_ :

It isn't; Google is doing HPolyC instead.

~~~
ebiggers
You can read about some of the other options considered here:
[https://marc.info/?l=linux-crypto-
vger&m=152573520705012](https://marc.info/?l=linux-crypto-
vger&m=152573520705012). But in the end, a new ChaCha-based mode suitable for
disk encryption
([https://eprint.iacr.org/2018/720.pdf](https://eprint.iacr.org/2018/720.pdf))
had to be designed since there didn't seem to be any alternative block cipher
that met the strict performance and security requirements. LEA-128 maybe comes
close, but it hasn't undergone too much cryptanalysis yet (much less than
Speck).

------
otp124
Well, is Speck enabled by default? If not, then this title sounds a bit like
they fear-mongering, or just general FUD.

~~~
zaarn
To my knowledge, on Arch it's enabled as module, so unless some application
uses Speck (which are none that I have installed, care about or know) then the
module will not be loaded and do nothing.

------
amaccuish
After Dual_EC_DRBG, and the early warnings and raised eyebrows, I feel like
"there's no smoke without fire" is a good way to operate nowadays concerning
the NSA.

------
lainga
I encourage ITNews or anyone else to point out what's suspect about Speck.
It's so tiny I don't see where you can or would put the compromise.

~~~
geggam
remember this guy ?

[https://en.wikipedia.org/wiki/Edward_Snowden](https://en.wikipedia.org/wiki/Edward_Snowden)

~~~
tptacek
Yes. Now, finish the thought.

~~~
geggam
Everything the NSA and the US govt touches is suspect. Anything less is silly

~~~
tptacek
That's a non-sequitur. The commenter upthread asked how you would hide a
backdoor in a tiny block cipher. Can you answer that?

~~~
pdkl95
Nobody said anything about a backdoor; the question was "what's suspect about
Speck". Speck is _suspicious_ (which includes more potential risks than just a
"backdoor") because "Everything the NSA and the US govt touches is suspect".

This is the same kind of security-minded heuristic as the advice that you
should restore from a clean backup instead of assuming you can even know how
to clean a compromised host of every rootkit/backdoor/etc. Once trust has been
broken, you have to assume risks _might_ exist until proven safe. This is why
burning trust is often a very bad idea; regaining that trust takes a lot of
time and effort.

Also, suspicion does not require an actual risk to exist.

edit:

For the record, I don't know much about Speck, good or bad. It might be fine,
but that's orthogonal to the NSA earning a reputation that invites suspicion.

~~~
DoreenMichele
_Also, suspicion does not require an actual risk to exist._

No, of course not. But if you are taking that position, you are basically
saying "I suffer from paranoid delusions and don't confuse me with the facts."

From what I gather from skimming this discussion, the question being put to
you is "Suppose I don't suffer from the same paranoid delusions. What are the
actual risks here that a rational person should be genuinely concerned with?
Please and thank you."

~~~
geggam
Google seems to be joining the tinfoil crowd

[https://www.phoronix.com/scan.php?page=news_item&px=No-
Speck...](https://www.phoronix.com/scan.php?page=news_item&px=No-Speck-Yes-
HPolyC-Encryption)

~~~
tptacek
Developing a superior lightweight cipher design doesn't mean Google is joining
any particular criticism of SPECK.

~~~
coatmatter
Either way it's probably good for Google's reputation for them to roll their
own. After all, they don't exactly have as high a standing as Apple appears to
have for some things?

