Category Archives: Security

RNG Whitening Bug Weakened All Versions of GPG

Posted on by

Werner Koch, maintainer of Libgcrypt and GnuPG, announced today:

"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. … All Libgcrypt and GnuPG versions released before 2016-08-17 are affected on all platforms. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened."

However, in the text of one of the patches (archived) which accompanied this announcement, we find a slightly different statement:

"This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable."

In effect, this means that no key created with GPG to date carries more than 580 bytes of effective entropy (e.g., all 4096-bit and above RSA keys have 'subkeys' which – we now find – mathematically relate, in a possibly-exploitable way, to the primary key.)

It should be remembered that, due to the structure of the OpenPGP format, breaking a GPG subkey is often quite nearly as good as breaking the primary key – i.e. it will allow the attacker to create valid signatures, in the case of a signature-only subkey, or else to read intercepted ciphertext, or both.

And thus we find that, due to the staggeringly-braindamaged design of the protocol and of this implementation, GPG users who elected to use longer-than-default GPG keys (Phuctor presently contains 1,090,450 RSA moduli which exceed 2048 bits in length1) ended up with smaller-than-default effective cryptographic strength.

Likewise noteworthy is the fact that this bug was contained in an RNG 'whitening' routine. The popular but wholly-pseudoscientific practice of RNG 'whitening' creates the appearance of an effective source of entropy at times when – potentially – none exists2, at the cost of introducing a mathematical relationship (sometimes, as in the case at hand, a very exploitable one) between RNG output bits, which by their nature are intended to be wholly uncorrelated.

  1. Not all of these moduli were generated using GPG. 

  2. A whitened (walked over with, e.g., RIPEMD – as in GPG, or SHA2, or AES) stream of zeroes, will typically pass mathematical tests of entropy (e.g., the Diehard suite) with flying colors. While at the same time containing no meaningful entropy in the cryptographic sense. 

Github Enforces USG.NSA Copyright And Other Lols, Roundup Xtend'd

Posted on by

Following the initial announcement of "Shadow Broker's" (WOT:nonpeople) planned auction of alleged NSA surveillance tools and miscellanea, further lulz emerged. Here they are Roundup Xtend'd:

  1. Github effectively and proactively enforced a potential copyright claim by the United States National Security Agency by booting the information off their platform.
  2. Numerous media outlets are skirting around where the goods came from by tenaciously using the "Equation Group" moniker for the group with which the tools originated.
  3. The issue of whether the teasers offered of the goods for sale are novel or rehashes of previous leaks has not yet been definitively established given the sheer amount that has been leaked already.
  4. A suggested price of One Million Bitcoin has been floating around. The price, which represents a substantial percentage of the best money's monetary mass, reeks of insanity and a deep povertree of the sort that makes a supposed person incapable of market participation.

Sorry for your lols.

There May Be Lulz

Posted on by

A hacking group known as Shadow Brokers announced Monday they were going to auction an assortment of stolen surveillance tools purportedly used by NSA hackers. The group released code samples to boost veracity of their claims, the National Security Agency naturally witholding comment on the subject. Security experts offered mixed opinions on the existence of the malware, and the hackers only said the auction would end at a specified time. (archived) Peace in our specified time.

Dicamba Disaster Continues Destruction

Posted on by

As the story of the Dicamba Disaster in the United States begins finally reaching mainstream media outlets, the St Louis Post Dispatch brings us news that Dicamba Drift has threatened Missouri's largest peach orchard (archived). Two hundred and fifty acres of the orchard's peach trees are already irreparably harmed and as the damage continues to show that number could double by next spring as the injury progresses.1

Dicamba has been around since 1942. Until this year it had largely survived in its humble role as that thing you add as a tiny fraction of a percent to your tank mix as a little kicker to beat back broadleaf weeds. What it did, what it didn't do, and why it stayed that tiny fraction were established. Why it stayed the tiny fraction is that dicamba is volatile and the dicamba that doesn't get absorbed and bound will vaporize and spread.

The ascendancy of Roundup Ready in the 1990's inspired much panic. "Genetic modifications AND a super herbicide?" Glyphosate however turned out to be a kitten with the surfactants mixed with it carrying a greater hazard to fauna than the herbicide itself, flora was still fucked though.2

Monsanto opened a pandora's box with their latest offering, because when you offer desperate farmers soybeans that won't suffer any losses with two herbicides those farmers are getting as much mileage out of those two herbicides as they can. Bad behavior becomes mandatory, because fuck that other family's peach orchard which took a generation to grow. Also no one cares about the other stands of mature trees yellowing, defoliating, and in clear decline.3

It would likely have not made things much better even if Monsanto released their "less volatile" dicamba with the seeds4 so long as other people were selling classic Dicamba preparations for less. The competition between agriculture and chemistry is leaning decidedly in chemistry's favor with crops outside of the limited Monsanto supplied corns and alt-corns becoming environmentally impracticable. US agriculture at this point appears to on track to become a fiefdom of tort law in the same way US medicine is by this time next year. This is the story of your loss and imazapyr resistant crops can't come soon enough (archived).

  1. And even in the absence of further dicamba applications nearby it will continue to progress.  

  2. But only if the glyphosate solution actually made contact with foliage.  

  3. This phenomena is pointedly NOT limited to the portions of the Ozarks that US based media is suggesting it to be. 

  4. It seems likely they anticipated the destruction and didn't want their preparation taking the blame.  

The "Your Loss" Playbook

Posted on by

Before we at Qntra can be sorry for your loss, someone else has to bake your loss first.When a "business" decides to live at the intersection of Bitcoin money and fiat currencies your loss tends to follow the same few steps. There may be a few variation on these steps depending on whether your chosen loser is BitInstant, MtGox, Mcxnow, Homero Garza, Buterin,1 or Bitfinex.

  1. Make, buy, or steal a thing to be calling your business. If you are a true pioneer like Intersango you make it. You buy it if you are Mt Gox or Butterfly Labs. If you are Bitfinex you just straight up steal it.2
  2. You start making noise. If you are Trendon Shavers you recruit "privileged insiders" to do your selling. If you are Butterfly Labs you buy a bunch of advertising. If you are Homero Garza you buy advertising from all the media outlets and do a bit of the privileged insider thing.
  3. You build some history for either spectacular returns and reliability. You paper over the complaints with lies and declarations of "This is just how we do things" to justify the insanity. You lean on your loyal bought and paid for noisemakers3 to toe your party line.
  4. Your Loss, we are sorry.4
  5. When the complaints get too loud the payment processor and all manner of accessories to the scheme start getting scapegoated. Mt Gox had Dwolla. BitInstant had numerous payment processors to blame. At this point the existence of the loss is clear, but some effort is made to conceal the loss is yours.
  6. Tokens! A market for them! See MtGox Bitcoins on Bitcoin Builder, BFX Tokens on Bitfinex, and the entire Paycoin scheme that emerged when GAW could no longer hold up the pretense of mining.
  7. The pretense is suddenly lifted. Every one is sorry for your loss.

History rhymes and this is the story of your losses. Just like the various color revolutions, your loss follows a pattern. We're sorry.

  1. The various altcoin scams invariably end up actually being fiat/Bitcoin interface scams when the scammers need to eat off of customer deposits and pimp their rides. 

  2. preferably from another scam that too moribund to care at the time  

  3. Roger Ver and Andreas Derpolopolis are very popular and affordable choices.  

  4. The steps following this case can be skipped in the event of Trendon Shavers  

Popular Voting Machine Hacked With Seals Intact, Plays Pacman

Posted on by

J. Alex Halderman, professor of computer science and engineering at the University of Michigan, has modified a Sequoia AVC-Edge DRE voting machine to play classic video game Pac-Man. The machines were in widespread use in parts of Louisiana, Missouri, Nevada, and Virginia, according to the manufacturer Verified Voting. Instead of "using the machines to steal votes" they decide to use a MAME emulator to play the popular arcade game. The machines have 486 SLE processor and 32 MB of RAM, and runs MS-DOS as it OS. The professor said the machine was last used in the 2008 Williamsburg, Virginia primary elections, and was part of a pair sold for $100. Halderman further indicated the machine can indeed run linux as well, leaving open the possibility for a wider array of future projects.

Bitfinex Freezes US Customer Accounts Following Another Loss

Posted on by

Reports are emerging that Bitfinex account holders in the United States have had their accounts frozen. They are powerless to trade and more importantly withdraw funds from Bitfinex. The present scapegoat appears to be a dispute between Bitfinex and the payment provider Synapse pay who services their United States customers. A loss is allegedly at the center of this dispute. Sorry for yours.

Man Jailed After Allegedly Spiking Utah Police Sergeant's Lemonade

Posted on by

A fast food worker remains jailed after a police sergeant in Layton, Utah alleges the man "spiked" his lemonade with methamphetamine and tetrahydrocannabinol (archived). While methamphetamine is water soluble and capable of entering into solution with lemonade, tetrahydrocannabinol is incapable of entering into solution with water strongly suggesting that if tetrahydrocannabinol appeared on the Sergeant's drug screen it is because he likes to get himself high. Continue reading

Alleged Orlando Shooter's Father Seated Behind Hillary At Rally

Posted on by

Alleged Orlando shooter Omar Mateen's (WOT:nonperson) father was prominently seated behind Hillary Rodham-Clinton (WOT:nonperson) at a political rally in Kissimmee, Florida. Omar Matteen's father Seddique Mir Mateen (WOT:nonperson) left Afghanistan in the 1970's and has for years produced a number of videos where he claims the title "Revolutionary President of Afghanistan." There has been no mention in the mainstream media about how Hillary's ties to an insurgent leader may affect her relationship as president with the presently US backed government of Ashraf Ghani (WOT:nonperson) in Afghanistan.

Merkel Regime To Broaden Issuance Of Driving Bans In Germany

Posted on by

Reports are emerging that the Angela Merkel regime in Germany is prepared to push through new legislation that would make drivers license revocation a common sanction for non-driving related "crimes" against the Zher majesty the EuroFührer Angela Merkel. While much of the public justification for the new measures involve detering youth crime (archived), suggested offenses include failing to pay child support as an absentee parent. Naturally the measure would be used to punish dissidents as "hate speech" would be similarly subject to driving license revocation. The new motoring sanctions would be levelled in combination with the EuroFührer's most popular sanction, the suspended prison sentence. This adds to the threat of arbitrary imprisonment for violating the sentence's suspension1 further punishment in the form of travel restrictions. Sorry for your laws, but papers please.

  1. Because why judicially imprison someone after trial when you can administratively imprison them later.