Se7en
2016-10-02 19:43:02 UTC
I was reading up on NSA-created cryptology software. This was prompted
when I discovered that my Distro's OpenSSL was out of date. Going to the
OpenSSL site I discovered the unclassified patent agreement with the NSA
in the development of the OpenSSL codebase. I did not realize, hitherto,
that /modern/ cryptology software was made by the NSA.
I understand that during the period of time known as the CryptoWars, the
NSA did make encryption software for use by themselves (at a time when
it was under the same laws as guns...). Now, I have discovered that they
still hold patent for common forms of Encryption.
They own most of the SHA512 codebase.
Now, with the ability to audit code (it is FLOSS), and how long the
cypher-suite has existed, there is no chance for backdoors (duh). None
have been found (though they probably implement some into the non-free
versions for use on systems such as Windows.) The concern I have is that
if the NSA still holds patent on the software codebase, there is a
possibility that they have already come up with a secretive manner of
decryption for SSL and TLS.
I know that in 2014 it was revealed that some forms of SSL and TLS were
easily broken by them. I have since removed the ability to use these
key-
types from my machine.
I have also switched from pure OpenSSL to the LibreSSL package (which
still partially utilizes the pre-existing OpenSSL toolset).
Should I be concerned that the NSA has partially developed FLOSS code
that is primarily used in *all* modern computer encryption?
Didn't crosspost to the relevant groups, thought I shouldwhen I discovered that my Distro's OpenSSL was out of date. Going to the
OpenSSL site I discovered the unclassified patent agreement with the NSA
in the development of the OpenSSL codebase. I did not realize, hitherto,
that /modern/ cryptology software was made by the NSA.
I understand that during the period of time known as the CryptoWars, the
NSA did make encryption software for use by themselves (at a time when
it was under the same laws as guns...). Now, I have discovered that they
still hold patent for common forms of Encryption.
They own most of the SHA512 codebase.
Now, with the ability to audit code (it is FLOSS), and how long the
cypher-suite has existed, there is no chance for backdoors (duh). None
have been found (though they probably implement some into the non-free
versions for use on systems such as Windows.) The concern I have is that
if the NSA still holds patent on the software codebase, there is a
possibility that they have already come up with a secretive manner of
decryption for SSL and TLS.
I know that in 2014 it was revealed that some forms of SSL and TLS were
easily broken by them. I have since removed the ability to use these
key-
types from my machine.
I have also switched from pure OpenSSL to the LibreSSL package (which
still partially utilizes the pre-existing OpenSSL toolset).
Should I be concerned that the NSA has partially developed FLOSS code
that is primarily used in *all* modern computer encryption?
--
Se7en | ,= ,-_-. =. GNU 4 Life
***@firemail.cc | ((_/)o o(\_)) gnu.org/philosophy
http://se7en.ml | `-'(. .)`-' ``Screw the penguin.
0x257FD9D0DCB6B59 | \_/ The goat is sexier!''
Se7en | ,= ,-_-. =. GNU 4 Life
***@firemail.cc | ((_/)o o(\_)) gnu.org/philosophy
http://se7en.ml | `-'(. .)`-' ``Screw the penguin.
0x257FD9D0DCB6B59 | \_/ The goat is sexier!''