Re: NSA enhancing Linux security?
From: jealous xmp (jealousxmp_at_aol.com)
Date: 02/28/04
- Previous message: Jim Richardson: "Re: NSA enhancing Linux security?"
- In reply to: Carlos Moreno: "NSA enhancing Linux security?"
- Next in thread: NeoSadist: "Re: NSA enhancing Linux security?"
- Reply: NeoSadist: "Re: NSA enhancing Linux security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Feb 2004 09:43:01 GMT
>I mean, who are we kidding... The NSA?? Out of the goodness
>of their soul are interested in improving the security of
>other people's Linux machines?
You betcha. In fact, to some extent, script kiddies, etc are enemies of the
state. The NSA, or NCSC, has released several guides to securing Windoze also.
As well as rated many products. Are you telling me they slipped backdoors
into Securing Windows XP?
I personally welcome the SE linux project. Hardened Gentoo, and others, are
incorporating these mods into their projects. I guess Redhat and others are
jumping on the bandwagon now too. SE linux (and other OSS projects) are
bringing elements of Trusted VMS, Solaris, and HP-UX to a free OS. Very
promising project if you ask me.
Until it's hardened, linux is pretty damned weak anyway. At least the average
distro.
>I don't think I can find words to describe at what level is
>"smells fishy" an understatement in this case.
You're implying maybe a local root or something. Local root is incredibly easy
to get on the average distro as is. Why not use these mods from SE linux to
keep out the script kiddies, and even some of the better attackers. If you
don't like SE linux, then there are some other projects attempting to do the
same things.
And the U.S. govt gave a grant to OpenBSD in the past I believe. So some
subset of the govt has aided OSS in the past.
>(there is always the "conspiracy theory" that the DES was
>designed with "mysterious" values for the S-Boxes that
>have a "magical" key that breaks it -- or whatever, not
>necessarily a particular key)
Oh spare me. The key length was reduced to 56 bits from the 128 bit Lucifer
spec. This of course weakened it, from a brute force perspective. But the 56
bit key (64 bit block?) may have been easier to implement in hardware at the
time, and faster. And many were using Triple DES anyway soon afterwards (112 /
168 bit key). As far as S boxes, I believe they were strengthened if anything.
Remember the linear-differential cryptanalytic attack wasn't invented till
later. Have you looked at the strength of the boxes relative to differential
and linear attacks? Anyway, I'm a crypto newb, but this the summary of things
in AC and other books.
>Yes, I know I may sound overparanoid... But, let's face
>it: the NSA? There is no such thing as being too paranoid
>when we're talking about the NSA.
I suspect the better blackhats will find ways around linux mods, trusted
systems, etc. UML, chroot jails, vmware, have all been broken in the past.
Half the goal is just to lock out network worms, script kiddies, and the less
skilled blackhats. In that sense, SE linux is a step in that direction.
Michael
- Previous message: Jim Richardson: "Re: NSA enhancing Linux security?"
- In reply to: Carlos Moreno: "NSA enhancing Linux security?"
- Next in thread: NeoSadist: "Re: NSA enhancing Linux security?"
- Reply: NeoSadist: "Re: NSA enhancing Linux security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
