Re: NSA enhancing Linux security?

From: NeoSadist (neosad1st_at_charter.net)
Date: 02/28/04 

Date: Sat, 28 Feb 2004 09:27:36 -0700

Carlos Moreno wrote:

>
> What's that about?
>
> I mean, I read the article, and it truly terrifies me that
> basically all Linux distributions are going to include it.
>
> I mean, who are we kidding... The NSA?? Out of the goodness
> of their soul are interested in improving the security of
> other people's Linux machines?
>
> I don't think I can find words to describe at what level is
> "smells fishy" an understatement in this case.
>
> I guess that being that the code is available and all, it
> can be scrutinized by the public... That's in principle
> good news, but I can't get over the impossibility of the
> NSA contributing to enhance other people's security...
> It's practically an oxymoron... It's like Microsoft
> donating one billion dollars to the OSDL without any
> conditions at all.
>
> Plus, I'm sure that code could be full of obscure and
> obfuscated trickery to set up back doors; so, even being
> open source, there may be "evil" things that go unnoticed.
> (there is always the "conspiracy theory" that the DES was
> designed with "mysterious" values for the S-Boxes that
> have a "magical" key that breaks it -- or whatever, not
> necessarily a particular key)
>
> Yes, I know I may sound overparanoid... But, let's face
> it: the NSA? There is no such thing as being too paranoid
> when we're talking about the NSA.
>
> Any comments?
>
> Carlos
> --

Here are my comments:
1) The NSA used to NEVER share info. I don't think this falls under
"conspiracy theory" when Linus and all the other main gurus have been all
over that kernel. The only way to TRULY know if you're safe, however, is
to scan the source code over yourself.
2) They aren't including anything that wasn't already available, and they
show how to use all that stuff too.
3) I'm USAF and we haven't switched over to NSA Linux, so there's no
conspiracy here.
4) Main kernel isn't switching over to NSA's kernel, so there's no
conspiracy there.
5) People aren't forcing you to use the NSA kernel, so there's no conspiracy
there. 

-- 
Nobody wants constructive criticism.  It's all we can do to put up with
constructive praise.

Relevant Pages

  • Re: How To Abandon Microsoft
    ... That NSA_KEY conspiracy thing is silly, ... No if the NSA was ... involved in modifying CryptoAPIit would have been in the ... with traps to the kernel. ...
    (sci.crypt)
  • Re: Basic SELinux Question
    ... I've heard all of this "talk" about how secure SE Linux is. ... it's the NSA! ... For open source you have two general categories: Linux and BSD. ... security. ...
    (Debian-User)
  • Re: Basic SELinux Question
    ... I was going to use an SE Linux mailing list for this, but, figured I'd ask on this list first, figuring that I may have a better chance of not getting a biased answer. ... how secure can this thing be if it has been developed by the NSA? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • Re: NSA enhancing Linux security?
    ... >>when we're talking about the NSA. ... > code review that the kernel goes through, ... complex cryptographic algorithms... ...
    (comp.os.linux.security)
  • Re: Crypto regulations
    ... >> conspiracy theory, even when it is true, it is only a marginal threat. ... > So the existence of backdoors in Windows is not interesting? ... need a second key to do that. ... I thought that the idea was that the NSA could snoop. ...
    (sci.crypt)