Re: NSA enhancing Linux security?
From: NeoSadist (neosad1st_at_charter.net)
Date: 02/28/04
- Next message: Bill Laut: "Re: NSA enhancing Linux security?"
- Previous message: NeoSadist: "Re: NSA enhancing Linux security?"
- In reply to: jealous xmp: "Re: NSA enhancing Linux security?"
- Next in thread: NeoSadist: "Re: NSA enhancing Linux security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Feb 2004 09:29:50 -0700
jealous xmp wrote:
>>I mean, who are we kidding... The NSA?? Out of the goodness
>>of their soul are interested in improving the security of
>>other people's Linux machines?
>
> You betcha. In fact, to some extent, script kiddies, etc are enemies of
> the
> state. The NSA, or NCSC, has released several guides to securing Windoze
> also.
> As well as rated many products. Are you telling me they slipped
> backdoors
> into Securing Windows XP?
>
> I personally welcome the SE linux project. Hardened Gentoo, and others,
> are
> incorporating these mods into their projects. I guess Redhat and others
> are
> jumping on the bandwagon now too. SE linux (and other OSS projects) are
> bringing elements of Trusted VMS, Solaris, and HP-UX to a free OS. Very
> promising project if you ask me.
>
> Until it's hardened, linux is pretty damned weak anyway. At least the
> average distro.
>
>>I don't think I can find words to describe at what level is
>>"smells fishy" an understatement in this case.
>
> You're implying maybe a local root or something. Local root is incredibly
> easy
> to get on the average distro as is. Why not use these mods from SE linux
> to
> keep out the script kiddies, and even some of the better attackers. If
> you don't like SE linux, then there are some other projects attempting to
> do the same things.
>
> And the U.S. govt gave a grant to OpenBSD in the past I believe. So some
> subset of the govt has aided OSS in the past.
>
>>(there is always the "conspiracy theory" that the DES was
>>designed with "mysterious" values for the S-Boxes that
>>have a "magical" key that breaks it -- or whatever, not
>>necessarily a particular key)
>
> Oh spare me. The key length was reduced to 56 bits from the 128 bit
> Lucifer
> spec. This of course weakened it, from a brute force perspective. But
> the 56 bit key (64 bit block?) may have been easier to implement in
> hardware at the
> time, and faster. And many were using Triple DES anyway soon afterwards
> (112 /
> 168 bit key). As far as S boxes, I believe they were strengthened if
> anything.
> Remember the linear-differential cryptanalytic attack wasn't invented
> till
> later. Have you looked at the strength of the boxes relative to
> differential
> and linear attacks? Anyway, I'm a crypto newb, but this the summary of
> things in AC and other books.
>
>>Yes, I know I may sound overparanoid... But, let's face
>>it: the NSA? There is no such thing as being too paranoid
>>when we're talking about the NSA.
>
> I suspect the better blackhats will find ways around linux mods, trusted
> systems, etc. UML, chroot jails, vmware, have all been broken in the
> past. Half the goal is just to lock out network worms, script kiddies, and
> the less
> skilled blackhats. In that sense, SE linux is a step in that direction.
>
> Michael
Yep, and remember nothing is unhackable. We're only making it take a LOT
longer to do.
--
Spouse, n.:
Someone who'll stand by you through all the trouble you
wouldn't have had if you'd stayed single.
- Next message: Bill Laut: "Re: NSA enhancing Linux security?"
- Previous message: NeoSadist: "Re: NSA enhancing Linux security?"
- In reply to: jealous xmp: "Re: NSA enhancing Linux security?"
- Next in thread: NeoSadist: "Re: NSA enhancing Linux security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
