- cross-posted to:
- security
You must log in or # to comment.
My father used to work at Bell Labs, validating encryption and stuff. A sketchy little company with a lot of influence was trying to get something certified, and everything was checking the boxes. It was during the second review stage that my father and his coworker realized the random number generator, while a legit one, wasn’t actually the one the documentation specified. They attempted to fail the certification on that premise, but were overruled. They raised the issue internally, and were both laid off a week later. The entire branch of Bell Labs shut down the next month. About a decade later, the coworker of my father found out that the “sketchy little company” was an arm of the CIA, and they were doing similar things to the IPv6 spec.
Shenanigans galore in gnupg:
The cryptographers who wrote the paper […] note that the Libgcrypt maintainers at one point rejected a fix that would have thwarted the extraction of key information: “However, the maintainers refused a patch to switch from sliding windows to fixed windows; they said that this was unnecessary to stop the attacks.”
“C was originally developed at Bell Labs by Dennis Ritchie”, this all adds up now :)
Was lack of overflow checks, no buffer bounds checks, weak error handling and null terminated strings a CIA con job? :D
Bell Labs did a lot of good work, but there will always be people who “aren’t CIA but are friends with people in the CIA” and who are “suspiciously enthusiastic” about adding a feature that makes no sense
Can you give a little bit more information what branch that was, and what the time frame it is we’re speaking about? Thank you very much.
Asked for the details - here they are:
The original OpenSSL, 2004. Being certified by IBM Domus lab Ottawa. US navy paid for the certification and the US army for the coding (or vice versa). It needed FIPS-140 certification which technically didn’t cover the random number generator. They passed all the tests, but when asked about the random number generator algorithm since the comments didn’t match the code, “everything went to shit”
So integer underflow, no bounds checking on buffer read, ignoring error codes, null terminated strings. Classic C :)
