已翻译 by小眼儿

Signed-off-by: tinyeyeser <tinyeyeser@gmail.com>

sources/On Security Backdoors.md

@@ -1,44 +0,0 @@
-翻译中 by小眼儿
-
-On Security Backdoors
-=====================
-
-I [wrote][1] Monday about revelations that the NSA might have been inserting backdoors into security standards. Today I want to talk through two cases where the NSA has been accused of backdooring standards, and use these cases to differentiate between two types of backdoors.
-
-The first case concerns a NIST standard, [SP 800-90A][2], which specifies a type of PseudoRandom Generator (PRG). A PRG is a computation that takes a small number of random/unpredictable bits and “stretches” them to get a larger number of unpredictable bits. PRGs are essential to cryptography, serving as the source for most of the secret keys that are used. If you can “break” somebody’s PRG, you can predict which secret keys they will use, thereby allowing you to defeat their crypto.
-
-The standard gave a choice of several core algorithms to choose from. One of them uses a mathematical construct called an Elliptic Curve (EC) which I won’t try to explain in this space. This algorithm uses two “public parameters” called P and Q, which are points on the EC. P and Q are public, with specific values written into the standard.
-
-Cryptographers believed that if you picked P and Q randomly, the PRG would be secure. But in 2006 two private-sector cryptographers figured out that there is a way to pick P and Q so they have a special relationship to each other. An “outsider” wouldn’t be able to tell that the special relationship existed, but if you knew the “secret key” that described the relationship between P and Q, then you could easily defeat the security of the PRG.
-
-At this point, several facts become suddenly interesting. First, NSA people seemed very intent on including this specific algorithm in the standard despite its slow performance. Second, NSA was suggesting specific values of P and Q. Third, NSA was not explaining how those particular P and Q values had been chosen. Interesting, no?
-
-All of this could have been addressed by having some kind of public procedure by which new, random P and Q values would be chosen. But that didn’t happen.
-
-Yesterday NIST [re-opened][3] SP 800-90A for public comment.
-
-The second example was explained by John Gilmore. John described his observations from the IPSEC standards process. IPSEC was meant as a foundational security technology, providing crypto for confidentiality and integrity of individual IP packets on the Internet. A successful and widely deployed IPSEC would have been a game-changer for Internet security, putting lots of traffic under cryptographic protection.
-
-John says that NSA people and their allies worked consistently to make the standard less secure, more complicated, less efficient, and harder to implement securely. He didn’t see a smoking-gun attempt to introduce a backdoor, but what he describes is a consistent effort to undermine the effectiveness of the standard. And indeed, IPSEC has not had anything like the impact one might have expected.
-
-These examples shows us two different kinds of backdoors. In the first PRG case, the NSA was accused of trying to create a backdoor that only it could use, because only it knew the secret key relating P to Q. In the second IPSEC case, the accusation was that the NSA was weakening users’ security against all attackers—the NSA would have easier access to your data, but so would all sorts of other people.
-
-To be sure, even a private backdoor might not stay private. If there is a magic secret key that lets the NSA spy on everyone, that key might be misused or it might leak. So the line between an NSA-only backdoor and an open backdoor is always a bit blurry.
-
-Still, it seems to me that the two types of backdoors call for different policy debates. It’s one thing to secretly give the NSA easier access to everyone’s data. It’s another thing to give everyone easier access. The latter is worse.
-We need to look as well at how a backdoor might be created. In the PRG example, the backdoor would have required the NSA to slip a subtle cryptographic weakness past the crypto experts working on a standard. In the IPSEC example, creating the weakness would seem to require coordinated public activity in the standards body over time, and the individual steps would surely be noticed even if nobody spotted a pattern.
-
-But one has to wonder whether these examples really were NSA attempts to undermine security, or whether they’re just false alarms. We can’t be sure. As long as the NSA has a license to undermine security standards, we’ll have to be suspicious of any standard in which they participate.
-
----
-
-via: https://freedom-to-tinker.com/blog/felten/on-security-backdoors/
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
-
-译者：[译者ID](https://github.com/译者ID) 校对：[校对者ID](https://github.com/校对者ID)
-
-
-[1]:https://freedom-to-tinker.com/blog/felten/nsa-apparently-undermining-standards-security-confidence/
-[2]:http://csrc.nist.gov/publications/drafts/800-90/draft_sp800_90a_rev1.pdf
-[3]:http://www.nist.gov/director/cybersecuritystatement-091013.cfm

translated/On Security Backdoors.md

@@ -0,0 +1,41 @@
+实例论证：NSA在安全标准中植入后门
+=====================
+
+前不久我[写到][1]NSA可能在安全标准中植入后门。今天，我们通过2个具体的案例谈谈，NSA在标准中的哪些地方植入后门，然后通过这两个例子比较一下两种后门之间的不同。
+
+第一个案例是关于NIST标准，[SP 800-90A][2]，该标准详细说明了一种伪随机数生成器（PseudoRandom Generator 以下简称PRG）。一个RPG可以通过计算得到一小组不可预料的随机比特，并进而“延展”得到大量的随机比特数。在密码学中，PRG作为大多数密钥的源头，是必需的。因此，如果你能“破解”某些人的PRG，你就能预测其使用的密钥，进而击溃其整个加密算法。
+
+NIST标准中提供了一些核心算法供PRG选择。其中一个算法使用了一种叫做椭圆曲线的数学结构，在这里我并不展开介绍这个数学概念。总之，这个算法使用了两个“公开参数”P和Q，它们均在标准中有指定的值，因此说它们是公开的。
+
+密码学家相信，如果P和Q是随机的，PRG就是安全的。但是2006年，两个独立加密学家指出，通过某种方法选定P和Q后，它们之间就具有了某种特殊的关系。一个“局外人”可能并不知道这种特殊关系的存在，但是如果你知道了描述P和Q之间该关系的“密钥”，就可以轻松击溃PRG的安全体系。
+
+知道了这一点，会发现很多事实突然变得有趣起来。首先，NSA看起来十分执意要将这种算法写入标准，即使它的运行效率很低；其次，NSA在标准中指定了P和Q的建议取值范围；第三，NSA并未解释这些给定的取值范围是如何得出的。怎么样，是不是有点儿意思？
+
+不仅如此，现在已经可以通过一些已公开的步骤，得出新的随机的P和Q，也就是说，以上三点是完全可以改进加以避免的，但是NSA并没有这么做。
+
+值得注意的是，（也许是为了辟谣），前不久（9月10日），NIST[重新开放][3]了SP 800-90A的公开评论。
+
+第二个案例是由John Gilmore提出的，他在IPSEC标准中发现了问题。IPSEC被视为安全技术的一个基石，能够为因特网中的个人IP数据包提供完整可靠的加密。一个成功广泛部署的IPSEC协议可以大大强化因特网安全，为多种网络通信提供加密保护。
+
+John说，NSA及其代理部门始终在降低该标准的安全水平与执行效率，同时却不断提高其复杂程度和安全方面的实现难度。尽管John还没有掌握NSA植入后门的确凿证据，但是他发现，NSA的确在不断削弱该标准的效力，事实上，IPSEC已经没有人们想象中的那样安全可靠。
+
+上述案例向我们展示了两种不同类型的后门。第一个关于PRG的案例中，我们怀疑NSA尝试建立一个只有它能使用的后门，因为只有它知道关联P和Q的密钥。第二个关于IPSEC的案例中，NSA不断削弱用户的安全防护能力，这样它就能更轻易地访问你的数据，但同时其他所有人都具有了这样的机会。
+
+可以确定的是，一个私有后门很可能无法一直“私有”。如果真有这样一个magic密钥，能让NSA窥探所有人的秘密，那这把钥匙很可能会被滥用或泄露到外界。因此，NSA私有后门和公开后门之间的界限并不明显。
+
+但是，看起来这两种后门之间还是引起了不同的政策辩论。前者使得NSA能秘密地轻易访问每个人的数据，后者则赋予了每个人这种访问权限，后者的影响力要更加严重。同时，我们应该看到一个后门是如何创造出来的。在PRG的案例中，需要获得制定标准的专家们通过，NSA才能使其加密过程中那微小的缺陷“蒙混过关”。在IPSEC的案例中，则貌似需要在标准的整个制定过程中不断协调公关活动才有机会制造那小小的缺陷，在这个过程中，即使没有人发现某种模式，也应该能注意到某些单个步骤，（但是却没有）。
+
+也许有人会问，这些案例中，是否真的是NSA有意而为之，还是只是空穴来风。对此，我们并不敢保证。但是只要NSA一直拥有参与制定安全标准的许可权限，我们就有必要，对他们所参与制定的任何标准保持怀疑。
+
+---
+
+via: https://freedom-to-tinker.com/blog/felten/on-security-backdoors/
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
+
+译者：[Mr小眼儿](http://blog.csdn.net/tinyeyeser) 校对：[校对者ID](https://github.com/校对者ID)
+
+
+[1]:https://freedom-to-tinker.com/blog/felten/nsa-apparently-undermining-standards-security-confidence/
+[2]:http://csrc.nist.gov/publications/drafts/800-90/draft_sp800_90a_rev1.pdf
+[3]:http://www.nist.gov/director/cybersecuritystatement-091013.cfm