02-13-14 11:34 PM
106 123 ...
tools
  1. sling's Avatar
    01-20-14 06:18 AM
  2. qbnkelt's Avatar
    Yup, interesting reading. Thanks for sharing.

    This should be an interesting thread, NSA threads usually are.
    01-20-14 06:43 AM
  3. sling's Avatar
    Yup, interesting reading. Thanks for sharing.

    This should be an interesting thread, NSA threads usually are.
    No problem. Interesting but troubling if true.

    Posted via CB10
    01-20-14 06:54 AM
  4. crankedcoffee's Avatar
    In this day and age of our reliance upon technology, how do you expect to have privacy anywhere? If you use anything that sends or receives a signal, it can be intercepted. If it's encrypted, do you really think that it's not impossible to break? There was an article that I believe was written in the same paper about the expectation of privacy is, has and never will happen again. In this day and age, if you use something that makes your life easier or more convenient, then you are trading off your privacy such things. I lead a pretty boring life and if someone wants to know what's happening in it by hacking, eavesdropping or just general interception, their lives have got to be worse.

    Posted via CB10
    rimaniac likes this.
    01-20-14 06:55 AM
  5. Tre Lawrence's Avatar
    Oh my.

    Disappointing if true, but distressingly unsurprising.
    01-20-14 07:03 AM
  6. IJKBB10's Avatar
    Very interesting read. Thanks for sharing
    01-20-14 07:33 AM
  7. Mr.V786's Avatar
    Interesting read! Thank you for posting
    01-20-14 07:39 AM
  8. SmellWhole's Avatar
    Yes, I've often pointed out that just because BlackBerry says it doesn't have the key or access to a back door doesn't mean that someone else, a third party, doesn't have a key or access to a back door. I do remember BlackBerry saying also that it doesn't implement a back door (in its OS?). Again, that doesn't mean one isn't implemented anyway by virtue of a third party's chip or random number generator (or even by a carrier as part of its "tested and approved" OS build). IIRC Bruce Schneier pointed out that even some of NIST's behaviors in endorsing some things are suspect.
    01-20-14 07:47 AM
  9. Tre Lawrence's Avatar
    Isn't NIST the entity that does FIPS?
    01-20-14 07:57 AM
  10. Shanerredflag's Avatar
    This is (IMO) an attempt to link BlackBerry to the mess with the NSA. Not that anyone would want that.

    Zee Z30 pozted thiz
    bungaboy and Mr.Conviviality like this.
    01-20-14 08:06 AM
  11. sixpacker's Avatar
    Let's face it the Dod/nsa has plenty of commercial leverage over blackberry if it chose to use it...

    Posted via the Android CrackBerry App!
    01-20-14 08:20 AM
  12. BoldTeddy's Avatar
    "In BlackBerry's case, an NIST fact sheet shows the company implemented the algorithm as part of its cryptography toolkit for its BlackBerry 10 Enterprise service, among other products. "

    The "among other products" could be the important bit. The algorithm would still be effective against anyone without the key.
    Anyone who did have the key would still have to deal with the other products.

    This potential back door has been an open secret for years it seems. So isn't really news.

    Posted via CB10
    01-20-14 08:56 AM
  13. Richard Buckley's Avatar
    I fee I have to point out that the problem is not that Dual Elliptic Curve Deterministic Random Number Generators are all suspected of having back doors, just ones using specific constants provided by NSA. Elliptic Curve DRNG and Cryptography are based, not surprisingly on elliptic curves. The specific curve implemented is specified by a series of constants. Researchers were able to determine that whoever computed a specific set of constants that specified a particular curve, could in parallel derive another set of constants that would allow them to predict the output of the DRNG. Many cryptogrphic suits, including OpenSSL, implement the Dual_EC_DRNG because it is part of the Nist specification.

    None of that proves BlackBerry is not as involved as RSA, but owning the patent for a technology that has been subverted doesn't mean the company was involved in the subverting.
    zyben, Lumute, rthonpm and 2 others like this.
    01-20-14 09:11 AM
  14. badiyee's Avatar
    Clever writing. Again, its cleverly designed to smear BlackBerry. Not the first attempt, but there are VERY OBVIOUS GLARING problems with the article.

    From that same article:

    In early 2005, two employees at Mississauga-based Certicom Corp. began filing a patent application for a type of random number generator using a mathematical concept called elliptic curves. The patent also described another functionality – a set of keys that could be used, for example, by “trusted law enforcement agents” to do an end-run around the encryption. (Dan Brown, one of the Certicom employees who filed the patent, did not respond to a request for comment.)


    Take a wild guess, when did BlackBerry (back then still called RIM) acquired Certicom?
    It was back in 2009.

    Now please read again, who and what and WHEN was the patent application for a type of random number generator using eliptic curves got filed?
    It was in 2005.

    Unless BlackBerry managed to jump back in time and hired the 2 that filed the patent before buying Certicom in 2009... Yeah.



    http://forums.crackberry.com/general-blackberry-discussion-f2/certicom-ecc-rsa-nsa-backdoor-894344/#post9862752

    Read this, and click on the first link, about John Kelsey confirmed something, and then make your own conclusions.

    Yes, the media is out there to make you believe that BlackBerry is the mastermind of NSA's backdoor hacks and whatnot. Duh. AS IF.



    Again, well played, anti-BlackBerry sentiments. Well played. *slow clap*
    Judging from this thread, already people are feigning ignorance and starting to believe that BlackBerry is the evil mastermind.

    Well played, posters. Well played. Curious tale indeed. Strange connection indeed.
    zyben, CerveloJohn, web99 and 6 others like this.
    01-20-14 10:14 AM
  15. ray689's Avatar
    Something doesn't add up for me. When it comes to government, I say "do as I do not as I say". Rumors broke just a couple days ago that the DOD's implementation of mobile tech will include about 98% BlackBerry phones. Now why would this be the case?
    Definitely convenient timing for this article. People need to see beyond the written page and come their own conclusion.

    Posted via CB10
    01-20-14 10:22 AM
  16. KoreyTM's Avatar
    I fee I have to point out that the problem is not that Dual Elliptic Curve Deterministic Random Number Generators are all suspected of having back doors, just ones using specific constants provided by NSA. Elliptic Curve DRNG and Cryptography are based, not surprisingly on elliptic curves. The specific curve implemented is specified by a series of constants. Researchers were able to determine that whoever computed a specific set of constants that specified a particular curve, could in parallel derive another set of constants that would allow them to predict the output of the DRNG. Many cryptogrphic suits, including OpenSSL, implement the Dual_EC_DRNG because it is part of the Nist specification.

    None of that proves BlackBerry is not as involved as RSA, but owning the patent for a technology that has been subverted doesn't mean the company was involved in the subverting.
    It's not so much that Blackberry is directly subverting cryptography standards, but rather I feel the problem here is two-fold:

    1) They purchased Certicom after Dual_EC_DRNG had already been found to be compromised, and Blackberry, to this day, hasn't done anything about it. I'd even go so far as to say that they'd rather simply turn a blind eye to the issue instead of addressing it.
    2) The backdoor has knowingly been introduced into Blackberry's BES services, which are supposed to exist at the top echelon of security-based communication.

    So the problem isn't so much BBRY creating the subversion themselves, but rather knowingly allowing the problem to perpetuate itself, insofar as to compromise their own BES services.
    savvy_cowgirl likes this.
    01-20-14 10:33 AM
  17. KoreyTM's Avatar
    Clever writing. Again, its cleverly designed to smear BlackBerry. Not the first attempt, but there are VERY OBVIOUS GLARING problems with the article.

    From that same article:



    Take a wild guess, when did BlackBerry (back then still called RIM) acquired Certicom?
    It was back in 2009.

    Now please read again, who and what and WHEN was the patent application for a type of random number generator using eliptic curves got filed?
    It was in 2005.

    Unless BlackBerry managed to jump back in time and hired the 2 that filed the patent before buying Certicom in 2009... Yeah.



    [/FONT][/COLOR]http://forums.crackberry.com/general-blackberry-discussion-f2/certicom-ecc-rsa-nsa-backdoor-894344/#post9862752

    Read this, and click on the first link, about John Kelsey confirmed something, and then make your own conclusions.

    Yes, the media is out there to make you believe that BlackBerry is the mastermind of NSA's backdoor hacks and whatnot. Duh. AS IF.



    Again, well played, anti-BlackBerry sentiments. Well played. *slow clap*
    Judging from this thread, already people are feigning ignorance and starting to believe that BlackBerry is the evil mastermind.

    Well played, posters. Well played. Curious tale indeed. Strange connection indeed.

    You are right about the purchase being made after the patent for the flawed encryption was already established. However:

    "In 2007, two Microsoft researchers showed that the algorithm contained a set of constants that, when combined with a secret key, could essentially break the encryption generated by Dual_EC. In effect, Dual_EC implemented in the real world a version of the backdoor described in the Certicom patent.

    Nobody could say for certain who had the secret key. But the very existence of such a backdoor caused security researchers to strongly urge a boycott of Dual_EC.

    “While we were saying don’t use it, don’t use it, government contractors were demanding it,” security researcher Bruce Schneier said."


    If you noticed, before BBRY's purchase of Certicom in 2009, the cryptography community already knew the backdoor existed since 2007 and was actively trying to fight against the use of the compromised encryption. So while Blackberry did buy Certicom after Certicom had already created the compromised encryption, Blackberry purchased the company and the patent knowing that the problem existed. Not only that, but Blackberry exacerbated the problem by also knowingly including a compromised form of encryption into their BES services. This is the actual issue, and it's quite a problem.
    01-20-14 10:41 AM
  18. ray689's Avatar
    And all things being equal and as easy to crack, why is the DOD using BlackBerry?

    http://blackberryempire.com/blackber...l-blackberrys/

    Posted via CB10
    notafanboy likes this.
    01-20-14 10:41 AM
  19. KoreyTM's Avatar
    Something doesn't add up for me. When it comes to government, I say "do as I do not as I say". Rumors broke just a couple days ago that the DOD's implementation of mobile tech will include about 98% BlackBerry phones. Now why would this be the case?
    Definitely convenient timing for this article. People need to see beyond the written page and come their own conclusion.

    Posted via CB10
    Are you trying to insinuate that after hearing about the DOD's intention to convert almost their entire mobile portfolio to Blackberry, The Globe and Mail wanted to undermine this decision by writing an article such as the one linked in this thread? C'mon, really?

    Edit: To be honest, I'm not even sure if your information regarding the DOD's intentions regarding its mobile portfolio is true, but the fact of the matter is that what you said makes little sense.
    01-20-14 10:45 AM
  20. ALToronto's Avatar
    It wouldn't surprise me if this "back door" was a requirement for RIM to set up its network in the first place. I'm looking forward to BlackBerry's response to this article.

    But NSA snooping aside, as long as some hacker can't get my banking login details, I don't care all that much.

    Posted via CB10
    01-20-14 10:50 AM
  21. asherwiin's Avatar
    And all things being equal and as easy to crack, why is the DOD using BlackBerry?

    BlackBerry's contract with Pentagon marks a big win for the company, new system, 98% will be BlackBerrys - BlackBerry Empire

    Posted via CB10
    It's a secure platform for the DOD - because only they have the key to the backdoor. And the halo effect of the DOD endorsement is huge - 'if it is good enough for the DOD, then its good enough for me', which means may other countries and companies adopt the same technology, assuming it must be the most secure, but not realizing that the technology has been compromised from the very start.

    Which makes it easy for the NSA and others to spy on the supposedly secure information of anyone who has adopted the same technology with impunity.

    I bet those keys are stored in someplace to ultra-secure. Just wonder what encryption technology has been used to encrypt that data? :-)
    01-20-14 10:56 AM
  22. ray689's Avatar
    Are you trying to insinuate that after hearing about the DOD's intention to convert almost their entire mobile portfolio to Blackberry, The Globe and Mail wanted to undermine this decision by writing an article such as the one linked in this thread? C'mon, really?

    Edit: To be honest, I'm not even sure if your information regarding the DOD's intentions regarding its mobile portfolio is true, but the fact of the matter is that what you said makes little sense.
    Unfortunately if you have followed the ongoings with BlackBerry over the last couple years, you will see a trend with bad news and bash articles following any sort of good news. And I'm not saying the Globe and Mail wrote this to undermine the DOD decision (if in fact those rumors are true).
    Many people in great positions of power and influence (many who are short on bb) stand to lose a lot if Blackberry were to make a comeback and market rally. Likely the same people who have influence over what articles and stories are pushed in the media. Call it a conspiracy theory if you want but if you don't believe that stuff happens all the time then you are very naive my friend. Do some research and you will find out that it's a small hand full of people in the US who control over 80% of the media. It's not hard to influence the masses when this is the case.


    Posted via CB10
    01-20-14 10:56 AM
  23. ray689's Avatar
    It's a secure platform for the DOD - because only they have the key to the backdoor. And the halo effect of the DOD endorsement is huge - 'if it is good enough for the DOD, then its good enough for me', which means may other countries and companies adopt the same technology, not realizing that the technology has been compromised from the very start.
    I understand what you are saying and I won't say this isn't true. My previous post about things not adding up was more referring to the timing of this breaking news. Why only days after some good news? I'm questioning the motive of the timing more than the motive of the article itself.

    Posted via CB10
    01-20-14 10:58 AM
  24. avt123's Avatar
    I'd love to hear an official statement from BlackBerry about this. I expect this thread to get really interesting.
    01-20-14 11:02 AM
  25. Tre Lawrence's Avatar
    I'd love to hear an official statement from BlackBerry about this. I expect this thread to get really interesting.
    A statement would be nice.
    KoreyTM likes this.
    01-20-14 11:12 AM
106 123 ...

Similar Threads

  1. Replies: 19
    Last Post: 07-16-14, 01:23 PM
  2. Can't open links or even Browser on my Bold 9900
    By ummusabbar in forum BlackBerry Bold 9930/9900
    Replies: 3
    Last Post: 01-21-14, 01:23 PM
  3. BB 10 and Corporate contact details
    By smguy7 in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 01-20-14, 06:02 PM
  4. Vector 27: Top tech trends of 2014!
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 01-20-14, 05:30 PM
  5. Replies: 6
    Last Post: 01-20-14, 03:04 PM
LINK TO POST COPIED TO CLIPBOARD