Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
NSA 'Speck' in Linux Kernel 4.17: Big question?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
kkinkouu
Tux's lil' helper
Tux's lil' helper


Joined: 17 Aug 2015
Posts: 89
Location: United Kingdom

PostPosted: Sun Sep 30, 2018 12:53 am    Post subject: NSA 'Speck' in Linux Kernel 4.17: Big question? Reply with quote

Hey Guys,

What's this all about 8O

# NSA 'Speck' in Linux Kernel 4.17
- https://www.youtube.com/watch?v=YI2V5h7KYN4

Am I being paranoid? If I'm not, can this module be "completely" removed?

What's the kernel path to this module as well? Thanks!

Kinkou

PS - This probably need's to be in Kernel section


Last edited by kkinkouu on Sun Sep 30, 2018 1:26 am; edited 1 time in total
Back to top
View user's profile Send private message
kkinkouu
Tux's lil' helper
Tux's lil' helper


Joined: 17 Aug 2015
Posts: 89
Location: United Kingdom

PostPosted: Sun Sep 30, 2018 1:11 am    Post subject: Reply with quote

https://packages.gentoo.org/packages/sys-kernel/gentoo-sources

I've had a look at gentoo sources when it comes to the kernel.....

However looking into this a little bit: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.17

Is this something i should be worried about? or is this nonsense?

Kinkou
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17463

PostPosted: Sun Sep 30, 2018 3:22 am    Post subject: Re: NSA 'Speck' in Linux Kernel 4.17: Big question? Reply with quote

kkinkouu wrote:
PS - This probably need's to be in Kernel section
Moved, though either place is fine.


kkinkouu wrote:
Am I being paranoid?
Unless you have a reason to believe you're being targeted by state level actors, then yes. But I'm not suggesting you shouldn't try to disable or remove it.

I have no idea who the youtube personality is, but the title of the reddit thread indicates it is an "NSA Encryption Algorithm." That sounds optional, especially if it is new, although I don't know with certainty. FYI, SELinux originated with the NSA.

EDIT:

This looks interesting from 3 months ago. Includes a TL;DR.

https://www.reddit.com/r/linux/comments/8oqb2u/linux_417_supporting_speck_a_controversial_crypto/

EDIT 2:

Appears that it is being removed, though I have confirmed which kernel.

https://lkml.org/lkml/2018/9/4/122
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 41575
Location: 56N 3W

PostPosted: Sun Sep 30, 2018 1:42 pm    Post subject: Reply with quote

kkinkouu,

Just because you are paranoid does not mean they are not out to get you.
Code:
>  arch/arm/crypto/Kconfig               |   6 -
>  arch/arm/crypto/Makefile              |   2 -
>  arch/arm/crypto/speck-neon-core.S     | 434 ---------------
>  arch/arm/crypto/speck-neon-glue.c     | 288 ----------
>  arch/arm64/crypto/Kconfig             |   6 -
>  arch/arm64/crypto/Makefile            |   3 -
>  arch/arm64/crypto/speck-neon-core.S   | 352 ------------
>  arch/arm64/crypto/speck-neon-glue.c   | 282 ----------
>  arch/m68k/configs/amiga_defconfig     |   1 -
>  arch/m68k/configs/apollo_defconfig    |   1 -
>  arch/m68k/configs/atari_defconfig     |   1 -
>  arch/m68k/configs/bvme6000_defconfig  |   1 -
>  arch/m68k/configs/hp300_defconfig     |   1 -
>  arch/m68k/configs/mac_defconfig       |   1 -
>  arch/m68k/configs/multi_defconfig     |   1 -
>  arch/m68k/configs/mvme147_defconfig   |   1 -
>  arch/m68k/configs/mvme16x_defconfig   |   1 -
>  arch/m68k/configs/q40_defconfig       |   1 -
>  arch/m68k/configs/sun3_defconfig      |   1 -
>  arch/m68k/configs/sun3x_defconfig     |   1 -
>  arch/s390/defconfig                   |   1 -


More seriously, spec was never an option on x86, look at the arch list above.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2655
Location: Illinois, USA

PostPosted: Sun Sep 30, 2018 2:58 pm    Post subject: Reply with quote

NeddySeagoon wrote:
More seriously, spec was never an option on x86, look at the arch list above.

Makes sense. They are targeting cell phones.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 41575
Location: 56N 3W

PostPosted: Sun Sep 30, 2018 3:02 pm    Post subject: Reply with quote

Tony0945,

I'm not aware of cell phones using m68k or s390 CPUs buut the arm stuff, maybe.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
kkinkouu
Tux's lil' helper
Tux's lil' helper


Joined: 17 Aug 2015
Posts: 89
Location: United Kingdom

PostPosted: Mon Oct 01, 2018 10:55 am    Post subject: Reply with quote

Hey NeddySeagoon,

Awesome thanks for the quick update. I'll have a look at what you've found.....

I just can't help being paranoid when it comes to the Government and the National Security Agencies..... They've lied so may times over the past decade & been caught out.... It's caused me to lose all trust in them....

Sorry for the late reply, haven't been near my PC for a couple of days :-)

Kkinkouu
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5290

PostPosted: Mon Oct 01, 2018 3:59 pm    Post subject: Reply with quote

If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right?
Back to top
View user's profile Send private message
Zucca
Veteran
Veteran


Joined: 14 Jun 2007
Posts: 1373
Location: KUUSANKOSKI, Finland

PostPosted: Mon Oct 01, 2018 5:41 pm    Post subject: Reply with quote

Ant P. wrote:
If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right?
My thoughts, exactly.

But isn't there alternatives for SELinux? AppArmor?
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 207

PostPosted: Mon Oct 01, 2018 6:03 pm    Post subject: Reply with quote

News of the inclusion of an encryption algorithm from the NSA into the kernel sounds like an April Fool's Day prank.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2405

PostPosted: Mon Oct 01, 2018 6:33 pm    Post subject: Reply with quote

Zucca wrote:
Ant P. wrote:
If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right?
My thoughts, exactly.

But isn't there alternatives for SELinux? AppArmor?


SELinux is much more developed. Although I don't know if it's going to be relevant much longer as they have stopped releasing their kernel to the public.

I used SELinux until a few months after they stopped updating newer kernels, and I wanted some of the features in newer kernels.
_________________
You can't fix yourself by breaking someone else.
Back to top
View user's profile Send private message
Zucca
Veteran
Veteran


Joined: 14 Jun 2007
Posts: 1373
Location: KUUSANKOSKI, Finland

PostPosted: Mon Oct 01, 2018 7:34 pm    Post subject: Reply with quote

1clue wrote:
SELinux is much more developed. Although I don't know if it's going to be relevant much longer as they have stopped releasing their kernel to the public.
So they went GRsec route?
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 207

PostPosted: Tue Oct 02, 2018 2:56 pm    Post subject: Reply with quote

Our sys-kernel/gentoo-sources should include a patch to:
Code:
find -iname "*speck*" -exec rm {} \;

And get rid of their damn NSA spyware.
The linux kernel should be no place for such hanky-pankying.

Now that Torvalds has gone we should expect more and more of this nonsense.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17463

PostPosted: Tue Oct 02, 2018 6:05 pm    Post subject: Reply with quote

Split of the non-technical discussion: NSA 'Speck' in Linux Kernel (non-technical).
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2405

PostPosted: Tue Oct 02, 2018 10:49 pm    Post subject: Reply with quote

proteusx wrote:
Our sys-kernel/gentoo-sources should include a patch to:
Code:
find -iname "*speck*" -exec rm {} \;

And get rid of their damn NSA spyware.
The linux kernel should be no place for such hanky-pankying.

Now that Torvalds has gone we should expect more and more of this nonsense.


Or, you as a user could type the line in on your kernel when you download new sources.

Gentoo is about choice. Some people might want that code in there, on the off chance it actually does what they say, and the user needs the functionality.
_________________
You can't fix yourself by breaking someone else.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5290

PostPosted: Wed Oct 03, 2018 5:15 pm    Post subject: Reply with quote

proteusx wrote:
Now that Torvalds has gone we should expect more and more of this nonsense.

Yes, I've seen a sharp uptick in hysterical nonsense in the past few weeks. Torvalds had nothing to do with getting the code removed, FYI. That was mostly zx2c4's work.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum