View previous topic :: View next topic |
Author |
Message |
kkinkouu Tux's lil' helper
Joined: 17 Aug 2015 Posts: 95 Location: United Kingdom
|
Posted: Sun Sep 30, 2018 12:53 am Post subject: NSA 'Speck' in Linux Kernel 4.17: Big question? |
|
|
Hey Guys,
What's this all about
# NSA 'Speck' in Linux Kernel 4.17
- https://www.youtube.com/watch?v=YI2V5h7KYN4
Am I being paranoid? If I'm not, can this module be "completely" removed?
What's the kernel path to this module as well? Thanks!
Kinkou
PS - This probably need's to be in Kernel section
Last edited by kkinkouu on Sun Sep 30, 2018 1:26 am; edited 1 time in total |
|
Back to top |
|
|
kkinkouu Tux's lil' helper
Joined: 17 Aug 2015 Posts: 95 Location: United Kingdom
|
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Sep 30, 2018 3:22 am Post subject: Re: NSA 'Speck' in Linux Kernel 4.17: Big question? |
|
|
kkinkouu wrote: | PS - This probably need's to be in Kernel section | Moved, though either place is fine.
kkinkouu wrote: | Am I being paranoid? | Unless you have a reason to believe you're being targeted by state level actors, then yes. But I'm not suggesting you shouldn't try to disable or remove it.
I have no idea who the youtube personality is, but the title of the reddit thread indicates it is an "NSA Encryption Algorithm." That sounds optional, especially if it is new, although I don't know with certainty. FYI, SELinux originated with the NSA.
EDIT:
This looks interesting from 3 months ago. Includes a TL;DR.
https://www.reddit.com/r/linux/comments/8oqb2u/linux_417_supporting_speck_a_controversial_crypto/
EDIT 2:
Appears that it is being removed, though I have confirmed which kernel.
https://lkml.org/lkml/2018/9/4/122 _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54214 Location: 56N 3W
|
Posted: Sun Sep 30, 2018 1:42 pm Post subject: |
|
|
kkinkouu,
Just because you are paranoid does not mean they are not out to get you.
Code: | > arch/arm/crypto/Kconfig | 6 -
> arch/arm/crypto/Makefile | 2 -
> arch/arm/crypto/speck-neon-core.S | 434 ---------------
> arch/arm/crypto/speck-neon-glue.c | 288 ----------
> arch/arm64/crypto/Kconfig | 6 -
> arch/arm64/crypto/Makefile | 3 -
> arch/arm64/crypto/speck-neon-core.S | 352 ------------
> arch/arm64/crypto/speck-neon-glue.c | 282 ----------
> arch/m68k/configs/amiga_defconfig | 1 -
> arch/m68k/configs/apollo_defconfig | 1 -
> arch/m68k/configs/atari_defconfig | 1 -
> arch/m68k/configs/bvme6000_defconfig | 1 -
> arch/m68k/configs/hp300_defconfig | 1 -
> arch/m68k/configs/mac_defconfig | 1 -
> arch/m68k/configs/multi_defconfig | 1 -
> arch/m68k/configs/mvme147_defconfig | 1 -
> arch/m68k/configs/mvme16x_defconfig | 1 -
> arch/m68k/configs/q40_defconfig | 1 -
> arch/m68k/configs/sun3_defconfig | 1 -
> arch/m68k/configs/sun3x_defconfig | 1 -
> arch/s390/defconfig | 1 - |
More seriously, spec was never an option on x86, look at the arch list above. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sun Sep 30, 2018 2:58 pm Post subject: |
|
|
NeddySeagoon wrote: | More seriously, spec was never an option on x86, look at the arch list above. |
Makes sense. They are targeting cell phones. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54214 Location: 56N 3W
|
Posted: Sun Sep 30, 2018 3:02 pm Post subject: |
|
|
Tony0945,
I'm not aware of cell phones using m68k or s390 CPUs buut the arm stuff, maybe. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
kkinkouu Tux's lil' helper
Joined: 17 Aug 2015 Posts: 95 Location: United Kingdom
|
Posted: Mon Oct 01, 2018 10:55 am Post subject: |
|
|
Hey NeddySeagoon,
Awesome thanks for the quick update. I'll have a look at what you've found.....
I just can't help being paranoid when it comes to the Government and the National Security Agencies..... They've lied so may times over the past decade & been caught out.... It's caused me to lose all trust in them....
Sorry for the late reply, haven't been near my PC for a couple of days
Kkinkouu |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Mon Oct 01, 2018 3:59 pm Post subject: |
|
|
If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right? |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3337 Location: Rasi, Finland
|
Posted: Mon Oct 01, 2018 5:41 pm Post subject: |
|
|
Ant P. wrote: | If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right? | My thoughts, exactly.
But isn't there alternatives for SELinux? AppArmor? _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
proteusx Guru
Joined: 21 Jan 2008 Posts: 338
|
Posted: Mon Oct 01, 2018 6:03 pm Post subject: |
|
|
News of the inclusion of an encryption algorithm from the NSA into the kernel sounds like an April Fool's Day prank. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Mon Oct 01, 2018 6:33 pm Post subject: |
|
|
Zucca wrote: | Ant P. wrote: | If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right? | My thoughts, exactly.
But isn't there alternatives for SELinux? AppArmor? |
SELinux is much more developed. Although I don't know if it's going to be relevant much longer as they have stopped releasing their kernel to the public.
I used SELinux until a few months after they stopped updating newer kernels, and I wanted some of the features in newer kernels. |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3337 Location: Rasi, Finland
|
Posted: Mon Oct 01, 2018 7:34 pm Post subject: |
|
|
1clue wrote: | SELinux is much more developed. Although I don't know if it's going to be relevant much longer as they have stopped releasing their kernel to the public. | So they went GRsec route? _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
proteusx Guru
Joined: 21 Jan 2008 Posts: 338
|
Posted: Tue Oct 02, 2018 2:56 pm Post subject: |
|
|
Our sys-kernel/gentoo-sources should include a patch to:
Code: | find -iname "*speck*" -exec rm {} \; |
And get rid of their damn NSA spyware.
The linux kernel should be no place for such hanky-pankying.
Now that Torvalds has gone we should expect more and more of this nonsense. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Tue Oct 02, 2018 10:49 pm Post subject: |
|
|
proteusx wrote: | Our sys-kernel/gentoo-sources should include a patch to:
Code: | find -iname "*speck*" -exec rm {} \; |
And get rid of their damn NSA spyware.
The linux kernel should be no place for such hanky-pankying.
Now that Torvalds has gone we should expect more and more of this nonsense. |
Or, you as a user could type the line in on your kernel when you download new sources.
Gentoo is about choice. Some people might want that code in there, on the off chance it actually does what they say, and the user needs the functionality. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Wed Oct 03, 2018 5:15 pm Post subject: |
|
|
proteusx wrote: | Now that Torvalds has gone we should expect more and more of this nonsense. |
Yes, I've seen a sharp uptick in hysterical nonsense in the past few weeks. Torvalds had nothing to do with getting the code removed, FYI. That was mostly zx2c4's work. |
|
Back to top |
|
|
|