[addenda] A Redaction Re-Visited: NSA Targeted ...

Rayzer Rayzer at riseup.net
Thu Jan 7 20:37:55 PST 2016 

For those too lazy to look it up here's some speculation from
Greenwald's IAMA October 31 2013.

https://www.reddit.com/r/IAmA/comments/1nisdy/were_glenn_greenwald_and_janine_gibson_of_the/ccj4rvw

Again, plain text and html:

While I do not know the name redacted in that report, the "VPN and Web
encryption devices" mentioned are most likely hardware SSL acceleration
appliances <http://en.wikipedia.org/wiki/SSL_acceleration>[1] , and due
to the sensitive nature of the backdoor being discussed, are probably in
chips fabricated by a US-based silicon designer using a US-located
silicon fabrication plant.

The reason for that is twofold; first, you don't want a foreign power
discovering your backdoor in a chip, and second, you don't want a
foreign power inserting their own backdoor.

The vendors <http://en.wikipedia.org/wiki/SSL_acceleration#Vendors>[2]
list in Wikipedia lists the following vendors of SSL appliances:

  * Barracuda Networks
  * Array Networks
  * CAI Networks
  * Cavium Networks (fabless semiconductor designer)
  * Cisco Systems
  * Citrix Systems
  * Cotendo
  * Coyote point systems
  * Crescendo Networks
  * Exinda
  * F5 Networks
  * Foundry Networks
  * Forum Systems
  * Freescale Semiconductor (fabless and fab-owning)
  * Hifn
  * IBM (fab-owning)
  * Interface Masters Technologies
  * jetNEXUS
  * Juniper Networks
  * Nortel Networks
  * Radware
  * Riverbed Technology
  * Strangeloop Networks
  * Sun Microsystems

Of those, the two names that stand out most are IBM (which is no
stranger to crippling encryption upon the demands of the NSA, with
fabrication plants throughout the world and the United States, but which
isn't significantly given to florid chip descriptors) and Freescale
Semiconductors - it is itself a large semiconductor fabricator, focused
on semiconductor fabrication, with foundries in Chandler, AZ and Oak
Hill, TX.

One not mentioned in that list is Broadcom, a semiconductor manufacturer
that is /fabless/, that is - it doesn't own any fabrication capability,
itself. It does, however, design a very large percentage of
communications chips used in the industry. Not finding a Broadcom chip
somewhere in a device is notable.

The redacted space is roughly twelve all-caps letters or sixteen
mixed-case letters in that font. If we could have someone identify
exactly which font was used, then we could experiment with chip names
from SSL acceleration device manifests, in that font, and see which fit
into the redacted space, possibly with the manufacturer's name in front
of the chip - for example, the Freescale SAHARA
<http://www.freescale.com/webapp/sps/site/overview.jsp?code=NETWORK_SECURITY_CRYPTOG>[3]
appears to fit nicely - and is touted as having configurable access
control to the random number generator and hashing functions on that
feature sheet linked - but is just one possibility. Another is the
PowerArchitecture™ from Mocana -formerly FreeScale
<https://mocana.com/partnerprog/freescale/selling_freescale_sca.pdf>[4] .

If I were in the position to lead a project to reverse-engineer the
possible name of the chip, I would:

  * Find out what the top five top-selling SSL acceleration device
    manufacturers in the world are;
  * get a list of their best-selling products;
  * Get parts manifests for each of their popular products, possibly
    from an electronics tear down research organisation;
  * Locate and name the crypto accelerator chips;
  * Determine who designed and fabricated those chips.
  * Get the name of the font used in the report in the imgur link;
  * Compose the name of each of those chips in that font at that pitch;
  * Do a little comparing.

/Edit/: OP is assuming that the report is listing /two, separate/ chips.
While that is /possible/, it is equally as likely that one variety or
species of chip is being named! i.e. /Intel Pentium chips/. There is
also no guarantee that the redacted text lists a florid,
marketing-friendly name, and may possibly be a code name internal to the
US intelligence community. These and other alternatives should not be
discounted.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5666 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160107/2822d5d2/attachment-0002.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160107/2822d5d2/attachment-0002.sig>

More information about the cypherpunks mailing list