Part 2: Cryptography vs. Big Brother: How Math Became a Weapon Against Tyranny - YouTube

Karl gmkarl at gmail.com
Fri Oct 16 11:35:02 PDT 2020


On Fri, Oct 16, 2020, 1:38 PM Zenaan Harkness <zen at freedbms.net> wrote:

> On Fri, Oct 16, 2020 at 04:19:53PM +0000, coderman wrote:
> >
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Thursday, October 15, 2020 11:04 PM, <jamesd at echeque.com> wrote:
> > ...
> > > StrongSwan uses NSA approved standards. Wireguard uses no NSA
> > > standards, relying instead entirely on standards approved by Jon Callas
> > > as unelected president for life of symmetric cryptography and Daniel
> > > Bernstein as God King of asymmetric cryptography.
> > >
> > > So, do you oppose us using Wireguard to avoid exposing ips associated
> > > with the physical address where the state can find people to beat up?
> >
> >
> > Wireguard uses entropy instructions like RDRAND directly, with no
> mixing. Even BSD and Linux know this is a bad idea.
> >
> >
> https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/
> >
> > """
> > As it turns out, WireGuard relies on RDRAND (when available) to generate
> new session IDs. The session IDs need to be unique, and WireGuard wants
> them not to be simple consecutive integers, so it pulls a pseudorandom
> value from RDRAND, compares it against its existing session ID list to make
> sure there's no collision, then assigns it to the session.
> >
> > Read that last part again carefully—it makes sure there's no collision
> first. If an existing session has the same ID as the new number, WireGuard
> asks RDRAND for another "random" number, checks it for uniqueness, and so
> on. Since RDRAND on my system—and any non-microcode-updated Ryzen 3000
> system—always returned 0xFFFFFFFF no matter what, that means infinite loop.
> Infinite loops in kernel code are bad; they introduce you to the value of
> the hardware reset button in a hurry.
> > """
> >
> > at least wireguard is fast? :P
>
>
> HA!
>
> That is fire trucking hysterical muh grits.  Thanks coderman, important to
> know.
>
> Anyone know if Debian/ Fedora/ Ubuntu patch this underminer away?  Not
> that I've used wireguard yet..
>

When sysinternals made a rootkit checker that compared windows API calls to
raw block device contents, they were purchased by Microsoft and stopped
releasing tools.

This attribute in wireguard that also evades a security-critical,
commonly-used, rootkit-changeable API call sounds easy to fix to work on
all systems (I wonder if it has been), and would pressure systems to be
more secure if it notifies the user of the situation.

>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3482 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20201016/5759412b/attachment.txt>


More information about the cypherpunks mailing list