Re: Tor exit nodes

[Florian Weimer <fw@deneb.enyo.de>]

* Adam Borowski:

> On Mon, Oct 09, 2017 at 09:34:28PM +0500, Andrey Rahmatullin wrote:
>> On Mon, Oct 09, 2017 at 06:13:02PM +0200, Adam Borowski wrote:
>> > > * The Yubikey 4 seems to be the best hardware option. It's not free
>> > >   hardware, however. I'm OK with that for my own use, and I'd be OK
>> > >   for that for Debian's use. But before Debian spends money on that,
>> > >   we should have consensus that it's OK. I'm also OK for Debian to
>> > >   choose an option with free-er hardware, but have no personal
>> > >   experience with those.
>> > 
>> > Let's discuss the threat model.  If I would be a three letter agency, I'd
>> > order Yubico (there's so many ways to force a company to do something) to
>> > introduce a backdoor: when a secret handshake (cryptographically signed :p)
>> > is entered, the keycard spills its storage.  This can be programmed into the
>> > kit low-paid goons on the border have, and instruct them to apply to all
>> > storage devices they search on a person.  Such an instruction is already a
>> > part of their orders, thus no knowledge or skills on the side of the goons
>> > are required.  Your secret key will then stay on file, without you being
>> > aware of this.
>> Is it really specific to the non-free hardware?
>
> A free piece of hardware+software will have no such backdoor.

Most of the free software cryptographic libraries (by project count,
not market share) had or still have a bug where errors in the
implementation of integer arithmetic would occasionally disclose RSA
private keys, and many of them actually had arithmetic bugs which
could trigger these key leaks in practice (maybe with rather low
priority, but still).  In some cases, this concerned projects where
the source code has been available publicly for ten years or more.

Even if these bugs grew organically, I don't think source code
availability says anything about the presence of backdoors.