Skip to main content

NSA-Designed Speck Algorithm to Be Removed From Linux 4.20

The NSA-designed Speck encryption algorithm will be removed from version 4.20 of the Linux kernel, after just recently being added to the Linux kernel version 4.17 in June. The move comes after the International Standards Organization (ISO) rejected two of NSA’s cryptographic designs, Simon and Speck, on the basis of not being trustworthy.

How Speck Got Into Linux

Even though ISO rejected Speck months before the Linux kernel 4.17 was finished, the algorithm still landed in the kernel due primarily to Google's backing. The company said it wanted to use the Speck algorithm on Android Go devices that lacked AES encryption instructions, which come with the newer ARMv8 chips. In the developing markets, smartphone companies continue to sell sub-$100 phones with ARMv7 chips and no additional crypto processor.

It seems Google thought that the performance benefit of Speck outweighed the fact that it didn't have the same security guarantees as AES. In the cryptography world it’s often thought that choosing performance over a stronger and more secure algorithm is a bad idea. This is especially true when those algorithms get to live on the devices for many years, thus increasing the chances that the encryption that was weak from the start will be broken faster.

XChaCha - Faster and More Secure Than Speck

Google eventually chose to use the XChaCha algorithm for default storage encryption on lower-end Android smartphones. XChaCha is significantly faster than AES in software, but not quite as fast compared to hardware-accelerated AES encryption. The XChaCha algorithm is not completely new to Google, as the company had already implemented the original version of this algorithm, called ChaCha, in the Chrome browser as a fallback for devices that didn’t support AES crypto accelerators. 

The XChaCha algorithm will be used in a construction called HPolyC. According to a Google engineer, this construction is actually faster than the Speck implementation. This makes one wonder why Google was in such a hurry to enable NSA's Speck in low-end smartphones sold in developing countries, when it could have looked to ChaCha from the beginning. ChaCha is a much more reputable and audited algorithm, it has the same security level as AES (unlike Speck), and as it turns out, it even beats Speck's supposedly superior performance.

Why Speck Was Rejected By ISO

Both of the NSA-designed Speck and Simon algorithms were rejected by ISO because the NSA refused to provide certain technical details about their designs or answer certain questions about them. This is what ultimately led ISO to reject them as untrustworthy.

This wouldn’t be the first time the NSA had attempted to get software or hardware providers to include weakened or backdoored cryptographic algorithms in their products. In the 1990’s the NSA tried to get all device makers to adopt the “Clipper Chip,” a crypto processor with a backdoor for the NSA, as well as forced browser vendors and other software providers to use weak encryption protocols via export restrictions and other government rules. Dan Bernstein, the inventor of the ChaCha algorithm that Google has now chosen for its low-end devices, was actually the one to sue the government and get those export restrictions on encryption invalidated.

Even though the Speck algorithm will be removed from the next version of the Linux kernel (4.20), it will continue to live within kernel versions 4.17, 4.18, and 4.19. Those who run systems using these kernels will need to check whether or not their default storage encryption uses the Speck algorithm or not to be sure.

  • bobba84
    The war against encryption is lost. They need to get with the times.
    Reply
  • CKKwan
    Putin and Xi did this!!!!
    Reply
  • stdragon
    Good! I trust NO Governmental agency, and I bow before no man! Doesn't matter the nationality from which back-doors have spawned from.

    Reply
  • Integr8d
    21294700 said:
    Good! I trust NO Governmental agency, and I bow before no man! Doesn't matter the nationality from which back-doors have spawned from.

    Okay there, Riddick. When the Necromongers come, we'll be glad to have you around.
    Reply
  • caustin582
    I wonder what the NSA was thinking here. They have no real leverage on the issue and the public is already highly skeptical of everything they do. It blows my mind that Google successfully advocated for them in the first place.
    Reply
  • stdragon
    21296250 said:
    I wonder what the NSA was thinking here. They have no real leverage on the issue and the public is already highly skeptical of everything they do. It blows my mind that Google successfully advocated for them in the first place.

    In a democracy, elected officials are custodians of the will of the people. Meaning, they work for the electorate while still having the autonomy to govern without micromanagement by the people. However, the NSA works for government, and not the electorate directly.

    What's happening here is that at least at the Federal Gov level, the primary goal of the agency (NSA) is to follow a mission and its directives as instructed by the elected officials. And if that means colluding with them, or other nations against the electorate, so be it.

    Think of the NSA like an untamed wild beast. While it often ignores you and provides mutual protection from time to time against nations of aggression, if required, it would not hesitate to turn on you also.
    Reply
  • caustin582
    21296443 said:
    21296250 said:
    I wonder what the NSA was thinking here. They have no real leverage on the issue and the public is already highly skeptical of everything they do. It blows my mind that Google successfully advocated for them in the first place.

    In a democracy, elected officials are custodians of the will of the people. Meaning, they work for the electorate while still having the autonomy to govern without micromanagement by the people. However, the NSA works for government, and not the electorate directly.

    What's happening here is that at least at the Federal Gov level, the primary goal of the agency (NSA) is to follow a mission and its directives as instructed by the elected officials. And if that means colluding with them, or other nations against the electorate, so be it.

    Think of the NSA like an untamed wild beast. While it often ignores you and provides mutual protection from time to time against nations of aggression, if required, it would not hesitate to turn on you also.

    I'm not confused about their intentions. I'm confused about their strategy.
    Reply
  • stdragon
    21297162 said:

    I'm not confused about their intentions. I'm confused about their strategy.

    They have no strategy. They take objective orders from their higher ups and execute accordingly to accomplish the goal as requested.

    As to the technical methodologies they use, well that's another matter entirely.
    Reply
  • shrapnel_indie
    21294185 said:
    Putin and Xi did this!!!!

    No, Putin and Xi didn't do this.... the U.S. Gov't did it. It isn't the foreign Govts that are the reason. It's they want to know our private business... and make sure we are being sheeple.
    Reply
  • shrapnel_indie
    21297162 said:
    21296443 said:
    21296250 said:
    I wonder what the NSA was thinking here. They have no real leverage on the issue and the public is already highly skeptical of everything they do. It blows my mind that Google successfully advocated for them in the first place.

    In a democracy, elected officials are custodians of the will of the people. Meaning, they work for the electorate while still having the autonomy to govern without micromanagement by the people. However, the NSA works for government, and not the electorate directly.

    What's happening here is that at least at the Federal Gov level, the primary goal of the agency (NSA) is to follow a mission and its directives as instructed by the elected officials. And if that means colluding with them, or other nations against the electorate, so be it.

    Think of the NSA like an untamed wild beast. While it often ignores you and provides mutual protection from time to time against nations of aggression, if required, it would not hesitate to turn on you also.

    I'm not confused about their intentions. I'm confused about their strategy.

    Simple enough. Google was probably subsidized a stipend to push for their highly questionable security algorithm with its hidden elements.
    Reply