nVidia FBI Backdoor – What The Hell?

So apparently this is making its way around the net that Templar is some backdoor in nVidia GPUs that lets the FBI in or some such thing.

I went ahead and downloaded it (as it is potentially malicious or illegal I will not be linking it) and I see nothing “backdoorish” about this. It looks like it’s for RSA Encryption cracking (specifically bruteforcing, as in I see nothing showing it taking advantage of flaws.) A few .txt files reference prime number factoring and sieve. RSA is based on the principle that you it’s really difficult to do this type of math programatically so it just looks like this tries to do it via CUDA and sieve to speed things up.

Update: Skip To The Summary (at the end of the post)

And then I got to Red_Cross_Dress.txt

Templar is an NVIDIA CUDA implementation of the Pollard Rho factoring
method, and includes birthday attack optimizations collectively
referred to as a “reduction sieve” attack.

More details about RSA CUDA, confirming my suspicion. The code looks to do what the txt files are talking about, or at least nothing outright scary but I haven’t looked extensively at it, it’s 6:00AM and I’m too tired. Literally not one line so far has stood out as anything.

There are a lot of references to work done by Jason Papadopoulos and a few other crypto/ math people. A lot of references to optimizing it for CUDA. Absolutely nothing backdoor-ish.

Most of the code is stuff like:

/* find a GPU */

gpu_init(&gpu_config);
if (gpu_config.num_gpu == 0) {
printf(“error: no CUDA-enabled GPUs foundn”);
exit(-1);
}
if (which_gpu >= (uint32)gpu_config.num_gpu) {
printf(“error: GPU %u does not exist ”
“or is not CUDA-enabledn”, which_gpu);
exit(-1);

And then basically a ton of math like A^B -N blah blah blah crypto.

So, not a backdoor. I’m not sure where the FBI thing came from as I see no indication of their involvement or any government involvement (other than their involvement in creating the actual tool, not a backdoor, which I guess is possible.)

This particular attack method should prove effective against public key
encryption methods such as RSA and Diffie Helman, as well as ECDLP key
materials used within elliptical curve encryption methods. In addition,
it would also appear that this method of reducing input candidates can
also be used against the S-boxes of conventional block ciphers such as
DES/3DES and the AES, by analyzing each S-box mod 9 and then reducing
the possibilities for predecessor round S-boxes in this same fashion.

I guess that’s plenty scary. I’ll see if I can contact someone who knows crypto in depth tomorrow. I’ll update this post as I continue to look at the code/ .txt.

If it is actually a backdoor for nvidia I guess it’s masquerading as an RSA cracker but, again, I’ve seen nothing to suggest this. I’m actually pretty sure Templar is a tool already out there.

Update:

It seems the source is http://cryptome.org

FBI Backdoor: Templar NVIDIA GPU Factoring Suite March 29, 2012
 with the attached .zip.
Someone then pastebinned (or some such thing) a message essentially stating “omg im not downloading this but its a backdoor TELL EVERYONE”
Other sites and twitter tweets have picked up the story and linked to the zip archive.

But, what is inside?

No one seems to know or wants to blog/tweet/talk about it on discussion forums, searching the web only reveals links to cryptome's url for the zip archive.

I'm not downloading the zip, but I'd like to know what is inside. Is this a separate program offered by NVidia, a hardware or firmware exploit?

What?

Please begin posting to blogs and discussion forums indexed by Google and other search engines, what this mystery zip archive contains!

Is anybody reading this?
 Summary
This RSA cracking tool Templar is being labeled a backdoor even though it doesn’t exploit any flaws in the encryption or any flaws in any system. I see no evidence of it being FBI driven but I wouldn’t even be remotely surprised as both the FBI and NSA are pretty publicly interested in this type of thing.
Yes, it’s creepy that the tool exists. No, it’s not a backdoor. When people say “backdoor” everyone thinks built in vulnerabilities. The evidence of this being a dozen posts/ tweets about it that I’ve read looking for information that amounted to “The FBI put a backdoor in nVidia” when this does not appear to be true, at least not with the code presented.

How To Create A Strong And Memorable Password

Tips For Creating A Secure Password:

A secure password has a few features: it’s easy for you to remember, hard for a hacker to guess, and too complicated/ long to bruteforce.

A good password will have at least one of each of these: lower case letter, upper case letter, number, symbol. This guide will explain how to create a strong password that’s easy to remember and duplicate for various services.

Your password should be at least 12 characters long. Anything “mission critical” (as in the government is after the nuclear codes that you stole) should be at least 14 characters. Some people recommend 20 characters, this isn’t really necessary unless you can’t verify the crypto behind the password security.

A horrible password for anyone would be “password123” as it’s the first thing any attacker will try. It’s got a single word, which means it’s highly susceptible to a dictionary attack, and merely 3 numbers. It’s also only 11 characters, which isn’t awful but for protecting critical data it should be key.

A bad password for me would be “insanitybit12345!?” as an attacker might guess that I’d use my username as a password. At that point they only need to bruteforce 12345!? and they’ll likely do the ‘12345’ anyways.

A good password for me would be “CatBike92391(!” as it has 14 characters, two words, a friends birthday (not my own, just some random friend from years ago) and two random symbols.

A great password for me would be “AwfulCatBike92391(@#(!(!” as it has 24 characters, three unrelated words, an old friends birthday, their birthday typed while holding shift, and two random symbols. This password is beyond overkill, I suggest you stick to a password closer to 12-14 characters unless you can’t confirm that the crypto behind what your entering the password into is secure (like an online service.)

A bad, but ‘strong’ password would be “a%f!1234BZV245NDF!#$?;;z<qortQERG” as it has over 30 characters, all ‘random’, but there’s no way in hell I’ll remember it and I’ll be pissed off every time I spend the time typing it out just to retype it because I forgot a letter. If I were an inexperienced user I’d end up writing it on paper, which is horrible.

Remembering even my incredibly long AwfulCatBike92391(@#(!(! is simple. You just need to remember 3 words, 1 birthday, and two random symbols. That’s 5 things to remember, it’s nothing. It’s like remembering “party” is your password or any other 5 letter word.

Keep in mind that the equation for password combinations is (character set! ^ length!) so simply by adding one of each character set (a, B, 3, $) you improve the security of your password by a massive amount.

I’m also using “AwfulCat” and not “Gorillas” – even though they are both the same length “Gorillas”  is actually much less secure because it is one word. The difference is very large when you consider dictionary attacks and how they work. Stringing two unrelated words will be much more secure than one long word.

TIP: You can create multiple strong passwords very easily.

Let’s take our AwfulCatBike92391(@#(!(! example.

Maybe that’s my email password for GMail and now I want a strong Hotmail password. I’ll simply change AwfulCatBike92391(@#(!(! to:

SuperDogCar71488&!$**%$. I’ve changed “Awful” to “Super”, “Cat” to “Dog”, and “Bike” to “Car.” Anyone who got a 200 or above on their SATs should be able to understand the relations here. I also picked another friends birthday and another two random symbols. So now we have a very different password that’s just as secure as the last and it won’t be difficult to remember both because they’re similar in terms of semantics..

Other examples might be:

GreatEmuTruck52090%&()$# or EvilRabbitJeep41794$!&(%*%

Its simple. Though, again, I think that these passwords are overkill and something more like the 14 character example is ample.