# NSA 'Speck' in Linux Kernel 4.17: Big question?

## kkinkouu

Hey Guys,

What's this all about   :Shocked: 

# NSA 'Speck' in Linux Kernel 4.17

- https://www.youtube.com/watch?v=YI2V5h7KYN4

Am I being paranoid? If I'm not, can this module be "completely" removed? 

What's the kernel path to this module as well? Thanks!

Kinkou

PS - This probably need's to be in Kernel sectionLast edited by kkinkouu on Sun Sep 30, 2018 1:26 am; edited 1 time in total

----------

## kkinkouu

https://packages.gentoo.org/packages/sys-kernel/gentoo-sources

I've had a look at gentoo sources when it comes to the kernel..... 

However looking into this a little bit: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.17

Is this something i should be worried about? or is this nonsense?

Kinkou

----------

## pjp

 *kkinkouu wrote:*   

> PS - This probably need's to be in Kernel section

  Moved, though either place is fine.

 *kkinkouu wrote:*   

> Am I being paranoid?

  Unless you have a reason to believe you're being targeted by state level actors, then yes. But I'm not suggesting you shouldn't try to disable or remove it.

I have no idea who the youtube personality is, but the title of the reddit thread indicates it is an "NSA Encryption Algorithm." That sounds optional, especially if it is new, although I don't know with certainty. FYI, SELinux originated with the NSA.

EDIT:

This looks interesting from 3 months ago. Includes a TL;DR.

https://www.reddit.com/r/linux/comments/8oqb2u/linux_417_supporting_speck_a_controversial_crypto/

EDIT 2:

Appears that it is being removed, though I have confirmed which kernel.

https://lkml.org/lkml/2018/9/4/122

----------

## NeddySeagoon

kkinkouu,

Just because you are paranoid does not mean they are not out to get you.

```
>  arch/arm/crypto/Kconfig               |   6 -

>  arch/arm/crypto/Makefile              |   2 -

>  arch/arm/crypto/speck-neon-core.S     | 434 ---------------

>  arch/arm/crypto/speck-neon-glue.c     | 288 ----------

>  arch/arm64/crypto/Kconfig             |   6 -

>  arch/arm64/crypto/Makefile            |   3 -

>  arch/arm64/crypto/speck-neon-core.S   | 352 ------------

>  arch/arm64/crypto/speck-neon-glue.c   | 282 ----------

>  arch/m68k/configs/amiga_defconfig     |   1 -

>  arch/m68k/configs/apollo_defconfig    |   1 -

>  arch/m68k/configs/atari_defconfig     |   1 -

>  arch/m68k/configs/bvme6000_defconfig  |   1 -

>  arch/m68k/configs/hp300_defconfig     |   1 -

>  arch/m68k/configs/mac_defconfig       |   1 -

>  arch/m68k/configs/multi_defconfig     |   1 -

>  arch/m68k/configs/mvme147_defconfig   |   1 -

>  arch/m68k/configs/mvme16x_defconfig   |   1 -

>  arch/m68k/configs/q40_defconfig       |   1 -

>  arch/m68k/configs/sun3_defconfig      |   1 -

>  arch/m68k/configs/sun3x_defconfig     |   1 -

>  arch/s390/defconfig                   |   1 -
```

More seriously, spec was never an option on x86, look at the arch list above.

----------

## Tony0945

 *NeddySeagoon wrote:*   

> More seriously, spec was never an option on x86, look at the arch list above.

 

Makes sense. They are targeting cell phones.

----------

## NeddySeagoon

Tony0945,

I'm not aware of cell phones using m68k or s390 CPUs buut the arm stuff, maybe.

----------

## kkinkouu

Hey NeddySeagoon,

Awesome thanks for the quick update. I'll have a look at what you've found.....

I just can't help being paranoid when it comes to the Government and the National Security Agencies..... They've lied so may times over the past decade & been caught out.... It's caused me to lose all trust in them.... 

Sorry for the late reply, haven't been near my PC for a couple of days  :Smile: 

Kkinkouu

----------

## Ant P.

If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right?

----------

## Zucca

 *Ant P. wrote:*   

> If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right?

 My thoughts, exactly.

But isn't there alternatives for SELinux? AppArmor?

----------

## proteusx

News of the inclusion of an encryption algorithm from the NSA into the kernel sounds like an April Fool's Day prank.

----------

## 1clue

 *Zucca wrote:*   

>  *Ant P. wrote:*   If you don't like it then disable it in kconfig and move on. Just like you've been doing with NSA SELinux all this time, right? My thoughts, exactly.
> 
> But isn't there alternatives for SELinux? AppArmor?

 

SELinux is much more developed. Although I don't know if it's going to be relevant much longer as they have stopped releasing their kernel to the public.

I used SELinux until a few months after they stopped updating newer kernels, and I wanted some of the features in newer kernels.

----------

## Zucca

 *1clue wrote:*   

> SELinux is much more developed. Although I don't know if it's going to be relevant much longer as they have stopped releasing their kernel to the public.

 So they went GRsec route?

----------

## proteusx

Our sys-kernel/gentoo-sources should include a patch to:

```
find -iname "*speck*" -exec rm {} \;
```

And get rid of their damn NSA spyware.

The linux kernel should be no place for such hanky-pankying.

Now that Torvalds has gone we should expect more and more of this nonsense.

----------

## pjp

Split of the non-technical discussion: NSA 'Speck' in Linux Kernel (non-technical).

----------

## 1clue

 *proteusx wrote:*   

> Our sys-kernel/gentoo-sources should include a patch to:
> 
> ```
> find -iname "*speck*" -exec rm {} \;
> ```
> ...

 

Or, you as a user could type the line in on your kernel when you download new sources.

Gentoo is about choice. Some people might want that code in there, on the off chance it actually does what they say, and the user needs the functionality.

----------

## Ant P.

 *proteusx wrote:*   

> Now that Torvalds has gone we should expect more and more of this nonsense.

 

Yes, I've seen a sharp uptick in hysterical nonsense in the past few weeks. Torvalds had nothing to do with getting the code removed, FYI. That was mostly zx2c4's work.

----------

