N.S.A. Foils Much Internet Encryption

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
As if there wasn't enough spying news posted already today, this New York Times article is the cherry on the cake. Thanks to Red Falcon for the link.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
 

>GSXR<mrbusa

Weaksauce
Joined
Dec 13, 2005
Messages
121
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school. this is the new world and its not changing any time soon. just stay as safe as you can by not surfing to far into the unknown and go on with your day. as a citizen the worst that can happen is you bank information get hacked, its insured....get over it.
 

Azhar

Fixing stupid since 1972
Joined
Jan 9, 2001
Messages
18,876
Well if they weren't able to foil cybersecurity, they wouldn't be doing their job.
 

LeviathanZERO

Supreme [H]ardness
Joined
Dec 20, 2003
Messages
6,496
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school. this is the new world and its not changing any time soon. just stay as safe as you can by not surfing to far into the unknown and go on with your day. as a citizen the worst that can happen is you bank information get hacked, its insured....get over it.

That has never happened in the US.
School shootings are always, ALWAYS done by a student. Please show ONE example of suicide bombers in schools, in the US. Ridiculous notion that you would give your rights away to. Trustworthy people like the CIA and NSA, that break their own laws. You have gone completely mad if you trust those people. comedy.
 

/usr/sbin

Successfully Trolled by Megalith
Joined
Jul 18, 2010
Messages
3,927
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school. this is the new world and its not changing any time soon. just stay as safe as you can by not surfing to far into the unknown and go on with your day. as a citizen the worst that can happen is you bank information get hacked, its insured....get over it.

Yeah, who needs rights anyways!

:rolleyes:
 

/usr/sbin

Successfully Trolled by Megalith
Joined
Jul 18, 2010
Messages
3,927
If you use encryption, why do you use it?

For the same reason I lock my car or house door. My property is my property. it's not for public use. Intellectual Property rights have defined data as property and as such I consider my data my property. My property is mine, so I lock it up, data inclusive.
 

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,683
You think so? You have been missing out on news coverage for the last few years haven't you?

Just going out on a limb here, but I think he was referring to a terrorist going into a classroom and detonating a vest. Which has not happened on US soil.
 

8du8

Limp Gawd
Joined
Mar 28, 2011
Messages
298

TheArTcher

Limp Gawd
Joined
Dec 9, 2007
Messages
242
NSA data isn't used to catch terrorists. It is used to control people. Ever notice how our representatives in congress often vote against their convictions. That's because the NSA has dirt on everyone and the current regime uses it to manipulate the system.

The truth about the internet is in my signature.
 

Kueller

Supreme [H]ardness
Joined
Jun 19, 2001
Messages
5,983
Foil eh?

First: Get the message before it's encrypted
Outside: Crack encryption through mathematical or brute force attacks.
Inside: Get inside access to companies producing security software.
Last: Get the message after it's been decrypted by the recipient

Or am I confusing it with some other foil?
 

vengence

Level capped
Joined
Nov 7, 2007
Messages
18,471
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school. this is the new world and its not changing any time soon. just stay as safe as you can by not surfing to far into the unknown and go on with your day. as a citizen the worst that can happen is you bank information get hacked, its insured....get over it.

You have no idea how the real world works, do you? In the real world, people who are competent enough to plan and carry out terrorist attacks, do it. I mean lets face it, all of their spying totally kept us safe from the boston marthon bombing didn't it? Oh wait... that's right.. it didn't.

What does their unfettered access gain us? Unlimited, unending abuse. Let's take "Joe The Plumber" as an example as it's a very well documented case. A presidential candidate came to his neighborhood for a photo op. He asked the man a question, and the media picked up on it. Afterwards, 4 record databases were accessed illegally or against protocol. This is just the databases that are public and contain very little information.

If people are willing to risk their jobs and break the law to search people who just ask a presidential candidate a question, what would the same people do to the neighbor that pisses them off? What would the same type of people do who have access to tap their phones, or e-mail, or healthcare records?

That's just people who work at those places. It's completely inconcieveable that a president or any one else with major power would attempt to abuse their power. :rolleyes:
 

fairlane

Limp Gawd
Joined
Jun 18, 2004
Messages
297
I don't know about most people but I run all SSL 2048 bit keys. This is a .gov mandate up here in Canuckastan.

Did you read the article? They are basically saying they have ways to break SSL, so going from 1024 to 2048 wouldn't help. Additionally, if they have access to all the cert keys, again, it doesn't matter if you up the crypto, they can still decrypt your traffic.
 

DarkStar02

2[H]4U
Joined
Mar 1, 2006
Messages
2,138
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school. this is the new world and its not changing any time soon. just stay as safe as you can by not surfing to far into the unknown and go on with your day. as a citizen the worst that can happen is you bank information get hacked, its insured....get over it.

People like you are what's wrong with this country.
 

fairlane

Limp Gawd
Joined
Jun 18, 2004
Messages
297
If you use encryption, why do you use it?

Users use encryption to keep prying eyes that have no business looking at your bank statements, credit card numbers and using them for fraud. Businesses use them for the same reasons, and to protect their data from theft, trade secrets, proprietary information that associates trust. Your question is pretty vague so I will get pretty specific:

When I get asked that question in various forms as you are: "Why bother with using encryption if you have nothing to hide?" my response is "I have nothing to hide from people I trust".

So ask yourself, do you trust the NSA? The Director, James Clapper lied to a Judiciary committee, specifically to Wyden back in March when he was asked in no uncertain terms has the Agency ever spied on the American public, in which he replied, "No."

In June Snowden emerged. Subsequent disclosures have ensued. Various programs, from the first ones, PRISM, to the newly disclosed Bullrun and Manassas are proof that the NSA has been violating the Fourth Amendment for years. They have access to not only your encrypted traffic, but also the fiber lines, Skype Chats, the routers that are riddled with vulnerabilities no admin wants to patch, or believe the patch is broken (I'm looking at you Cisco), to having back doors in publicly available crypto.

What makes the NSA think a blanket harvest of over three hundred million Americans is justified in, as they claim, catching terrorists. Even the FISA Court blasted them for overstepping their bounds within the parameters (a focused set of targets) of said Court. Not to mention the tech companies that were either strong armed, threatened with fines/jail time or just gave in and willingly cooperated. Questions abound; Did they know? Did they lie about it to their customers? Were they strong-armed with an NSL gag order to not even talk about it? The answers seem to be a resounding yes on most counts, only a select few (Google) are still vehemently denying they ever participated. In the end, it's a moot point: The agency had access to all the data over the fiber lines, coming out of, and going into, Google's servers. (And Microsofts, Oracles, Facebook, etc) But now it is revealed that they actually COULD go behind company firewalls, steal data, encrypted data, Internet traffic, email, etc, because they have either stolen, bartered, or strong armed these companies for their private server keys. So while once it was announced that the NSA has collected that data, it is only storing it in their massive database back in Utah they've been building for the last year, set to go online quite soon. Now, with this NYT article, well shit son, now we don't need to wait for technology to catch up with the crypto, we have all the keys now. It's been speculated that their approach was the companies get rid of old private keys after a couple of months. All the NSA did was simply ask: Hey, don't delete them, give them to us. You're not using them anyway....

So I ask you, do you use encryption?
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,476
Time for 1024 bit encryption?
No.

How about something that is 30 - 100x that?

Go do some research on CPU vs GPU vs FPGA password cracking. Once you find out how effective and powerful GPUs are, let me tell you -- FPGAs nuke GPUs like a supernova swallowing planets. With as much money and resources available to the NSA, I wouldn't for a second doubt that they don't have GPU-heavy supercomputers and even specialized FPGA supercomputers for even higher priority stuff.
 

fairlane

Limp Gawd
Joined
Jun 18, 2004
Messages
297
Just going out on a limb here, but I think he was referring to a terrorist going into a classroom and detonating a vest. Which has not happened on US soil.

Spidey I think you fell off your limb ;) I believe BBA was referring to his erroneous sentence that every school shooting was done by a STUDENT. That is incorrect. To answer his question of an example, The Sandy Hook tragedy was not done by a student, but a mentally ill young man with access to his mother's guns.
 

Obi_Kwiet

2[H]4U
Joined
Dec 25, 2004
Messages
3,858
No.

How about something that is 30 - 100x that?

Go do some research on CPU vs GPU vs FPGA password cracking. Once you find out how effective and powerful GPUs are, let me tell you -- FPGAs nuke GPUs like a supernova swallowing planets. With as much money and resources available to the NSA, I wouldn't for a second doubt that they don't have GPU-heavy supercomputers and even specialized FPGA supercomputers for even higher priority stuff.

Power can be helpful, but ultimately, it's a mathematical problem more than a hardware problem. Reducing the time to crack something from 80 billion years to 80 million years isn't very helpful, but if you can find a weakness in the algorithm such that you don't have to check most of the possible combinations, that's powerful.
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,476
If you use encryption, why do you use it?
Maybe I don't care so much about the NSA peaking into my stuff, but a little bit of encryption can go a long ways to keep out 99.999% of predators. In business, who cares if the NSA does -- we care more about other predators that could hurt our business; if the NSA does come to hurt our business, then we're in the wrong business to begin with. :D

This is far worse than just every day citizens being spied on. This is the encryption that companies, banks etc... etc... use and rely on. If the encryption is comprised the entire system is at risk. This isn't just about the government spying you and me, its about much much more than that. Bruce Schneier says it best: http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
Question: what if the root command of the NSA is also behind and/or partnered with the Central Banks? Then encryption only matters for the response to the first thing I quote in this post.

NSA data isn't used to catch terrorists. It is used to control people. Ever notice how our representatives in congress often vote against their convictions. That's because the NSA has dirt on everyone and the current regime uses it to manipulate the system.

The truth about the internet is in my signature.
And whether it is the NSA or not, this is a fact: every person can be bought at a price and will compromise their own convictions.
 

fairlane

Limp Gawd
Joined
Jun 18, 2004
Messages
297
No.

How about something that is 30 - 100x that?

Go do some research on CPU vs GPU vs FPGA password cracking. Once you find out how effective and powerful GPUs are, let me tell you -- FPGAs nuke GPUs like a supernova swallowing planets. With as much money and resources available to the NSA, I wouldn't for a second doubt that they don't have GPU-heavy supercomputers and even specialized FPGA supercomputers for even higher priority stuff.

If the article is in fact true, it doesn't matter, if they already have the keys, they don't need to brute force attack it. But to add my two cents to the FPGA arguement, if the crypto is done right - IF - its done right, the answer is AT THIS POINT IN TIME, no, their FPGA's won't do shit. Now, to answer the 'how it is done right', the crypto has to be implemented right, and the user has to simply have a strong enough password, (AT THIS POINT IN TIME), 20-30 (or more) uppercase/lowercase, symbols and numbers, and the server should be introducing some work factor such as bcrypt, to slow those FPGA's down considerably. I've done some research you asked to do, and as of late, anything less than those criteria established above would certainly break credentials within a few hours. And that's a major reason WHY the NSA can brute force most of the data out there; the crypto is either too weak or its implementation, and/or users are using excruciatingly weak passwords like monkey or password123.
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,476
Maybe I don't care so much about the NSA peaking into my stuff, but a little bit of encryption can go a long ways to keep out 99.999% of predators. In business, who cares if the NSA does -- we care more about other predators that could hurt our business; if the NSA does come to hurt our business, then we're in the wrong business to begin with. :D

Question: what if the root command of the NSA is also behind and/or partnered with the Central Banks? Then encryption only matters for the response to the first thing I quote in this post.
And also so that they blend in with truth and look good, not suspicious, totally innocent, has nothing to do with it, take your tinfoil hat off bro (not cool). Conspiracy theorists have sooo many flaws and there's no way any of them could ever be even remotely right. The news said it, that guy they interviewed live on the streets said it, some other country said it, tourists said it, -- all proof and evidence no way the government would do such a thing or be involved... I mean, seriously, why would they do such a thing? ;)

Power can be helpful, but ultimately, it's a mathematical problem more than a hardware problem. Reducing the time to crack something from 80 billion years to 80 million years isn't very helpful, but if you can find a weakness in the algorithm such that you don't have to check most of the possible combinations, that's powerful.
Unfortunately, there isn't any evidence anywhere to say that the algorithms that are considered industry standard and supported/used by banks, government, and military didn't first pass through or have something to do with the NSA before being released to the public ... because you know, math is math and what if they wanted to control what algorithms are available to the public (based on weaknesses/tricks the NSA has up its sleeve to shorten cracking or backdoor straight in)?
 

LeviathanZERO

Supreme [H]ardness
Joined
Dec 20, 2003
Messages
6,496
Spidey I think you fell off your limb ;) I believe BBA was referring to his erroneous sentence that every school shooting was done by a STUDENT. That is incorrect. To answer his question of an example, The Sandy Hook tragedy was not done by a student, but a mentally ill young man with access to his mother's guns.

Adam Lanza was a former student of Sandy Hook.

Can we stay on topic?
 

Cerulean

[H]F Junkie
Joined
Jul 27, 2006
Messages
9,476
If the article is in fact true, it doesn't matter, if they already have the keys, they don't need to brute force attack it. But to add my two cents to the FPGA arguement, if the crypto is done right - IF - its done right, the answer is AT THIS POINT IN TIME, no, their FPGA's won't do shit. Now, to answer the 'how it is done right', the crypto has to be implemented right, and the user has to simply have a strong enough password, (AT THIS POINT IN TIME), 20-30 (or more) uppercase/lowercase, symbols and numbers, and the server should be introducing some work factor such as bcrypt, to slow those FPGA's down considerably. I've done some research you asked to do, and as of late, anything less than those criteria established above would certainly break credentials within a few hours. And that's a major reason WHY the NSA can brute force most of the data out there; the crypto is either too weak or its implementation, and/or users are using excruciatingly weak passwords like monkey or password123.
I totally agree with you man. Legacy implementations (vendors need to get with the program and stop using antique configurations) and poor passwords.

Regarding poor passwords -- I think a new concept would have to be developed. Few will go as far as memorizing dynamic passwords composed of several parts, upper and lowercase, symbols, etcetera. Maybe that's why the average Joe Schmoe doesn't care about what the NSA is doing then? (Then it will be too late for Joe Schmoe to really make a difference; also, NSA probably has the upper hand in human intelligence with psychology and mathematics and infrastructural intel.)
 

evilsofa

[H]F Junkie
Joined
Jan 1, 2007
Messages
10,078
So I ask you, do you use encryption?

I do, on my wireless router to keep the neighborhood pedophiles from using it, but not to keep the NSA out. I also have a pretty typical lock and deadbolt on my front door, to keep opportunists from walking in and taking my stuff, but not to keep out a SWAT team with a ram, a professional locksmith, or any old body with a drill.

I think it would be a lot more interesting to hear about all the nefarious stuff that the NSA is doing with the domestic data it collects. You know, like this:

TheArTcher said:
NSA data isn't used to catch terrorists. It is used to control people. Ever notice how our representatives in congress often vote against their convictions. That's because the NSA has dirt on everyone and the current regime uses it to manipulate the system.

Well, geez, if they are, they're sure doing a lousy job of it. Remind me of which way on the political spectrum is the NSA leaning.
 

fairlane

Limp Gawd
Joined
Jun 18, 2004
Messages
297
Adam Lanza was a former student of Sandy Hook.

Can we stay on topic?

My apologies, but FWIW, he was only there a very short time. Given his mental state at the time of the shooting, and the OP's reference in his post, I don't see how Lanza being a student and his mental state would have been a contributing factor as to his decision to shoot up that school. But we'll never know.

So yes, lets then stay on topic, what other school shooting occurred that wasn't by a former student? Because right now at midnight, I can't think of one.:eek::eek:
 

Wrench00

2[H]4U
Joined
Sep 30, 2003
Messages
3,423
Did you read the article? They are basically saying they have ways to break SSL, so going from 1024 to 2048 wouldn't help. Additionally, if they have access to all the cert keys, again, it doesn't matter if you up the crypto, they can still decrypt your traffic.

They don't have the cert keys if you are creating them on your own servers.

Most of my network have network wide encryption on the network layer anyway, so a packet snoop will still just get garbage.
 

mynamehere

[H]ard|Gawd
Joined
Jun 30, 2007
Messages
1,763
Not only is higher bit encryption needed, but more importantly, what's needed is an encryption algorithms that are much harder to crack.
 

Ducman69

[H]F Junkie
Joined
Jul 12, 2007
Messages
10,542
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school.
1) How many suicide bombers were thwarted by such practices
2) Here's some statistic on the danger of being killed by a terrorist in the United States:

-You are 17,600 times more likely to die from heart disease than from a terrorist attack
-You are 12,571 times more likely to die from cancer than from a terrorist attack
-You are 11,000 times more likely to die in an airplane accident than from a terrorist plot involving an airplane
-You are 1048 times more likely to die from a car accident than from a terrorist attack
–You are 404 times more likely to die in a fall than from a terrorist attack

So if your brain were working properly when it comes to risk management, you would be far more frightened of a Dr Pepper can or school bus killing your kid or him tripping while walking on the sidewalk than a terrorist attack.

That's the thing about fear mongering though, common sense goes out the window, and the government is exploiting this as an excuse for the power grab they always wanted.
 

DarkStar02

2[H]4U
Joined
Mar 1, 2006
Messages
2,138
Any+society+that+would+give+up+a+little+liberty+to+gain+a+little+security+will+deserve+neither+and+lose+both.jpg
 

Skripka

[H]F Junkie
Joined
Feb 5, 2012
Messages
10,792
That has never happened in the US.
School shootings are always, ALWAYS done by a student. Please show ONE example of suicide bombers in schools, in the US. Ridiculous notion that you would give your rights away to. Trustworthy people like the CIA and NSA, that break their own laws. You have gone completely mad if you trust those people. comedy.

Bath Schools in Michigan 1927. Made huge news at the time.

You name it or can imagine it, it has happened somewhere. You just haven't read enough to know about it.

Not that I am in any way siding with the NSA in this, mind you.
 

michael.pa2

2[H]4U
Joined
Dec 26, 2006
Messages
2,998
"We have met the enemy,and he is us."
The goal of terrorists is to force their enemies to defeat themselves through fear. The day we abandon our rights and freedom and give up our way of life is the day that they win. Give the politicians too much power over us,and it becomes an addiction they'll do anything to feed. History is full of examples of this.
 

Godmachine

[H]F Junkie
Joined
Apr 7, 2003
Messages
10,472
It sounds like no matter what conventional encryption you choose , the NSA has the brute force to destroy it. What is needed now to prevent decryption is something that is of Quantum mechanics in place to both create , relay and destroy information in some kind of Quantum loop. Since we can only know the location or state of a Quantum particle and not both measurements at the same time , someone is going to have to change the game entirely. Last I heard Quantum Cryptography is still in its infancy stage and not nearly ready for any kind of prime time usage.
 
Top