HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
As if there wasn't enough spying news posted already today, this New York Times article is the cherry on the cake. Thanks to Red Falcon for the link.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
N.S.A. Foils Much Internet Encryption
- Thread starter HardOCP News
- Start date
lostinseganet
[H]ard|Gawd
- Joined
- Oct 8, 2008
- Messages
- 1,220
Time for 1024 bit encryption?
I don't know about most people but I run all SSL 2048 bit keys. This is a .gov mandate up here in Canuckastan.
>GSXR<mrbusa
Weaksauce
- Joined
- Dec 13, 2005
- Messages
- 121
i dont like the idea of thinking my home network is safe from intrusion but might not be even when im securing it correctly. i can deal with that better than i could deal with having some suicide bomber running into my kids school. this is the new world and its not changing any time soon. just stay as safe as you can by not surfing to far into the unknown and go on with your day. as a citizen the worst that can happen is you bank information get hacked, its insured....get over it.
Red Falcon
[H]ard DCOTM December 2023
- Joined
- May 7, 2007
- Messages
- 12,454
Scary stuff! 
Xrave
Supreme [H]ardness
- Joined
- Jun 29, 2004
- Messages
- 7,816
Gobsmacked, I say. Gobsmacked.
LeviathanZERO
Supreme [H]ardness
- Joined
- Dec 20, 2003
- Messages
- 6,496
That has never happened in the US.
School shootings are always, ALWAYS done by a student. Please show ONE example of suicide bombers in schools, in the US. Ridiculous notion that you would give your rights away to. Trustworthy people like the CIA and NSA, that break their own laws. You have gone completely mad if you trust those people. comedy.
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
Just think of all the code breaking they're doing with people who don't have any terrorist ties as practice
You think so? You have been missing out on news coverage for the last few years haven't you?
For the same reason I lock my car or house door. My property is my property. it's not for public use. Intellectual Property rights have defined data as property and as such I consider my data my property. My property is mine, so I lock it up, data inclusive.
This is far worse than just every day citizens being spied on. This is the encryption that companies, banks etc... etc... use and rely on. If the encryption is comprised the entire system is at risk. This isn't just about the government spying you and me, its about much much more than that. Bruce Schneier says it best: http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
LeviathanZERO
Supreme [H]ardness
- Joined
- Dec 20, 2003
- Messages
- 6,496
TheArTcher
Limp Gawd
- Joined
- Dec 9, 2007
- Messages
- 242
NSA data isn't used to catch terrorists. It is used to control people. Ever notice how our representatives in congress often vote against their convictions. That's because the NSA has dirt on everyone and the current regime uses it to manipulate the system.
The truth about the internet is in my signature.
The truth about the internet is in my signature.
Foil eh?
First: Get the message before it's encrypted
Outside: Crack encryption through mathematical or brute force attacks.
Inside: Get inside access to companies producing security software.
Last: Get the message after it's been decrypted by the recipient
Or am I confusing it with some other foil?
First: Get the message before it's encrypted
Outside: Crack encryption through mathematical or brute force attacks.
Inside: Get inside access to companies producing security software.
Last: Get the message after it's been decrypted by the recipient
Or am I confusing it with some other foil?
You have no idea how the real world works, do you? In the real world, people who are competent enough to plan and carry out terrorist attacks, do it. I mean lets face it, all of their spying totally kept us safe from the boston marthon bombing didn't it? Oh wait... that's right.. it didn't.
What does their unfettered access gain us? Unlimited, unending abuse. Let's take "Joe The Plumber" as an example as it's a very well documented case. A presidential candidate came to his neighborhood for a photo op. He asked the man a question, and the media picked up on it. Afterwards, 4 record databases were accessed illegally or against protocol. This is just the databases that are public and contain very little information.
If people are willing to risk their jobs and break the law to search people who just ask a presidential candidate a question, what would the same people do to the neighbor that pisses them off? What would the same type of people do who have access to tap their phones, or e-mail, or healthcare records?
That's just people who work at those places. It's completely inconcieveable that a president or any one else with major power would attempt to abuse their power.
fairlane
Limp Gawd
- Joined
- Jun 18, 2004
- Messages
- 297
Did you read the article? They are basically saying they have ways to break SSL, so going from 1024 to 2048 wouldn't help. Additionally, if they have access to all the cert keys, again, it doesn't matter if you up the crypto, they can still decrypt your traffic.
DarkStar02
2[H]4U
- Joined
- Mar 1, 2006
- Messages
- 2,144
People like you are what's wrong with this country.
fairlane
Limp Gawd
- Joined
- Jun 18, 2004
- Messages
- 297
Users use encryption to keep prying eyes that have no business looking at your bank statements, credit card numbers and using them for fraud. Businesses use them for the same reasons, and to protect their data from theft, trade secrets, proprietary information that associates trust. Your question is pretty vague so I will get pretty specific:
When I get asked that question in various forms as you are: "Why bother with using encryption if you have nothing to hide?" my response is "I have nothing to hide from people I trust".
So ask yourself, do you trust the NSA? The Director, James Clapper lied to a Judiciary committee, specifically to Wyden back in March when he was asked in no uncertain terms has the Agency ever spied on the American public, in which he replied, "No."
In June Snowden emerged. Subsequent disclosures have ensued. Various programs, from the first ones, PRISM, to the newly disclosed Bullrun and Manassas are proof that the NSA has been violating the Fourth Amendment for years. They have access to not only your encrypted traffic, but also the fiber lines, Skype Chats, the routers that are riddled with vulnerabilities no admin wants to patch, or believe the patch is broken (I'm looking at you Cisco), to having back doors in publicly available crypto.
What makes the NSA think a blanket harvest of over three hundred million Americans is justified in, as they claim, catching terrorists. Even the FISA Court blasted them for overstepping their bounds within the parameters (a focused set of targets) of said Court. Not to mention the tech companies that were either strong armed, threatened with fines/jail time or just gave in and willingly cooperated. Questions abound; Did they know? Did they lie about it to their customers? Were they strong-armed with an NSL gag order to not even talk about it? The answers seem to be a resounding yes on most counts, only a select few (Google) are still vehemently denying they ever participated. In the end, it's a moot point: The agency had access to all the data over the fiber lines, coming out of, and going into, Google's servers. (And Microsofts, Oracles, Facebook, etc) But now it is revealed that they actually COULD go behind company firewalls, steal data, encrypted data, Internet traffic, email, etc, because they have either stolen, bartered, or strong armed these companies for their private server keys. So while once it was announced that the NSA has collected that data, it is only storing it in their massive database back in Utah they've been building for the last year, set to go online quite soon. Now, with this NYT article, well shit son, now we don't need to wait for technology to catch up with the crypto, we have all the keys now. It's been speculated that their approach was the companies get rid of old private keys after a couple of months. All the NSA did was simply ask: Hey, don't delete them, give them to us. You're not using them anyway....
So I ask you, do you use encryption?
Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
No.
How about something that is 30 - 100x that?
Go do some research on CPU vs GPU vs FPGA password cracking. Once you find out how effective and powerful GPUs are, let me tell you -- FPGAs nuke GPUs like a supernova swallowing planets. With as much money and resources available to the NSA, I wouldn't for a second doubt that they don't have GPU-heavy supercomputers and even specialized FPGA supercomputers for even higher priority stuff.
fairlane
Limp Gawd
- Joined
- Jun 18, 2004
- Messages
- 297
Spidey I think you fell off your limb
I believe BBA was referring to his erroneous sentence that every school shooting was done by a STUDENT. That is incorrect. To answer his question of an example, The Sandy Hook tragedy was not done by a student, but a mentally ill young man with access to his mother's guns.Power can be helpful, but ultimately, it's a mathematical problem more than a hardware problem. Reducing the time to crack something from 80 billion years to 80 million years isn't very helpful, but if you can find a weakness in the algorithm such that you don't have to check most of the possible combinations, that's powerful.
Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
Maybe I don't care so much about the NSA peaking into my stuff, but a little bit of encryption can go a long ways to keep out 99.999% of predators. In business, who cares if the NSA does -- we care more about other predators that could hurt our business; if the NSA does come to hurt our business, then we're in the wrong business to begin with.
Question: what if the root command of the NSA is also behind and/or partnered with the Central Banks? Then encryption only matters for the response to the first thing I quote in this post.
And whether it is the NSA or not, this is a fact: every person can be bought at a price and will compromise their own convictions.
fairlane
Limp Gawd
- Joined
- Jun 18, 2004
- Messages
- 297
If the article is in fact true, it doesn't matter, if they already have the keys, they don't need to brute force attack it. But to add my two cents to the FPGA arguement, if the crypto is done right - IF - its done right, the answer is AT THIS POINT IN TIME, no, their FPGA's won't do shit. Now, to answer the 'how it is done right', the crypto has to be implemented right, and the user has to simply have a strong enough password, (AT THIS POINT IN TIME), 20-30 (or more) uppercase/lowercase, symbols and numbers, and the server should be introducing some work factor such as bcrypt, to slow those FPGA's down considerably. I've done some research you asked to do, and as of late, anything less than those criteria established above would certainly break credentials within a few hours. And that's a major reason WHY the NSA can brute force most of the data out there; the crypto is either too weak or its implementation, and/or users are using excruciatingly weak passwords like monkey or password123.
Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
And also so that they blend in with truth and look good, not suspicious, totally innocent, has nothing to do with it, take your tinfoil hat off bro (not cool). Conspiracy theorists have sooo many flaws and there's no way any of them could ever be even remotely right. The news said it, that guy they interviewed live on the streets said it, some other country said it, tourists said it, -- all proof and evidence no way the government would do such a thing or be involved... I mean, seriously, why would they do such a thing?Maybe I don't care so much about the NSA peaking into my stuff, but a little bit of encryption can go a long ways to keep out 99.999% of predators. In business, who cares if the NSA does -- we care more about other predators that could hurt our business; if the NSA does come to hurt our business, then we're in the wrong business to begin with.
Question: what if the root command of the NSA is also behind and/or partnered with the Central Banks? Then encryption only matters for the response to the first thing I quote in this post.
Unfortunately, there isn't any evidence anywhere to say that the algorithms that are considered industry standard and supported/used by banks, government, and military didn't first pass through or have something to do with the NSA before being released to the public ... because you know, math is math and what if they wanted to control what algorithms are available to the public (based on weaknesses/tricks the NSA has up its sleeve to shorten cracking or backdoor straight in)?
LeviathanZERO
Supreme [H]ardness
- Joined
- Dec 20, 2003
- Messages
- 6,496
Spidey I think you fell off your limb
Adam Lanza was a former student of Sandy Hook.
Can we stay on topic?
Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
I totally agree with you man. Legacy implementations (vendors need to get with the program and stop using antique configurations) and poor passwords.
Regarding poor passwords -- I think a new concept would have to be developed. Few will go as far as memorizing dynamic passwords composed of several parts, upper and lowercase, symbols, etcetera. Maybe that's why the average Joe Schmoe doesn't care about what the NSA is doing then? (Then it will be too late for Joe Schmoe to really make a difference; also, NSA probably has the upper hand in human intelligence with psychology and mathematics and infrastructural intel.)
I do, on my wireless router to keep the neighborhood pedophiles from using it, but not to keep the NSA out. I also have a pretty typical lock and deadbolt on my front door, to keep opportunists from walking in and taking my stuff, but not to keep out a SWAT team with a ram, a professional locksmith, or any old body with a drill.
I think it would be a lot more interesting to hear about all the nefarious stuff that the NSA is doing with the domestic data it collects. You know, like this:
TheArTcher said:
Well, geez, if they are, they're sure doing a lousy job of it. Remind me of which way on the political spectrum is the NSA leaning.
fairlane
Limp Gawd
- Joined
- Jun 18, 2004
- Messages
- 297
My apologies, but FWIW, he was only there a very short time. Given his mental state at the time of the shooting, and the OP's reference in his post, I don't see how Lanza being a student and his mental state would have been a contributing factor as to his decision to shoot up that school. But we'll never know.
So yes, lets then stay on topic, what other school shooting occurred that wasn't by a former student? Because right now at midnight, I can't think of one.
They don't have the cert keys if you are creating them on your own servers.
Most of my network have network wide encryption on the network layer anyway, so a packet snoop will still just get garbage.
mynamehere
[H]ard|Gawd
- Joined
- Jun 30, 2007
- Messages
- 1,763
Not only is higher bit encryption needed, but more importantly, what's needed is an encryption algorithms that are much harder to crack.
1) How many suicide bombers were thwarted by such practices
2) Here's some statistic on the danger of being killed by a terrorist in the United States:
-You are 17,600 times more likely to die from heart disease than from a terrorist attack
-You are 12,571 times more likely to die from cancer than from a terrorist attack
-You are 11,000 times more likely to die in an airplane accident than from a terrorist plot involving an airplane
-You are 1048 times more likely to die from a car accident than from a terrorist attack
You are 404 times more likely to die in a fall than from a terrorist attack
So if your brain were working properly when it comes to risk management, you would be far more frightened of a Dr Pepper can or school bus killing your kid or him tripping while walking on the sidewalk than a terrorist attack.
That's the thing about fear mongering though, common sense goes out the window, and the government is exploiting this as an excuse for the power grab they always wanted.
DarkStar02
2[H]4U
- Joined
- Mar 1, 2006
- Messages
- 2,144
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Bath Schools in Michigan 1927. Made huge news at the time.
You name it or can imagine it, it has happened somewhere. You just haven't read enough to know about it.
Not that I am in any way siding with the NSA in this, mind you.
michael.pa2
2[H]4U
- Joined
- Dec 26, 2006
- Messages
- 2,998
"We have met the enemy,and he is us."
The goal of terrorists is to force their enemies to defeat themselves through fear. The day we abandon our rights and freedom and give up our way of life is the day that they win. Give the politicians too much power over us,and it becomes an addiction they'll do anything to feed. History is full of examples of this.
The goal of terrorists is to force their enemies to defeat themselves through fear. The day we abandon our rights and freedom and give up our way of life is the day that they win. Give the politicians too much power over us,and it becomes an addiction they'll do anything to feed. History is full of examples of this.
Godmachine
[H]F Junkie
- Joined
- Apr 7, 2003
- Messages
- 10,472
It sounds like no matter what conventional encryption you choose , the NSA has the brute force to destroy it. What is needed now to prevent decryption is something that is of Quantum mechanics in place to both create , relay and destroy information in some kind of Quantum loop. Since we can only know the location or state of a Quantum particle and not both measurements at the same time , someone is going to have to change the game entirely. Last I heard Quantum Cryptography is still in its infancy stage and not nearly ready for any kind of prime time usage.