dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2013-09-06 09:06:02: The latest Edward Snowden bombshell comes courtesy of the New York Times, who in a report this week notes that the NSA has managed to defeat most of the most common encryption schemes available using a wide variety of tactics. ..

page: 1 · 2 · 3 · next
tmc8080
join:2004-04-24
Brooklyn, NY

tmc8080

Member

not new

some of the major makers in laptops allowed key loggers to be default installed into the bios shortly after 2001 in the fight against terrorism and tablets have had their own spytools put into them as well.

so unless you recode the entire products being made today including low-level bios's you have the probability of it being non-secure.

there's probably a good market in older devices which have not been compromised by these measures.
ihatedslr
join:2000-12-11
US

3 recommendations

ihatedslr

Member

nice story.

I don't care. Hack away, read all my email, texts, bills, whatever. Enjoy it. These are the consequences when we communicate digitally/online. Deal with it.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

5 recommendations

Kilroy

MVM

You obviously misunderstand. Anything that the NSA can use, so can hackers. If there is a backdoor built into anything that allows the NSA to access it, rest assured that someone else can be using it also. That is one of the primary problems with creating a method for the "good guys", nothing stops the "bad guys" from using it also.

ironweasel
Weezy
Premium Member
join:2000-09-13
Belen, NM

6 recommendations

ironweasel to ihatedslr

Premium Member

to ihatedslr
No, these are not the consequences when we communicate digitally.

These are the consequences when an alphabet agency decides it needs to spy on anything and everything in the name of "national security". One can argue the whole point of "if you're not doing anything wrong then you have nothing to hide", but that's just a lame excuse to justify their actions. It doesn't matter if I'm sending an email to my Aunt Gertie or chatting online with a support rep from my cable company - I should be able to do it without having someone basically standing over my shoulder the entire time.

Encryption exists for a reason and I'm sure there are nefarious reasons but there are also plenty of legitimate reasons as well. It's like making sure you have steel doors and bullet proof glass on your house along with the most sophisticated alarm system out there and then giving the keys and access code to your nosy neighbor knowing full well that they like to come snoop around in your house looking for that meth lab you might have. You're not actually the next Walter White, but it's cool if that neighbor comes in and checks your house out all the time, right?

AnonMan
@comcast.net

AnonMan

Anon

Most encryption has been defeated for a while by NSA

I find it funny people are finding all this stuff shocking. Most of the encryption used today was invented MANY years ago. AES encryption has been defeated by the NSA for a bit now and I have been telling people that but they like to say and feel otherwise and laugh.

Hardware and technology has came a long way and made the process of breaking these things faster and faster. Your avg. consumer processor has built in AES now which makes it process this faster. That same technology can be used to reverse it. That said, no your avg. Joe Shmow won't break it anytime soon but consider the NSA has one of the most powerful Super Computer in the world and is building an even bigger one that is almost done it shouldn't be shocking. A few hundred thousand processors and specially designed crypto hardware can do wonders on breaking encryption

Nothing is un-hackable. It's the same for home security systems and doors and locks. The point is to make it cost prohibited for anyone to bother wanting your data. Yes it's true if a backdoor exists someone else can find it, but if it requires $100 million in computer hardware to breach it, you probably don't have to worry about someone beyond the NSA getting to it. Now the issue is them storing the unencrypted data and it leaking or someone gaining access to it... But that's always been an issue. People have access to SSN database and I assure you a lot of ID theft happens as a result of leaked data from that you don't hear about.

Point is, if you're not doing anything illegal don't worry. Yea it sucks maybe knowing someone has access to the data but the only thing you need worry about is if someone else with ill intentions is able to gain access to it, which at end of the day is my concern.

miataman
I've attained a PHD in DVR.
Premium Member
join:2010-10-27
Chelmsford, MA

miataman to tmc8080

Premium Member

to tmc8080

Re: not new


If we could just identify the hardware.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5 to Kilroy

Premium Member

to Kilroy

Re: nice story.

said by Kilroy:

You obviously misunderstand. Anything that the NSA can use, so can hackers. If there is a backdoor built into anything that allows the NSA to access it, rest assured that someone else can be using it also.

Then why haven't they? If it was easy for hackers to do what the NSA and other national security groups from countries like China do, then there would be no savings account in the country not drained of its money.

NoSoAble
@sbcglobal.net

NoSoAble to Kilroy

Anon

to Kilroy
Exactly. An army of hackers is working feverishly to discover the backdoors the NSA has placed in operating systems, encryption software, firewalls, routers, etc. These will be found and exploited. And since the NSA has undermined and corrupted the integrity of so many software (and even hardware) vendors, no one is going to be able to trust the fixes when they are released. Many organizations - businesses of all kinds, hospitals, universities, NGOs, etc, etc - have statutory and ethical obligations to securely encrypt and store data. How is this supposed to happen when so much of the security infrastructure has been compromised? The NSA has essentially destroyed the internet as a system for secure data storage and communication.

Sarick
It's Only Logical
Premium Member
join:2003-06-03
USA

1 edit

Sarick

Premium Member

Why can't we Encrypt?

I was wondering why we can't take a standard message completely unrelated as a key to a message that's sub encrypted? Seriously, If the first message has unencrypted data that's a stage one key how is anyone outside the two parties going to decrypt it?

Example:
The ball rolls fast.

This text is used as a source to decrypt an encrypted message that in itself is encrypted using another message. It in itself could be multiple pages long. The Key is else where or even hidden inside the text in a common phase.

If enough levels are encrypted with the right amount of well placed garbage in the output even fully decrypted it would be extremely hard to decode even with the best systems. If it takes several minutes for a powerful computer to decode a message with known codes how long will it take to decrypt one without codes?

Come on, if given the effort and resources encryption could be created thats so secure by the time the fastest computers crack its already not worth anything.

I think in the future people should not measure encryption as now many bits are used to protect privacy but how long will it delay information they want to kept private. In the case of the parties communicating the amount of time it takes to crack the encryption may be more important ten the content contained inside it.

morbo
Complete Your Transaction
join:2002-01-22
00000

3 recommendations

morbo to AnonMan

Member

to AnonMan

Re: Most encryption has been defeated for a while by NSA

said by Anon80:

Point is, if you're not doing anything illegal don't worry.

That is not the point at all.

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN to FFH5

Premium Member

to FFH5

Re: nice story.

Stop saying "National Security Groups...". These are all "terrorist" organizations and shall be treated as such.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

said by PToN:

Stop saying "National Security Groups...". These are all "terrorist" organizations and shall be treated as such.

Treated as such by who? You? The UN? I don't think they care what you or the UN thinks. And exactly in what manner will they be treated as terrorists? What actions are you or anyone else going to take to hold them to account?

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

2 recommendations

Metatron2008 to ihatedslr

Premium Member

to ihatedslr
People in the 30's also didn't have anything to worry about from the Nazi SS if they did nothing wrong, right?

It's not like anyone who has absolute power has ever abused it before, right...??
Metatron2008

2 recommendations

Metatron2008 to AnonMan

Premium Member

to AnonMan

Re: Most encryption has been defeated for a while by NSA

Yes, because giving men complete power over your lives has never backfired.

jseymour
join:2009-12-11
Waterford, MI

jseymour

Member

My Keyring

It's only just recently, and somewhat reluctantly, I've moved to one of those new-fangled "smart"phones. One reason I resisted for so long was the encrypted keyring on my trusty old Palm device. Two advantages had that thing: 1. The handheld was not Internet-connected. 2. Sync was local, to my own desktop machine, and so was the desktop app.

Now I have a "smart"phone and, in two weeks of looking into it, have yet to have selected a replacement for my trusty Palm Keyring. They all either have no multi-device synchronization/replication at all, or they use a crude "replicate the entire database" (which means, essentially, the same thing), or they want a shared database on Google's cloud, DropBox or elsewhere. That last is entirely unacceptable. I'm not going to have my keyring out there where somebody could snag a copy and spend their own sweet time cracking it.

Maybe Schneier's "Password Safe" will fill the bill? If not: I may have to write my own.

Jim

guppy_fish
Premium Member
join:2003-12-09
Palm Harbor, FL

guppy_fish

Premium Member

Here is a good article to pair with what Karl posted

»www.theguardian.com/worl ··· eillance

Short summary:

Gets further into the details, If you buy it ( software ) its most likely has back doors or intentional weaknesses added

TelecomEng
@rr.com

TelecomEng to FFH5

Anon

to FFH5

Re: nice story.

said by FFH5:

Then why haven't they?

And how do you know they haven't? You obviously do not know much about those groups operate because they typically do not go about announcing their attack vectors or doing grandiose stunts that would garner lots of attention (something totally fanciful and stupid like draining every saving account of its money).
TelecomEng

TelecomEng to morbo

Anon

to morbo

Re: Most encryption has been defeated for a while by NSA

said by morbo:

said by Anon80:

Point is, if you're not doing anything illegal don't worry.

That is not the point at all.

I do not think the poster is making the argument that you should not be concerned, just that it is highly unlikely that the jack-booted thugs will kick in your door and cart you off to Gitmo.
modifiy
join:2001-04-13
Minneapolis, MN

modifiy to AnonMan

Member

to AnonMan
said by Anon80:

I find it funny people are finding all this stuff shocking. Most of the encryption used today was invented MANY years ago. AES encryption has been defeated by the NSA for a bit now and I have been telling people that but they like to say and feel otherwise and laugh.

That would be shocking if they broke most encryption used today. No one has been able to prove that is possible yet with modern encryption. And I would still be very skeptical of it myself especially when you read the article. The NSA is going after the weakest link in the chain and it's not the encryption itself. It's the implementation that's weak. Chances are that it's a bug, backdoor, or faulty configuration in the encryption software or social engineering the holders of the private keys to hand them over "for the good of the Nation."
Most encryption methods have been around for many years, but that's a good thing. New encryption shouldn't be used until it's been hammered on by cryptanalysis. That's why the adoption for AES didn't start when it was published; it took a few years. AES is still very strong and has shown some theoretical weaknesses, but nothing that has shown to make it defeated and some of those weaknesses have countermeasures already in place (additional rounds).

If you have a chance go read Bruce Schneier's blog. I have to agree with what he said: "Honestly, I'm skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts."

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt to Metatron2008

Premium Member

to Metatron2008

Re: nice story.

If they have absolute power, AND wished for you to disappear...
You'd already be gone.
Why would they waste time collecting/manufacturing evidence, if none is needed?
ihatedslr
join:2000-12-11
US

ihatedslr to Metatron2008

Member

to Metatron2008
I didn't say anything about doing nothing wrong... just saying if I choose to send emails to someone, it's logical that every connection point in between me and them has the opportunity to read/log/collect data. I am ok with that.

firephoto
Truth and reality matters
Premium Member
join:2003-03-18
Brewster, WA

firephoto to jseymour

Premium Member

to jseymour

Re: My Keyring

The issue you may have is that any encryption used could be generated on a not actually random number generator. There are implementations that use hardware that generates the "random" numbers to speed things up rather than waiting for enough actual randomness. This weakness is possible via very large computer chip corporations that are "inside" most things.

So this applies to the device and it's security itself and the security used on your bits.

It's really a worrying situation and more so with some people trying to downplay the seriousness of this.
en103
join:2011-05-02

en103 to miataman

Member

to miataman

Re: not new

Too add more fun to that... back in the 90's, CPU manufacturers added in serial number tracking abilities. Pretty much EVERY aspect of a modern computer can be tracked by serial / embedded firmware. This came more into play after NICs had their MACs cloned.

Karl Bode
News Guy
join:2000-03-02

1 recommendation

Karl Bode to TelecomEng

News Guy

to TelecomEng

Re: Most encryption has been defeated for a while by NSA

That they won't do that NOW is a meaningless argument. Civil Libertarians argue that the problem is we're building systems that will be abused down the line. Look at what Bush and Obama, two (though surely debated by wingnuts) relatively sane people did with these programs. Guess what an elected leader with even less respect for privacy, human lives, ethics or the rule of law would do?

Metatron2008
You're it
Premium Member
join:2008-09-02
united state

1 recommendation

Metatron2008

Premium Member

People keep saying it'll be abused down the line. What is the difference? It's already abused, and our leaders are corrupt. What is this fabled 'president abuser' people keep on commenting about? Do we expect another Adolf Hitler to show up as president and begin killing before people wake up?
kerya666
join:2002-12-20
Valrico, FL

kerya666 to ihatedslr

Member

to ihatedslr

Re: nice story.

said by ihatedslr:

I don't care. Hack away, read all my email, texts, bills, whatever. Enjoy it. These are the consequences when we communicate digitally/online. Deal with it.

Really? Who is setting these imaginary standards/expectations?
kerya666

kerya666 to AnonMan

Member

to AnonMan

Re: Most encryption has been defeated for a while by NSA

said by Anon80:

Point is, if you're not doing anything illegal don't worry. Yea it sucks maybe knowing someone has access to the data but the only thing you need worry about is if someone else with ill intentions is able to gain access to it, which at end of the day is my concern.

Says a person that is posting from an anonymous account... the irony.
Trimox
join:2012-09-24
Anywhere

Trimox

Member

A good laugh

"Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read."

ROFLMAO of course they point out foreign not that they care about anybody else haha. If I knew someone else other than myself had keys to my house of course I would change the locks. That is not to say they couldn't pick it in the future but why make it simple for them now. If it were a perfect world we wouldn't even need doors but since it is not we take what precautions to a point we feel comfortable.
Squire James
join:2013-08-21
Orlando, FL

Squire James to Metatron2008

Member

to Metatron2008

Re: Most encryption has been defeated for a while by NSA

Basically, yes. I should note that Adolf Hitler himself didn't seem like such a bad guy when he first took office (at least no more so than any other politician). So I can further assert that the people probably won't know they even elected a Hitler-like person until much later.

AnonMan
@comcast.net

AnonMan

Anon

Random numbers don't exist though on computers...

The thing is no "true" random number generator exists.

We can get close but no such thing as random when it comes to programs. Generators try to use various variables etc. to be close to random but you simply can't guarantee randomness and this is one of the things that can help defeat encryption.

That and it takes two sides to encrypt something. You visit a website with SSL, your computer/browse decrypts it just as any other one can. So as you see the encryption have a small part in common and this can further be exploited. These public keys are the next thing that can be attacked.

The NSA has broken AES but it's not broken to the point where it can be done easily, it's not a flat out it's broken to point that they can instantly decrypt something. It still takes processing power and time and as such it's often faster and more simple to bypass it as this article talks about.
That said you won't find this information ever public about AES being broken short of someone else figuring it out and showing it because in it's very nature it would hurt the internet and themselves plus why does the NSA or any gov agency need to share it has been exploited? You should know by now our gov lies or hides things it feels are in the gov best interest. For better or worse.

The world has evolved. This is going to be an ever evolving game. Like email spam. New ways to catch it come out, and new ways for spammers to bypass it do. Most places block port 25 because spammers use it, but okay so we just make a new port, oh look everyone uses that now, now we do reverse look up etc and as such spammers make that stuff validate. Cat and mouse game.

Downloading illegal software, same thing, people always find a way around it.

Cyber security is a tough situation. On one side you have people crying foul over what you're doing but on the other side you have to do some things to try to protect the people.

Would you rather someone get caught trying to set a nuke off in your town by means of the NSA monitoring everything or rather the nuke just go off and your family taken with it while you are away on a business trip?

The real issue is the oversight and what is done with the data. It should be restricted to only true national threats and not useable by other agencies for local or otherwise things as it does violate our rights but out of security some of those rights need to be, just not the way we currently do it.

The world is full of more and more crazy people. Back in the days you didn't have to lock your doors or worry. Today, people walk down my street every night looking for cars and houses unlocked they can steal from. Now you can argue that is the gov fault in many ways from jobs to criminal system etc but the point is we know right from wrong and a lot more people are doing wrong in the world.

I don't defend what is being done 100% but I respect it's something that sadly has to be done in some manner.
page: 1 · 2 · 3 · next