dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
816
share rss forum feed


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

1 recommendation

If Prism is so freaking amazing and all encompassing?

A question asked today, 'if the NSA's Prism is so freaking amazing and all encompassing, why didn't they know what Edward Snowden was up to?'

Maybe because folks have spun this up to urban legend type status?

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
EDWARD SNOWDEN: How To Make Sure The NSA Can't Read Your Email
»www.businessinsider.com/edward-s···Y7GPha9o


ashrc4
Premium
join:2009-02-06
australia
reply to Link Logger
Can we be sure they didn't?
They had a mole inside wikileaks for some time.


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
said by ashrc4:

Can we be sure they didn't?
They had a mole inside wikileaks for some time.

Moles are everywhere, whether they are placed or just people who decide that stuff has gone to far or going in the wrong direction, or people who are selling out to cover their own butt etc (lots of reasons) every group has 'moles' in it and strangely enough moles are still better then electronic surveillance. Moles work every side of the fence, good/bad, us/them etc you could even describe Edward Snowden as a mole. Wikileaks had 'moles' in a number of different places, otherwise they wouldn't be getting their stories, and the issues are based around what level of involvement or direction do moles take from their 'handlers', be it the authorities or otherwise like wikileaks.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


ashrc4
Premium
join:2009-02-06
australia
So no moles at ARS or who ever it was he was blogging at previous then.
It was a big mole though.
»www.theage.com.au/it-pro/securit···0kk.html


Ian
Premium
join:2002-06-18
ON
kudos:3
reply to Link Logger
said by Link Logger:

A question asked today, 'if the NSA's Prism is so freaking amazing and all encompassing, why didn't they know what Edward Snowden was up to?'

Maybe because folks have spun this up to urban legend type status?

Blake

I don't believe PRISM is all-knowing or all-encompassing. That isn't what makes it primarily odious though. It's the simple idea of being an East-German like STASI state where the Government snoops on all, with no oversight.

But a person who works for the NSA (or one of their contractors) would be a person least-likely to be tripped up hatching their plots via Gmail. They would know better. In fact, I would hazard to say, are the terrorists we're really worried about actually stupid enough to be putting incriminating things on Facebook? I guess for our sakes, let's hope so...... But I think that's wishful thinking.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
reply to Link Logger
when it comes to electronic communications and postal mail it really comes down to if you don't want it seen heard etc then don't say it. This is the information age. And with cloud computing load sharing etc and raw storage capacity the gov can now record every thing if they want to.Then they can sift through it decrypt it etc in record short time. Back in early 2000s i created a multimillion poly scene in 3d max and using cluster computing on a cheap 100 mbit lan with out computers set up specifically for rendering i rendered the scene first on my computer which was set up for such things it took little less than 9 hours. On the cluster it took less than a hour.About 9x faster. Now figure the nsa and gov in general can and likely has computers configured to do just that crack encryption. Now granted it might take them 10 or more years to crack a home user level encryption algorithm. But id bet that the statute of limitation on any thing they are looking for crime wise is way longer.

With that said yeh we should take stands against the snooping and publicly so . Regardless of if it forces them to make changes or come clean about their actions. And the only way any one has any thing to worry about taking such a stand is if the stand becomes violent. Things such as domestic terrorism in such cases the gov better stop those sorts of people regardless of if their motives are right. Their actions endanger those who are innocent in the cross fire. The truth is such acts only give the gov snoops a way to say see we are still not doing enough to stop it and then the gov gets more public support then they just go to far again and the cycle repeats.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.

Instead only hate exists in those eyes.


Ian
Premium
join:2002-06-18
ON
kudos:3
said by novaflare:

Now figure the nsa and gov in general can and likely has computers configured to do just that crack encryption. Now granted it might take them 10 or more years to crack a home user level encryption algorithm. But id bet that the statute of limitation on any thing they are looking for crime wise is way longer.

I simply don't think that is true. What people tend to forget with encryption and decryption is that advances in computer speed favour the person encrypting, not the person decrypting.

The fastest super-computer on the planet would take a billion, billion years to crack AES-128 ref: »www.eetimes.com/document.asp?doc_id=1279619 with a strong 128 bit key. A consumer can use such encryption easily. So is that data secure for 10 years? 100 years? 1000 years? What potential computer speed advance is someone theorizing that would take even the first billion multiplier away?

Now you could say that there might be a flaw in AES, and that may be true. But the algorithm is well known and open. Many people have looked and have so far only been able to shave a couple orders of power of 2 off of it (more for AES-256 with related key attacks).

Want to use stronger encryption than that? Already pretty easy to do. But what possible item might you encrypt whereby someone like the NSA would build and use a super-computer to break in any case? Unless your secret is of national security level importance, who the hell is going to bother?
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
said by Ian:

said by novaflare:

Now figure the nsa and gov in general can and likely has computers configured to do just that crack encryption. Now granted it might take them 10 or more years to crack a home user level encryption algorithm. But id bet that the statute of limitation on any thing they are looking for crime wise is way longer.

I simply don't think that is true. What people tend to forget with encryption and decryption is that advances in computer speed favour the person encrypting, not the person decrypting.

The fastest super-computer on the planet would take a billion, billion years to crack AES-128 ref: »www.eetimes.com/document.asp?doc_id=1279619 with a strong 128 bit key. A consumer can use such encryption easily. So is that data secure for 10 years? 100 years? 1000 years? What potential computer speed advance is someone theorizing that would take even the first billion multiplier away?

Now you could say that there might be a flaw in AES, and that may be true. But the algorithm is well known and open. Many people have looked and have so far only been able to shave a couple orders of power of 2 off of it (more for AES-256 with related key attacks).

Want to use stronger encryption than that? Already pretty easy to do. But what possible item might you encrypt whereby someone like the NSA would build and use a super-computer to break in any case? Unless your secret is of national security level importance, who the hell is going to bother?

Well that was the point any ways. For the gov to take a interest it would need to be a national security threat. But again any single computer yeh its going to take a insanely long time. But with potentially countless computers are doing the same chore ? Well i think the time could be brought down to 10 years or potentially less.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.

Instead only hate exists in those eyes.


Ian
Premium
join:2002-06-18
ON
kudos:3

1 recommendation

said by novaflare:

But again any single computer yeh its going to take a insanely long time. But with potentially countless computers are doing the same chore ? Well i think the time could be brought down to 10 years or potentially less.

But at what cost? A billion super-computers would still take a billion years at current tech (or when the article was written). Someone in the comments in the EE Times article pointed out that barring some fantastic breakthrough, just simply testing every AES key against an encrypted plain-text would consume the entire planet's energy budget for a couple hundred thousand years. Better be important indeed!

The short answer is nobody is going to bother. At best, they'd attack the password for a while before concluding that it wasn't "passwordzz_secret111" and move on. They are either going to leave your file on Dropbox un-decrypted, or they are going to send the black vans to pick you up at your house, and beat or threaten the key or password out of ya.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to Link Logger
said by Link Logger:

A question asked today, 'if the NSA's Prism is so freaking amazing and all encompassing, why didn't they know what Edward Snowden was up to?'

Maybe because folks have spun this up to urban legend type status?

Blake

Or maybe because they weren't looking at the kind of things he was allegedly doing. There's data collection, and there's data analysis. Prism is largely the process of collecting and organizing data. What is done with the data depends on what the analysts (human or computer) are tasked with looking for... and if they happen not to be looking for something, they may well never see it. And even if they are looking for it, they still may not recognize it for what it is - at least "in time". Comm data is a deep, deep ocean with lots of thermoclines...
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville

OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1
reply to Ian
said by Ian:

Unless your secret is of national security level importance, who the hell is going to bother?

It would seem to me that some agencies feel that ANY secret kept threatens national security. After all why would it be a secret if it wasn't?
--
...Who, What, When, Where, How... Why? Why Not?


Raphion

join:2000-10-14
Samsara
Reviews:
·Verizon FiOS
reply to Ian
said by Ian:

They are either going to leave your file on Dropbox un-decrypted, or they are going to send the black vans to pick you up at your house, and beat or threaten the key or password out of ya.

Or much more likely, option C; inject a zero-day infector into your favorite webpage as it passes through their secret room, then keylog your password as you enter it.


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
said by Raphion:

said by Ian:

They are either going to leave your file on Dropbox un-decrypted, or they are going to send the black vans to pick you up at your house, and beat or threaten the key or password out of ya.

Or much more likely, option C; inject a zero-day infector into your favorite webpage as it passes through their secret room, then keylog your password as you enter it.

Good point
It would not be very hard for them to inject/infect a webpage or a download your downloading with any number of key loggers that are fresh and custom made. No av would detect it and you would be infected quick.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.

Instead only hate exists in those eyes.


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
reply to Link Logger
Prism only takes affect once the information hits the wire. If you're downloading a ton of data internally Prism doesn't know about it. Prism is really for once the horse has left the barn to burn the person who opened the door. Watching everything that is going on in the data world in real time is currently not possible. However, that data can be stored and examined at a later date to build a case. Additionally buzz words could trigger flags to bring real time observance to a data stream.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
reply to Ian
said by Ian:

I simply don't think that is true. What people tend to forget with encryption and decryption is that advances in computer speed favour the person encrypting, not the person decrypting.

Unless you're decrypting stored data. Using Moore's law as a base you could say if it takes 10 years today it will take 5 years in just two years of computer advancements. In four years it will take 2.5 years. In eight, 1.25 years, in ten years .625 years and so on. Encryption buys you time, nothing more.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein