[IMG]http://www.extremetech.com/wp-content/uploads/2013/09/gchq-aerial-shot-640x428.jpg[/IMG]
[QUOTE]This is the big one: New documents released by Edward Snowden show that the NSA and its British equivalent, GCHQ (pictured above), have cracked VPNs, SSL, and TLS — the encryption technologies that keep your data secure on the internet. The NSA program, dubbed Bullrun, took 10 years to crack the web’s encryption technologies, before finally reaching a breakthrough in 2010 that made “vast amounts” of previously unreadable data accessible. Perhaps more worryingly, the NSA has an ongoing program to place backdoors in commercial products (websites, routers, encryption programs, etc.) to enable easy snooping on encrypted communications. The documents, which contain some choice phrases such as, “work has predominantly been focused this quarter on Google due to new access opportunities being developed,” almost completely undermines the very basis of the internet, obliterating the concept of trust online.[/QUOTE]
Source: [url]http://www.extremetech.com/computing/165849-nsa-and-gchq-have-broken-internet-encryption-created-backdoors-that-anyone-could-use[/url]
Cyberpunk not so fictional after all.
Kind of looks like goatse.
We should throw them all in jail for violating the CFAA. I'm pretty sure you would get a life sentence for going around stealing encryption keys to illegally access people's communications.
[QUOTE=Used Car Salesman;42097268]We should throw them all in jail for violating the CFAA. I'm pretty sure you would get a life sentence [b]for going around stealing encryption keys[/b] to illegally access people's communications.[/QUOTE]
Maybe I'm missing something but where does this article imply that the bolded part happened? Cracking encryption algorithmically, which I'd wager they have the processing capability to do, isn't illegal.
[QUOTE=Used Car Salesman;42097268]We should throw them all in jail for violating the CFAA. I'm pretty sure you would get a life sentence for going around stealing encryption keys to [b]illegally[/b] access people's communications.[/QUOTE]
No, no, it's all legal because the government said it was okay.
:downs:
Not really suprising, NSA is decades ahead in terms on cryptanalysis.
They discovered a technique called differential cryptanalysis (which broke most algorithms used then) in the 1970s, of which papers were only published in the late 80s. It wouldn't surprise me if the same kind of situation has happened here.
this means we need to create a new security standard which will be even harder to crack.
Looks like an Iron Man chest piece
If those cracks got out Internet security would fall apart from the core.
meh, those cracks probably involve dozens of super computers running non-stop for days at a time
that or a lot of numbers guys writing on walls with sharpe markers for days at a time.
[QUOTE=Fangz;42097501]If those cracks got out Internet security would fall apart from the core.[/QUOTE]
Nah, we'd back in the 90's.
[QUOTE=Fangz;42097501]If those cracks got out Internet security would fall apart from the core.[/QUOTE]
If this is true it already has fallen apart. Security is broken, it's not like government agencies will be much less evil with it than some random hackers.
Never thought I'd see the end of personal privacy within my own lifetime.
[QUOTE=Swilly;42097751]Nah, we'd back in the 90's.[/QUOTE]
Early 90s, which means no Internet shopping, online banking and all previous databases would be open pickings.
[editline]6th September 2013[/editline]
[QUOTE=sambooo;42097757]If this is true it already has fallen apart. Security is broken, it's not like government agencies will be much less evil with it than some random hackers.[/QUOTE]
My concern is that a disgruntled employee might leak the cracks.
[QUOTE=Fangz;42098380]My concern is that a disgruntled employee might leak the cracks.[/QUOTE]
My concern is that I can't hide anything from governments through ways that I thought were secure anymore
There isn't a "crack" that can be released probably, it's an inconsistency in the algorithm which only an infrastructure funded by billions of dollars can exploit.
Even if the inconsistency gets published, it can still take ages for someone to actually make use of it, let alone make it able to run on a laptop.
[QUOTE=Sableye;42097736]meh, those cracks probably involve dozens of super computers running non-stop for days at a time[/QUOTE]
You might think that supercomputers can crack modern encryption within days anyway.
Without any vulnerabilities in the encryption scheme (encryption algorithm, pseudorandom number generator, the input used for said pseudorandom number generator) - whether intentionally inserted by the NSA or discovered by cryptologists - they can't.
[quote=http://en.wikipedia.org/wiki/Brute_force_attack]AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. 50 supercomputers that could check a billion billion (10^18) AES keys per second (if such a device could ever be made) would, in theory, require about 3×10^51 years to exhaust the 256-bit key space.[/quote]
[QUOTE=ZakkShock;42097263]Kind of looks like goatse.[/QUOTE]
[I]You[/I] kind of look like goatse. :v:
This stuff just depresses me to no end. And a lot of people I know just don't give a shit. My father and mother were both in the military, so they say they are completely fine with being spied on "because they've probably been doing it for a long time to us as veterans."
[QUOTE=Egonny;42098562]There isn't a "crack" that can be released probably, it's an inconsistency in the algorithm which only an infrastructure funded by billions of dollars can exploit.
Even if the inconsistency gets published, it can still take ages for someone to actually make use of it, let alone make it able to run on a laptop.[/QUOTE]
In other words there IS a will and there IS a way. So someone's going to take advantage of it somewhere else besides these 2 agencies.
[QUOTE=BrickMan300;42101130]somewhere else besides these 2 agencies.[/QUOTE]
I'm sure there's more than just the 2.
[QUOTE=ZakkShock;42097263]Kind of looks like goatse.[/QUOTE]
Three-tentacled alien goatse
nsa kill yourself
I think we have a clear picture of what is going on, and what will continue to go on.
The Authorities are working with corporations, such as Microsoft and Google, to get direct access to their products and services. This would include everything from backdoors to those corporations handing over user data. This would explain why a corporation like Microsoft has been allowed to maintain a monopoly all these years, it makes surveillance much simpler if most people are using a compromised operating system.
The Authorities also are working with hardware manufacturers, such as those making routers. This would include everything from placing secret bits of hardware on the devices to providing schematic/source code...you name it. This is why certain corporations are totally dominant in key hardware manufacturing, it makes surveillance simpler when everyone is using compromised hardware.
Finally, we have crypto. I'd bet this is all disinformation, the idea that the NSA has just cracked this in the recent past. I bet the web security that everyone has been using all this time, SSL and all that, was created under the NSA's watchful eyes in the first place. I think that in the future, when the REAL story finally comes out, people will be shocked to learn that the entire internet was being watched from the day it started. The only thing holding them back was how much computer power they could throw at the problem of spying on everyone, and if history shows us anything it's that the intelligence agencies always have had hardware decades ahead of what the rest of the world has.
How old is the stealth bomber(B2)? Who else has ANYTHING like it, even after all these years?
[QUOTE=cecilbdemodded;42101572]Authorities corporations Microsoft Google backdoors user data monopoly surveillance compromised Authorities hardware manufacturers secret bits of hardware surveillance compromised crypto disinformation NSA cracked watchful REAL story watched spying intelligence agencies[/QUOTE]
so the government is so incredibly capable at covering up a massive conspiracy involving literally everyone involved in the development of the internet, half of whom are in China
yet you haven't been assassinated/abducted/beamed up to the Illuminati mothership for stumbling onto The Truth
sure
(also they couldn't even cover up a blowjob re: clinton but whatever)
there is no way in heaven that they are cracking AES256 or SSL. unless there's been some gigantic advent in quantum computing flash foward decades. they either had an exception or they managed to get ssl master keys
[editline]6th September 2013[/editline]
which only makes matters worse!
The catch is it took them 10 years to do it. It's pretty easy to roll your own encryption though. I like to combine secure sockets with my own encryption algo based off of aes when I do things like LOVE THE GOVERNMENT and LOVE THE GOVERNMENT. I'm pretty NOT DISAPPOINTED at the NSA doing all these things, I mean come on.
[QUOTE=cecilbdemodded;42101572]Finally, we have crypto. I'd bet this is all disinformation, the idea that the NSA has just cracked this in the recent past. [b]I bet the web security that everyone has been using all this time, SSL and all that, was created under the NSA's watchful eyes in the first place.[/b] I think that in the future, when the REAL story finally comes out, people will be shocked to learn that the entire internet was being watched from the day it started. The only thing holding them back was how much computer power they could throw at the problem of spying on everyone, and if history shows us anything it's that the intelligence agencies always have had hardware decades ahead of what the rest of the world has.[/QUOTE]
NSA has helped create a lot of the crypto algorithm standards (DES, AES, ...), so you're right. They're also not afraid to put backdoors in those algorithms though.
[QUOTE=FlubberNugget;42102033]there is no way in heaven that they are cracking AES256 or SSL. unless there's been some gigantic advent in quantum computing flash foward decades. they either had an exception or they managed to get ssl master keys
[editline]6th September 2013[/editline]
which only makes matters worse![/QUOTE]
There's already been found potential weaknesses in SSL/TLS, so it's possible that they have found a way to exploit it (without needing quantum computing, although NSA does have VERY powerful supercomputers at hand).
no amount of current supercomputing power the NSA has could crack SSL in any reasonable frame of time
[editline]6th September 2013[/editline]
they either found an exploit, were literally handed one or were involved in the creation at had a backdoor at some point
Sorry, you need to Log In to post a reply to this thread.
