• Feds Beg NY Times, Pro Publica Not To Reveal That They've Inserted Backdoors Into Internet Encryptio
    41 replies, posted
Just found a new Guardian article on all of this from today, too. "One big problem the NSA and US government generally have had since our reporting began is that their defenses offered in response to each individual story are quickly proven to be false by the next story, which just further undermines their credibility around the world." [url]http://www.theguardian.com/commentisfree/2013/sep/07/nsa-encryption-us-uk-press-freedoms[/url] Nice to see this is really blowing up, considering the leaks just get worse and worse.
- snip, do not want to derail -
I hope the times says "Fuck you" and releases it. They have every right to, and we have every right to know the NSA is trying to buttfuck us.
[QUOTE=Ekalektik_1;42114676]the NSA is trying to buttfuck us.[/QUOTE] Kind of sad that people know so little about what the NSA does that they actually believe this.
[QUOTE=Ekalektik_1;42114676]I hope the times says "Fuck you" and releases it. They have every right to, and we have every right to know the NSA is trying to buttfuck us.[/QUOTE] They already have, it's the 2nd article in the OP and the other thread on here that was posted when the news initially broke. Both the US and especially the UK have been amazingly pushy in trying to quiet these stories, but of course silencing the internet is an impossible task so they're left with trying to cover up everything after each leak, only for their cover to be exposed as a bunch of bullshit with the next leak. It would be entertaining if it wasn't scarier than any modern terrorist attack, that the entire system of trust the internet is built on has been compromised for decades and nobody had a clue.
[QUOTE=Cone;42110738]"regime?" seriously? the Syrian government is a regime. Nazi Germany was a regime. what you have right now is an overly apathetic and uncaring voting base in a democratic republic, not authoritarian rule and martial law. you're cheapening the term to justify your own paranoid and egocentric delusions about the people righteously seizing back power or some shit, when in reality actually starting a movement to forcefully take control of the US government would never get beyond the size of a small terrorist cell. that shit just is not going to work, and you're either dumb or insane if you think it would.[/QUOTE] The government has been disregarding the wishes and needs of the people in order to push forward its own agenda and strengthening its own power and influence at the expense of everyone else using 'national security' an excuse. That is the behavior of a rogue government, not a functioning democracy. They may not be publically executing enemies of the state in the streets right now, but you are naive if you think the government will stop at all-seeing surveillance. If left unchecked the abuse of power will only escalate, and before you know it people are being imprisoned for expressing dissent. Governments have been labelled 'regimes' for far less, so I see no reason why I shouldn't call the US government the same. You are correct about apathy being one of the reasons they have managed to become this entrenched and powerful though. People don't want to raise a stink because they don't care, or don't want to compromise their 'comfy' lifestyle. You're also right about an armed revolt not being feasible in this day and age, the second amendment is basically worthless outside of the right to own firearms, as the second amendment was written at a time when the difference in firepower between the citizenry and the government was very small, but now that difference might as well be a bottomless chasm now. There is no detente anymore, as the founding fathers intended. You can't point to the second amendment and say, 'Hey Feds, see this? If you fuck up and become tyrannic assholes, we're going to grab our muskets and march right up there to water the tree of Liberty' because the government has the fruits of the military-industrial complex's labors at their disposal, and you do not.
[QUOTE=Pepsi-cola;42109083]So what encryption is safest at the moment?[/QUOTE] Whatever the US government uses, I'd try to avoid hardware blackboxes though (Like the hardware RNG in newer Intel processors, that relies on AES with a secret key "only Intel knows", so assume the NSA have a copy) I'd also rely on open source stuff like OpenSSL over OS provided libraries (For encryption to work properly you need to trust the components work properly, do you trust the Windows crypto API to be 100% secure in light of what the NSA is doing?), they might even have leaned on popular Linux distros, just because you get the source code, doesn't mean the compiled library is based off that code. But then it also comes down to exactly what you're encrypting, you want your bank site to have strong encryption, vs. a random site using TLS to get through a corporate proxy, etc.
[QUOTE=TheDecryptor;42117147]Whatever the US government uses, I'd try to avoid hardware blackboxes though (Like the hardware RNG in newer Intel processors, that relies on AES with a secret key "only Intel knows", so assume the NSA have a copy) I'd also rely on open source stuff like OpenSSL over OS provided libraries (For encryption to work properly you need to trust the components work properly, do you trust the Windows crypto API to be 100% secure in light of what the NSA is doing?), they might even have leaned on popular Linux distros, just because you get the source code, doesn't mean the compiled library is based off that code. But then it also comes down to exactly what you're encrypting, you want your bank site to have strong encryption, vs. a random site using TLS to get through a corporate proxy, etc.[/QUOTE] This story that the government is unhappy about seems to imply that the feds have already backdoored SSL. I'd guess the most trustworthy encryption methods right now would be ones right out of researcher labs that the gov wouldn't have been able to have insiders tamper with, being less mainstream/adopted, but considering we have no idea how far their reach really goes, you can't really be sure.
[QUOTE=Kuro.;42116702]The government has been disregarding the wishes and needs of the people in order to push forward its own agenda and strengthening its own power and influence at the expense of everyone else using 'national security' an excuse. That is the behavior of a rogue government, not a functioning democracy. They may not be publically executing enemies of the state in the streets right now, but you are naive if you think the government will stop at all-seeing surveillance. If left unchecked the abuse of power will only escalate, and before you know it people are being imprisoned for expressing dissent. Governments have been labelled 'regimes' for far less, so I see no reason why I shouldn't call the US government the same. You are correct about apathy being one of the reasons they have managed to become this entrenched and powerful though. People don't want to raise a stink because they don't care, or don't want to compromise their 'comfy' lifestyle. You're also right about an armed revolt not being feasible in this day and age, the second amendment is basically worthless outside of the right to own firearms, as the second amendment was written at a time when the difference in firepower between the citizenry and the government was very small, but now that difference might as well be a bottomless chasm now. There is no detente anymore, as the founding fathers intended. You can't point to the second amendment and say, 'Hey Feds, see this? If you fuck up and become tyrannic assholes, we're going to grab our muskets and march right up there to water the tree of Liberty' because the government has the fruits of the military-industrial complex's labors at their disposal, and you do not.[/QUOTE] Speaking of comfy lifestyles, you sure seem to [I]talk [/I]about violently overthrowing the government a lot.
[QUOTE=Pepsi-cola;42109083]So what encryption is safest at the moment?[/QUOTE] non mathematical with an arbitrary key.
[QUOTE=mblunk;42117373]This story that the government is unhappy about seems to imply that the feds have already backdoored SSL. I'd guess the most trustworthy encryption methods right now would be ones right out of researcher labs that the gov wouldn't have been able to have insiders tamper with, being less mainstream/adopted, but considering we have no idea how far their reach really goes, you can't really be sure.[/QUOTE] I doubt they've got a backdoor into TLS (TLS is old, the "breakthrough" was in 2010, if anything they've just found a flaw in one of the encryption methods used), the fact that they have a key repository suggests they haven't broken TLS at all though, just got companies to comply. There's 2 main encryption methods used in TLS currently, RC4 and AES. In TLS 1.0 AES is broken (implementation detail), which is fixed in TLS 1.1. But because barely anybody does TLS 1.1, sites are using RC4 (Which is broken, we know that for a fact), so there's a renewed push for TLS 1.1/1.2. Remember that the US government uses AES to encrypt their secret data, so it's highly doubtful AES has been broken (NSA aren't going to weaken the encryption their own government uses, that just helps the "enemy") The encryption methods are only half the problem though, what also matters is the key exchange method used (You can have the best encryption in the world, if the key leaks out when it's absolutely worthless), one really useful property some methods have is what's called "perfect forward security" (Google run this as an example), using these methods mean that even if the private key is revealed (either by the NSA or a hacker), you can't decrypt previous recorded sessions, since each session has a unique key based on the private key in use on the site. Of course, if the NSA hands a company a letter stating it has to hand over the private key used and put a tap on all decrypted data hitting their servers, then the encryption used stops mattering, the service itself has been compromised and is now inherently insecure. Edit: In summary, It's not the encryption which is broken, it's the implementation.
Sorry, you need to Log In to post a reply to this thread.