Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Encryption isn't secure anymore?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Encryption isn't secure anymore?

«1

Comments

  • Yes.

    Better not worry about it. It will only give you high blood pressure and you can't do anything about it anyway.

  • Use of most open standards encryption protocols are hard to crack, so it costs them time and money. I guess that's our money really, so make your own mind up about that.

    If you read the docs published, they have backdoors into commercial encryption, limited access to weaker open standards encryption, and probably very if any access to PGP.

  • MaouniqueMaounique Host Rep, Veteran

    The question is which encryption, whom you need to defend against and how important are you for them.
    To make absolutely sure, that is no way, you can make it nearly impossible, but never 100% sure. I would say 1 chance in 1 billion of billions to crack it this year is close to impossible.
    Usually encryption is broken because the target leaves avenues of attack. For example using the same password to some email provider or bank account, whatever, I agree it is hard to keep track of those passwords, some people may use all over the same passwords or simple enough and short enough ones to be cracked by a powerful adversary with a lot of money to spend in order to counteract the effects of the constitutions.
    It may also be that they discard computers without securely erasing the hard drives, they may write the password on a paper near the computer, they may be visiting spyware infested sites or get trojans that record keystrokes, someone may plant a trojan like that in purpose, you may access your private computer remotely, say, with logmein, hamachi, teamviewer, gotomypc or other commercial services, things like those.

    Want almost unbreakable encryption ? Make sure nobody will see the password, that it is complex and long enough, dont reuse it, dont insert it in computers which are not 100% clean, try not to use the keyboard when you do, might wish to keep a virtual machine with all traffic routed over Tor for private browsing and mail, you can take one on a stick today, it will run reasonably fast with a portable virtualbox, for example and an encrypted key.
    It is inconvenient ? You bet and your life does not depend on it yet, but it will come a time you will regret you didnt hide yourself better in the big mass of anonymous ants working to provide for them more money to spy on you and break the laws and constitution.

    Thanked by 1taronyu
  • Encryption is secure and does work. What's been broken from quite a long time is the Chain of Trust. (google for information security chain of trust)

    It's the SSL certificates chain of trust what's been subverted for the sake of National Security, among other things.
    The big vulnerability in the public key encryption lies in the private key, and the NSA have been trying (with a high rate of success) to obtain the private key for every major communications, and by different methods, ie. the provider voluntarily handed it over, or were forced by court order, or in some extreme cases the nsa broke into the provider computers to obtain the private key. (The nsa and defense contractors are the major bidders for zero-day vulnerabilities in the black market, it's now becoming public information)

    As far as I remember, for almost 10 years some hardware vendors have been selling to some governments appliances that installed in major IXP internet exchanges were able to decrypt SSL traffic on the fly, acting as man-in-the-middle and using an intermediate certificate issued by a trusted CA, which in turn were forced to issue the certificate by secret court orders.

    Many people have known this for long time, but if you have a security clearance you're not allowed to talk about it. Besides, the initial intentions and purpose for all of it was to pound on and track the people that posed a real threat to the gov't, terrorism, money laundering, arms and drug dealing, pedo, etc, so it was accepted as a 'lesser evil'. The problem is when the capabilities deployed grew disproportionally and got out of hand, and started to be used to spy on other allied countries, for industrial espionage, and in the end to obtain an economic & political advantage over the rest of the world, maintaining an obsolete hegemony.

    For the Joe Average of all of us, don't worry, they are not after your petty data and communications, unless you plan on committing a crime where you might become a target for law enforcement. In that case, you're a fool that deserve to get caught and put behind bars.

    For those worrying about their privacy, their data being pried by others, find a trusting provider, build a trusting relationship with the company providing you hosting services in a country that by LAW respects the privacy of their citizens. And like the guy who closed lavabit a few weeks ago, I quote him: 'don't trust your data to a company with physical ties to USA'. But I can assure you that every major country is doing the same, or have plans in place to do it.

  • @jhadley said:
    Use of most open standards encryption protocols are hard to crack, so it costs them time and money. I guess that's our money really, so make your own mind up about that.

    If you read the docs published, they have backdoors into commercial encryption, limited access to weaker open standards encryption, and probably very if any access to PGP.

    They kinda made the open standards too. So they've got backdoors in em too. One example:

    https://www.schneier.com/essay-198.html

  • MaouniqueMaounique Host Rep, Veteran

    Encryption does work, in short, otherwise there would be no attempts to outlaw it.

    Thanked by 1netomx
  • @john_k said:
    But I can assure you that every major country is doing the same, or have plans in place to do it.

    It amazes me how naive people are. Everyone is shocked about the latest revelations with the NSA . . . but guess what, I guarantee just about every country in the world is doing something similar, the US is just the only one to get caught so far.

  • MaouniqueMaounique Host Rep, Veteran
    edited September 2013

    Actually, it is not so.
    While romanian secret services are in power here too, they do not control gmail or yahoo, nor major datacenters and exchanges. Probably would do the same as in many other countries if they could, but there are countries that would not do this and will not do even when the whole world will do it and encryption will be illegal.
    You will see that the current great firewalls that try to shield citizens in a country or another from the truth and democracy will be reversed, the whole world will try to defend against truth and democracy whereas only some countries will still have democracy. Of course, trying to do that will be futile, people will continue to exchange information ever more outside government control, more tricks will be used, the cyber-resistance will be the last area where the "untermenchen" that pay the corporations, churches and governments will have a real chance to strike back. The guns that gun lovers are clinging to will not be able to do anything, the word, hence the information is and was more powerful than the sword, guns and rockets. That is where the real war will be fought, and we should be ready, more open source, more geeks, more encryption, more protocols, more crowdsourcing, more meshes and p2p.

  • MicrolinuxMicrolinux Member
    edited September 2013

    I did not say every single government in the world was doing exactly what the US and UK governments are doing, but you're living in a fantasy world if you think the events as of late are isolated. There are probably unicorns and leprechauns leaping around there as well.

  • spekkspekk Member
    edited September 2013

    well, anything can be decrypted given enough time, and resources, but i doubt the NSA is going to bother decrypting some hacker/pedo/anonymous/etc hard disk drive, when they can try to decrypt other messages containing financial information, if you handle a lot of money, then yes you should worry about the NSA. they will make an exception for Snowden tho, but that's not your ordinary online threat. when conducting an investigation, law enforcement uses resources respectively money, and they need that money back.

  • MaouniqueMaounique Host Rep, Veteran

    Yes, all governments seem to agree they have to fight the information. They think that united will have a chance, but it is not so. I am pessimistic in nature, yet I am certain the corporations, cults and governments will not be able to stop the flow.
    No patent, no copyright, no fight against "child porn", "terrorism", will ever be won online, there wont be even small victories, the most they can hope to get is to hang a few ppl here and there, probably half even innocent.
    China is doing it, Iran is doing it, many others tried, did anyone succeed ? Even shutting down the whole network did not stop ppl from accessing the news and contributing to them.
    So, spying will continue and intensify, but if people learn to protect and make no mistakes, it will be hard to hang us all. Who would work for them then ?

  • Secure or not, i still prefer encryption over no-encryption.

  • Encryption still works. The article is misleading because they focus on encryption FUD while lumping in facts about other security workarounds to muddle the truth. The best way to 'break' encryption is to go around it by accessing the decrypted channel or getting the key. You can unlock a great deal of data by just capturing the encrypted form and getting the key later (with a warrant or without). That's Prism's primary job.

    The encryption is fine. If you're paranoid, what you should really worry about is who's on the other end, and how trustworthy they are. The answer is, they aren't.

  • Maths behind encryption is still bulletproof.
    Anyway this news has just killed any existing closed source software.

  • until the actual documents are posted this is all just journalist hype.

  • @Giulio said:
    Maths behind encryption is still bulletproof.
    Anyway this news has just killed any existing closed source software.

    and what maths is that, eh? It hasn't been shown that factoring semiprimes is necessarily a hard problem for example. We just believe it is.

    Thanked by 1Steve81
  • I crapped my pants when I began reading this, because I thought it was going to suggest that the NSA had developed a quantum computer.

  • I think they haven't cracked it, rather they have all SSL private keys and put backdoors left and right...

  • ihatetonyyihatetonyy Member
    edited September 2013

    @upsetcvps said:
    until the actual documents are posted this is all just journalist hype.

     
     
    http://www.theguardian.com/world/interactive/2013/sep/05/sigint-nsa-collaborates-technology-companies

    http://www.theguardian.com/world/interactive/2013/sep/05/nsa-classification-guide-cryptanalysis

    http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide

    (U) Base resources in this project are used to:
    - TO USA, FVEY) Insert vulnerabilities into commercial systems, IT systems,
    networks, and endpoint communications devices used by targets.
    
    - TO USA, FVEY) Collect target network data and metadata via cooperative network carriers
    and/or increased control over core networks.
    
    - TO USA, FVEY) Leverage commercial capabilities to remotely deliver or receive information
    to and from target endpoints.
    
    - TO USA, FVEY) Exploit foreign trusted computing platforms and technologies.
    
    - TO USA, FVEY) Influence policies, standards and specification for commercial public key
    technologies.
    
    - TO USA, FVEY) Make specific and aggressive investments to facilitate the development of
    a robust exploitation capability against Next--Generation Wireless (NGW) communications.
    

    http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us

    (U) The CCP expects this Project to accomplish the following in FY 2013:
    
    Reach an initial operating capability for SIGINT access to data flowing through a commercial
    anonymous intemet service. 
    
    TO USA, FVEY) Reach full operating capability for SIGINT access to data flowing through
    a hub for a major commercial communications provider and assess its long term benefits.
    
    TO USA, FVEY) Reach full operating capability for SIGINT access to a major Internet Peer-
    to--Peer voice and text communications system.
    
    TO USA, FVEY) Complete enabling for [redacted] encryption chips used in Virtual Private Network and Web encryption devices.
    
    TO USA, FVEY) Make gains in enabling and Computer Network Exploitation
    (CNE) access to fourth generation/Long Term Evolution networks via enabling. 
    
    TO USA, FVEY) Assess existing wireless calling metadata accesses and balance flow of this
    data into with the ability to ingest and utilize this information. 
    
    TO USA, FVEY) Assess existing commercial cyber information flows and balance the flow
    of this data into NSA/CSS with the ability to ingest and analyze this information to support cyber situational awareness. 
    
    TO USA, FVEY) Shape the worldwide commercial marketplace to make it more tractable to
    advanced capabilities being developed by NSA/CSS.
    


    1. The ability to exploit targets’ encrypted communications is extremely fragile and is often enabled through sensitive ECI programmes. The need to take additional measures to protect that capability has long been recognised. Currently, virtually all decryption is carried out by PTD (ARTHUR) processing with decrypts going to the IIB in the NOCON CoI; some decrypts are placed in the ENDUE CoI due to the sensitivity or fragility of the exploitation capability. In recent years there has been an aggressive effort, lead by NSA, to make major improvements in defeating network security and privacy involving multiple sources and methods, all of which are extremely sensitive and fragile. These include: Computer Network Exploitation (CNE); collaboration with other Intelligence Agencies; investment in high-performance computers; and development of advanced mathematical techniques. Several ECI compartments may apply to the specific sources, methods, and techniques involved. ... It is imperative to protect the fact that GCHQ, NSA and their Sigint partners have capabilities against specific network security technologies as well as the number and scope of successes. These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple “fact of” could alert the adversary and result in immediate loss of the capability. Consequently, any admission of “fact of” a capability to defeat encryption used in specific network communication technologies or disclosure of details relating to that capability must be protected by the BULLRUN COI and restricted to those specifically indoctrinated for BULLRUN. The various types of security covered by BULLRUN include, but are not limited to, TLS/SSL, https (e.g. webmail), SSH, encrypted chat, VPNs and encrypted VOIP. The specific instances of these technologies that can be exploited will be published in a separate Annexe (available to BULLRUN indoctrinated staff). ... At SECRET STRAP1 COMINT AUSCANZUKUS EYES :
    The fact that GCHQ has unspecified capabilities against network security technologies eg TLS/SSL, HTTPS, SSH, VPNs, IPSec. NB capability does not necessarily equate to decryption capability.
    At TOP SECRET STRAP1 COMINT AUSCANZUKUS EYES :
    The fact that GCHQ or its 2nd Party partners has some capability against the encryption used in a class or type of network communications technology. For example, VPNs, IPSec, TSL/SSL, HTTPS, SSH, encrypted chat, encrypted VoIP.
    At TOP SECRET STRAP2 COMINT BULLRUN AUSCANZUKUS EYES :
    The fact that GCHQ or a 2nd Party partner has a capability against a specific encrypted network security technology – see Annexe for details. (At a minimum, specific capabilities may be protected by additional ECIs and restriction on “Eyes”.)
    The fact that GCHQ or its partners exploits specific encrypted network communications – see Annexe for details. (At a minimum, specific capabilities may be protected by additional ECIs and restriction on “Eyes”.)
    Decrypts (plaintext or derived events / metadata) obtained from BULLRUN capabilities. (At a minimum, specific capabilities may be protected by additional restriction on “Eyes” and, in a few cases, additional ECIs.)
  • smansman Member
    edited September 2013

    Oh boy. This should keep the security porn addicts and tinfoil hat crowd occupied. If you are not doing anything highly illegal then I don't see why you should be concerned. They don't read anything they don't suspect of being big time bad guy stuff.

    If you are doing something highly illegal then I hope you believe all the hyperbole about it which causes a lot of sleepless nights and makes you consider a change of occupation.

  • MaouniqueMaounique Host Rep, Veteran
    edited September 2013

    @sman said:
    Oh boy. This should keep the security porn addicts and tinfoil hat crowd occupied. If you are not doing anything highly illegal then I don't see why you should be concerned. They don't read anything they don't suspect of being big time bad guy stuff.

    If you are doing something highly illegal then I hope believe all the hyperbole about it which causes a lot of sleepless nights and makes you consider a change of occupation.

    So, in your opinion, spying is OK because they probably do not target everyone yet. But they do target the people that matter.
    The petraeus case should have raised a few alarms, surveillance killed one of the good guys, what makes you think the same is not used against "uncooperative" legislators and judges ? Why do you think so much unpopular legislation to give more powers to the spying agencies against the constitution, the judges and the people passes or, if defeated, comes up again under a new name a few months later ? That does not look suspicious to you ? Which legislator will vote against the will of his electors if he would not be sure he will be re-elected by the power of those who helps consolidating the power or is blackmailed with leaking to the press something personal ?
    Here it happens every day and the public seems to accept all politicians are corrupt and only the secret services and their dependent DA can hang them all and clean up the country. US is following the same steps it seems.
    Hitler managed to make politics look like a dishonest business where ppl go only to compromise the country at own benefits, now the secret services and cults are doing the same.

  • @Maounique said:
    Hitler managed to make politics look like a dishonest business where ppl go only to compromise the country at own benefits, now the secret services and cults are doing the same.

    That's a nice shiny tin foil hat you have there.

    Thanked by 1Steve81
  • @sman said:
    If you are not doing anything highly illegal then I don't see why you should be concerned. They don't read anything they don't suspect of being big time bad guy stuff.

    Because, as we all know, the Fourth Amendment reads as such:

    "If you've done nothing wrong, you've got nothing to fear, and when we want to use them, Warrants can be issued when we feel like it, but it's not that big of a deal if we don't use them to go through your Gmail, and probable cause is a nice thing but if you're three degrees of separation from someone sounding September 11th-y then that's your problem, and we can pretty much go after whatever communications we want, so deal."

  • smansman Member
    edited September 2013

    @ihatetonyy said:
    "If you've done nothing wrong, you've got nothing to fear, and when we want to use them, Warrants can be issued when we feel like it, but it's not that big of a deal if we don't use them to go through your Gmail, and probable cause is a nice thing but if you're three degrees of separation from someone sounding September 11th-y then that's your problem, and we can pretty much go after whatever communications we want, so deal."
    @ihatetonyy said:
    "If you've done nothing wrong, you've got nothing to fear, and when we want to use them, Warrants can be issued when we feel like it, but it's not that big of a deal if we don't use them to go through your Gmail, and probable cause is a nice thing but if you're three degrees of separation from someone sounding September 11th-y then that's your problem, and we can pretty much go after whatever communications we want, so deal."

    The black helicopters are coming to get you and your tin foil hat can no longer protect you. Better order another bushmaster and another thousand rounds to add to your collection. I also recommend you go to Costco and get another 20lbs of beef jerky and pork rinds for the survival shelter.

    Thanked by 1Steve81
  • spekkspekk Member
    edited September 2013

    haha, again with the tinfoin hats, now that is funny, after all the evidence presented by Snowden, it just shows the level of indoctrination that some people were subjected to, just the other day a guy was defending the wars in Iraq and Afghanistan, and said that the US should go to Syria and stop the dictator from using chemical weapons

    Thanked by 1ihatetonyy
  • ihatetonyyihatetonyy Member
    edited September 2013

    @sman said:
    The black helicopters are coming to get you and your tin foil hat can no longer protect you. Better order another bushmaster and another thousand rounds to add to your collection. I also recommend you go to Costco and get another 20lbs of beef jerky and pork rinds for the survival shelter.

    Will do -- wanna kick over some of that fat check from the NSA so I can?

    Not all of us can be gubbermint shills, after all.

  • MaouniqueMaounique Host Rep, Veteran

    @sman said:
    The black helicopters are coming to get you and your tin foil hat can no longer protect you. Better order another bushmaster and another thousand rounds to add to your collection.

    And who will be here to defend you when the helicopters will come after you ?

  • smansman Member
    edited September 2013

    @ihatetonyy said:
    Not all of us can be gubbermint shills, after all.
    @ihatetonyy said:
    Not all of us can be gubbermint shills, after all.

    Damn, guess you will have to be dealt with now. You know too much. The black helicopters have been dispatched and will be arriving shortly to take you to an undisclosed location. Better wipe all that hentai porn off your encrypted HD. We can decrypt all that as you know and have a special hentai porn division just for people like you.

    Thanked by 1Steve81
  • ihatetonyyihatetonyy Member
    edited September 2013

    @sman said:
    Damn, guess you will have to be dealt with now. You know too much. The black helicopters have been dispatched and will be arriving shortly. Better wipe all that hentai porn off your encrypted HD. We can decrypt all that as you know and have a special hentai porn division just for people like you.

    image

  • Troll-baiting aside, a good editorial from ProPublica:

    ProPublica said:

    There are those who, in good faith, believe that we should leave the balance between civil liberty and security entirely to our elected leaders, and to those they place in positions of executive responsibility. Again, we do not agree. The American system, as we understand it, is premised on the idea -- championed by such men as Thomas Jefferson and James Madison -- that government run amok poses the greatest potential threat to the people’s liberty, and that an informed citizenry is the necessary check on this threat. The sort of work ProPublica does -- watchdog journalism -- is a key element in helping the public play this role.

    American history is replete with examples of the dangers of unchecked power operating in secret. Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again. We need a system that can withstand such challenges. That system requires public knowledge of the power the government possesses. Today’s story is a step in that direction.

Sign In or Register to comment.