New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Encryption isn't secure anymore?
Hi,
I just read that:
http://www.engadget.com/2013/09/05/american-and-british-spy-agencies-can-thwart-encryption/
What is your opinion?
Comments
Yes.
Better not worry about it. It will only give you high blood pressure and you can't do anything about it anyway.
Use of most open standards encryption protocols are hard to crack, so it costs them time and money. I guess that's our money really, so make your own mind up about that.
If you read the docs published, they have backdoors into commercial encryption, limited access to weaker open standards encryption, and probably very if any access to PGP.
The question is which encryption, whom you need to defend against and how important are you for them.
To make absolutely sure, that is no way, you can make it nearly impossible, but never 100% sure. I would say 1 chance in 1 billion of billions to crack it this year is close to impossible.
Usually encryption is broken because the target leaves avenues of attack. For example using the same password to some email provider or bank account, whatever, I agree it is hard to keep track of those passwords, some people may use all over the same passwords or simple enough and short enough ones to be cracked by a powerful adversary with a lot of money to spend in order to counteract the effects of the constitutions.
It may also be that they discard computers without securely erasing the hard drives, they may write the password on a paper near the computer, they may be visiting spyware infested sites or get trojans that record keystrokes, someone may plant a trojan like that in purpose, you may access your private computer remotely, say, with logmein, hamachi, teamviewer, gotomypc or other commercial services, things like those.
Want almost unbreakable encryption ? Make sure nobody will see the password, that it is complex and long enough, dont reuse it, dont insert it in computers which are not 100% clean, try not to use the keyboard when you do, might wish to keep a virtual machine with all traffic routed over Tor for private browsing and mail, you can take one on a stick today, it will run reasonably fast with a portable virtualbox, for example and an encrypted key.
It is inconvenient ? You bet and your life does not depend on it yet, but it will come a time you will regret you didnt hide yourself better in the big mass of anonymous ants working to provide for them more money to spy on you and break the laws and constitution.
Encryption is secure and does work. What's been broken from quite a long time is the Chain of Trust. (google for information security chain of trust)
It's the SSL certificates chain of trust what's been subverted for the sake of National Security, among other things.
The big vulnerability in the public key encryption lies in the private key, and the NSA have been trying (with a high rate of success) to obtain the private key for every major communications, and by different methods, ie. the provider voluntarily handed it over, or were forced by court order, or in some extreme cases the nsa broke into the provider computers to obtain the private key. (The nsa and defense contractors are the major bidders for zero-day vulnerabilities in the black market, it's now becoming public information)
As far as I remember, for almost 10 years some hardware vendors have been selling to some governments appliances that installed in major IXP internet exchanges were able to decrypt SSL traffic on the fly, acting as man-in-the-middle and using an intermediate certificate issued by a trusted CA, which in turn were forced to issue the certificate by secret court orders.
Many people have known this for long time, but if you have a security clearance you're not allowed to talk about it. Besides, the initial intentions and purpose for all of it was to pound on and track the people that posed a real threat to the gov't, terrorism, money laundering, arms and drug dealing, pedo, etc, so it was accepted as a 'lesser evil'. The problem is when the capabilities deployed grew disproportionally and got out of hand, and started to be used to spy on other allied countries, for industrial espionage, and in the end to obtain an economic & political advantage over the rest of the world, maintaining an obsolete hegemony.
For the Joe Average of all of us, don't worry, they are not after your petty data and communications, unless you plan on committing a crime where you might become a target for law enforcement. In that case, you're a fool that deserve to get caught and put behind bars.
For those worrying about their privacy, their data being pried by others, find a trusting provider, build a trusting relationship with the company providing you hosting services in a country that by LAW respects the privacy of their citizens. And like the guy who closed lavabit a few weeks ago, I quote him: 'don't trust your data to a company with physical ties to USA'. But I can assure you that every major country is doing the same, or have plans in place to do it.
They kinda made the open standards too. So they've got backdoors in em too. One example:
https://www.schneier.com/essay-198.html
Encryption does work, in short, otherwise there would be no attempts to outlaw it.
It amazes me how naive people are. Everyone is shocked about the latest revelations with the NSA . . . but guess what, I guarantee just about every country in the world is doing something similar, the US is just the only one to get caught so far.
Actually, it is not so.
While romanian secret services are in power here too, they do not control gmail or yahoo, nor major datacenters and exchanges. Probably would do the same as in many other countries if they could, but there are countries that would not do this and will not do even when the whole world will do it and encryption will be illegal.
You will see that the current great firewalls that try to shield citizens in a country or another from the truth and democracy will be reversed, the whole world will try to defend against truth and democracy whereas only some countries will still have democracy. Of course, trying to do that will be futile, people will continue to exchange information ever more outside government control, more tricks will be used, the cyber-resistance will be the last area where the "untermenchen" that pay the corporations, churches and governments will have a real chance to strike back. The guns that gun lovers are clinging to will not be able to do anything, the word, hence the information is and was more powerful than the sword, guns and rockets. That is where the real war will be fought, and we should be ready, more open source, more geeks, more encryption, more protocols, more crowdsourcing, more meshes and p2p.
I did not say every single government in the world was doing exactly what the US and UK governments are doing, but you're living in a fantasy world if you think the events as of late are isolated. There are probably unicorns and leprechauns leaping around there as well.
well, anything can be decrypted given enough time, and resources, but i doubt the NSA is going to bother decrypting some hacker/pedo/anonymous/etc hard disk drive, when they can try to decrypt other messages containing financial information, if you handle a lot of money, then yes you should worry about the NSA. they will make an exception for Snowden tho, but that's not your ordinary online threat. when conducting an investigation, law enforcement uses resources respectively money, and they need that money back.
Yes, all governments seem to agree they have to fight the information. They think that united will have a chance, but it is not so. I am pessimistic in nature, yet I am certain the corporations, cults and governments will not be able to stop the flow.
No patent, no copyright, no fight against "child porn", "terrorism", will ever be won online, there wont be even small victories, the most they can hope to get is to hang a few ppl here and there, probably half even innocent.
China is doing it, Iran is doing it, many others tried, did anyone succeed ? Even shutting down the whole network did not stop ppl from accessing the news and contributing to them.
So, spying will continue and intensify, but if people learn to protect and make no mistakes, it will be hard to hang us all. Who would work for them then ?
Secure or not, i still prefer encryption over no-encryption.
Encryption still works. The article is misleading because they focus on encryption FUD while lumping in facts about other security workarounds to muddle the truth. The best way to 'break' encryption is to go around it by accessing the decrypted channel or getting the key. You can unlock a great deal of data by just capturing the encrypted form and getting the key later (with a warrant or without). That's Prism's primary job.
The encryption is fine. If you're paranoid, what you should really worry about is who's on the other end, and how trustworthy they are. The answer is, they aren't.
Maths behind encryption is still bulletproof.
Anyway this news has just killed any existing closed source software.
until the actual documents are posted this is all just journalist hype.
and what maths is that, eh? It hasn't been shown that factoring semiprimes is necessarily a hard problem for example. We just believe it is.
I crapped my pants when I began reading this, because I thought it was going to suggest that the NSA had developed a quantum computer.
I think they haven't cracked it, rather they have all SSL private keys and put backdoors left and right...
http://www.theguardian.com/world/interactive/2013/sep/05/sigint-nsa-collaborates-technology-companies
http://www.theguardian.com/world/interactive/2013/sep/05/nsa-classification-guide-cryptanalysis
http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide
http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us
Oh boy. This should keep the security porn addicts and tinfoil hat crowd occupied. If you are not doing anything highly illegal then I don't see why you should be concerned. They don't read anything they don't suspect of being big time bad guy stuff.
If you are doing something highly illegal then I hope you believe all the hyperbole about it which causes a lot of sleepless nights and makes you consider a change of occupation.
So, in your opinion, spying is OK because they probably do not target everyone yet. But they do target the people that matter.
The petraeus case should have raised a few alarms, surveillance killed one of the good guys, what makes you think the same is not used against "uncooperative" legislators and judges ? Why do you think so much unpopular legislation to give more powers to the spying agencies against the constitution, the judges and the people passes or, if defeated, comes up again under a new name a few months later ? That does not look suspicious to you ? Which legislator will vote against the will of his electors if he would not be sure he will be re-elected by the power of those who helps consolidating the power or is blackmailed with leaking to the press something personal ?
Here it happens every day and the public seems to accept all politicians are corrupt and only the secret services and their dependent DA can hang them all and clean up the country. US is following the same steps it seems.
Hitler managed to make politics look like a dishonest business where ppl go only to compromise the country at own benefits, now the secret services and cults are doing the same.
That's a nice shiny tin foil hat you have there.
Because, as we all know, the Fourth Amendment reads as such:
"If you've done nothing wrong, you've got nothing to fear, and when we want to use them, Warrants can be issued when we feel like it, but it's not that big of a deal if we don't use them to go through your Gmail, and probable cause is a nice thing but if you're three degrees of separation from someone sounding September 11th-y then that's your problem, and we can pretty much go after whatever communications we want, so deal."
The black helicopters are coming to get you and your tin foil hat can no longer protect you. Better order another bushmaster and another thousand rounds to add to your collection. I also recommend you go to Costco and get another 20lbs of beef jerky and pork rinds for the survival shelter.
haha, again with the tinfoin hats, now that is funny, after all the evidence presented by Snowden, it just shows the level of indoctrination that some people were subjected to, just the other day a guy was defending the wars in Iraq and Afghanistan, and said that the US should go to Syria and stop the dictator from using chemical weapons
Will do -- wanna kick over some of that fat check from the NSA so I can?
Not all of us can be gubbermint shills, after all.
And who will be here to defend you when the helicopters will come after you ?
Damn, guess you will have to be dealt with now. You know too much. The black helicopters have been dispatched and will be arriving shortly to take you to an undisclosed location. Better wipe all that hentai porn off your encrypted HD. We can decrypt all that as you know and have a special hentai porn division just for people like you.
Troll-baiting aside, a good editorial from ProPublica: