Skip to comments.N.S.A. Foils Much Internet Encryption
Posted on 09/05/2013 12:14:05 PM PDT by Alter Kaker
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Many users assume or have been assured by Internet companies that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
(Excerpt) Read more at nytimes.com ...
This leak makes me wonder a bit about the security of AES.
Personally I like Blowfish and RC4 .. many think RC4 is weak but I think it’s fine if properly implemented. It’s very easy to code RC4 for use in embedded systems. I love RC4 for its elegance and simplicity. http://ciphersaber.gurus.org/
ECC is what we need to use for public key, it’s what the NSA uses.
I imagine the NSA uses a lot of custom ASIC chips for code breaking...probably made in their own Fab. I bet NSA would be great at Bitcoin mining.
The ability of NSA to decrypt a particular implementation or type of encryption is tested by foreign adversaries by encoding false info with the system and watching to see if the U.S. takes any action based on that info.
Don’t trust anything but open-source encryption products.
For the most critical data I’d recommend the two parties create a truly random set of data using a noise source like brownian noise. Both parties must hold this data and keep it secure. This allows the parties to add a one-time-pad step to their usual encryption routine. The one-time-pad is unbreakable by any method, even when powerful quantum computers come on line they will have no hope of penetrating a one-time-pad system. The big problem with one-time-pad is you are taken back to the bad old days of the key exchange problem...secret data that must be shared by all users, it’s a drag!
Steganography must still be a huge problem for the NSA since there are nearly limitless ways to implement it. Just a few bits inside a huge data set can hold important info...how do you discern this??
Hey, no shit! I was just going to say the same thing!
I do that now. About the only thing I’ll use plastic for is gasoline since it’s less stressful to pay at the pump than to deal with idiots in line inside and the idiots running the cash register.
Browse in an incognito window if you don’t want cookies.
and use duckduckgo for a search engine
It’s mathematics, it’s not hard to tell if a bunch of bits is random or contains a pattern. True randomness is very hard to do. Once data is encrypted it still can contain some non-randomness that can be discerned. The job is to decrypt to the most non-random state you can. The most non-random state might still be something like a simple book cypher so it won’t be readable yet...or it could be plain-text.
Subtle steganography is a real headache for those looking for secret meaning in masses of data.
Vz abg jbeevrq, V hfr gur fhcre frpher naq gurbergvpnyyl haoernxnoyr EBG13 nytbevguz.
“Hey, no shit! I was just going to say the same thing!”
I guess I will have to block FR from my 11 year old granddaughter.
You are more or less on to it. Bobalu’s answer is correct, but let me elaborate some. They might look for common English words. See here for how it was done a Bletchley Park:
Read the entire article it’s terribly interesting.
this is going to kill the cloud computing bandwaggon.
Have your brother at least, install DoNotTrackMe from the FF apps.
I use cash everywhere, regardless of business size.
there is a solution.
of course, I won’t put it out without being able to properly monetize it
which is the sticky wicket
The only way I see to insure privacy is to encrypt and decrypt on a separate, standalone computer that is never connected to the network.
Microsoft is one of the companies that has installed a back door into their vaunted ‘Bitlocker’ encryption protocol:
One of my recent (and now unused) passwords was FUBO01202017
It’s be a shame if that went totally wasted on some Democrat at the NSA.
Commercial encryption is already non-useful with regards to national level eavesdropping.
It’s not the specific communications that are necessarily vulnerable, it’s the exploits sold by international corporations to anyone who is willing to pay. The exploits allow access for further information gathering (such as key logger software).
Do you have a new printer? Do you have a new mouse? Do you have the most recent update of Acrobat? Exploits of drivers and productivity software is major business these days.
Guess who pays megabucks for these exploits? Every major intelligence organization.
However, criminal enterprises worry me most; and now my perception is that many overseas criminal enterprises work hand in hand with state sponsored cyber eavesdropping organizations.
Sorry to wax long winded. Just my reason for keeping as minimal an internet presence as possible.
Problem though is to remember all those characters.
Revolt is coming.
Soon it will all fail.