N.S.A. Foils Much Internet Encryption

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Orbmiser

N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

N.S.A. Foils Much Internet Encryption
[url]http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0[/url]
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
.
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: N.S.A. Foils Much Internet Encryption

Post by mike acker »

i like to read Bruce Schneier, generally, when browsing thru the Computer News each morning. and today, not surprisingly, he does not disappoint.

i'm still digesting this stuff so all i'm going to do here is post a couple pointers
1. Bruce Schneier column
[url]http://www.schneier.com/index.html[/url]
links from his lead essay
[url]http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption[/url]
[url]http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying[/url]
[url]http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance[/url]
2. Article of particular interest
[url]http://www.schneier.com/essay-446.html[/url]

from the essay published on propubica there was this:
The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
if you are really interested in crypto, google for "vernam cipher" . ( one time pad ) .

or, for a simpler approach, go 1920's bootleg style and use drop-boxes disguised as bird-houses. probably drop an encrypted .zip file off on a DVD though. as long as you have to agree where the drop box is you can agree the password as well.

in essay 446 Schneier discusses the affect of keylength on cipher strength. it seems that for now simply increasing the keylength defeats advances in cpu and cpu-cluster speed advances. I'd be inclined to alter GnuPG to use an alternate cipher e.g. TWOFISH rather that one of the more "official ones, e.g. AES or 3DES . there's a way to get into GPG and alter the order of selection making TWOFISH first choice. i almost had it researched out at one time...
gpg (GnuPG) 1.4.12
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
the interesting thing about TWOFISH is,..... Schneier offers the source code... making hiding a 'back door' rather more difficult.

again from the propublica article:
And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
¡Viva la Resistencia!
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

alter your Public Key to prefer TWOFISH

Post by mike acker »

after recent events i did some reading on the GPG manual and altered my GPG key so that TWOFISH is the prefered cipher

it took me an hour to read the manual but only a minute to make the change--

gpg --edit-key <key name>

this will give a gpg> prompt

gpg> setpref TWOFISH CAST5 BLOWFISH 3DES AES AES192 AES256 CAMELLIA128 CAMELLIA192 CAMELLIA256

there are a couple "yeah, go ahead" responses after this but in the light of recent revelations i thought an open-source cipher, particularly Schneier's would be a Better Idea

at gpg> quit
is the command to terminate the key-edit
¡Viva la Resistencia!
realitykid

Re: N.S.A. Foils Much Internet Encryption

Post by realitykid »

Orbmiser wrote:N.S.A. Foils Much Internet Encryption
[url]http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0[/url]
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
.

Even more reason for me to use Linux and open software. If I can just make it that much more difficult for them, then I will. So long as I don't do anything deserving of prison time.
Orbmiser

Re: N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

Well that is actually the way it's going now for Citizens.
As in prison I believe they monitor and record all your phone calls and open and examine your mail.

Next they will be sending us emails tellings us to pay our late taxes as we see that you just bought a new flat screen television.
When you could have paid your taxes with that.

Yep Fun times ahead to see how much they can get away with the sheeple.
.
User avatar
excollier
Level 4
Level 4
Posts: 455
Joined: Mon Oct 01, 2012 3:31 pm
Location: Donegal, Ireland

Re: N.S.A. Foils Much Internet Encryption

Post by excollier »

realitykid wrote: Even more reason for me to use Linux and open software. If I can just make it that much more difficult for them, then I will. So long as I don't do anything deserving of prison time.
Depends if they move the goalposts on what they deem to be illegal. Governments can be fickle sometimes....
Registered Linux user #557695
MX Linux user these days - I introduce newbies via Mint
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: N.S.A. Foils Much Internet Encryption

Post by mike acker »

alas, there is so much to learn in these matters
all experience hath
shown, that mankind are more disposed to suffer, while evils
are sufferable, than to right themselves by abolishing the
forms to which they are accustomed. But when a long train
of abuses and usurpations, pursuing invariably the same
Object evinces a design to reduce them under absolute
Despotism, it is their right, it is their duty, to throw off
such Government, and to provide new Guards for their future
security.
(Declaration of Independence)
"Still, if you will not fight for the right when you can easily win without bloodshed, if you will not fight when your victory will be sure and not so costly, you may come to the moment when you will have to fight with all the odds against you and only a precarious chance for survival. There may be a worse case. You may have to fight when there is no chance of victory, because it is better to perish than to live as slaves." --Winston Churchill
Thomas Jefferson, 1821: "...when all government... in little as in great things, shall be drawn to Washington as the centre of all power, it will render powerless the checks provided of one government on another and will become as venal and oppressive as the government from which we separated."
my question, re NSA,-- are they looking for terrorists, as they say they are, or -- are they looking for dissidents, tax cheats, deatbeat parents, drug runners, music pirates, et.al i just wish they crack down on telemarketers who disregard the National Do Not Call list.
¡Viva la Resistencia!
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: N.S.A. Foils Much Internet Encryption

Post by mike acker »

Even more reason for me to use Linux and open software. If I can just make it that much more difficult for them, then I will. So long as I don't do anything deserving of prison time.
see my other posting here regarding GPG and TWOFISH

from a terminal window:

gpg --list-key <key name>

this will verify you are looking at the right key. if you have a couple expired keys out there, you may need to enter the 8 byte hex id of the key you want as name

gpg --edit-key <key name>

this will open an editor with a
gpg>

prompt

gpg> showpref

this will show you which ciphers you prefer people to use when they send you cipher text

gpg> setpref TWOFISH CAST5 BLOWFISH 3DES AES AES192 AES256 CAMELLIA128 CAMELLIA192 CAMELLIA256
gpg> quit

this will alter YOUR public key such that it requests others to use TWOFISH (Bruce Schneier) as your preferred cipher. this is consistent with our preference for open source solutions and that is the reason for this change . besides, we all love Bruce's excellent works!!

i don't know if we have a gpg discussion section here at MINT. perhaps it is better to use the official discussion list

Send Gnupg-users mailing list submissions to
gnupg-users@gnupg.org

my public key is available on the keyserver.
¡Viva la Resistencia!
Orbmiser

Re: N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

90 percent of Tor keys can be broken by NSA
[url]http://boingboing.net/2013/09/07/90-percent-of-tor-keys-can-be.html[/url]
Graham faults the Tor Project for the poor uptake of its new version, though as an Ars Technica commenter points out, popular GNU/Linux distributions like Debian and its derivative Ubuntu are also to blame, since they only distribute the older, weaker version. In either event, this is a wake-up call that will likely spur both the Tor Project and the major distros to push the update.
Tor is still DHE 1024 (NSA crackable)
[url]http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html#.UiuQLk0gfRY[/url]
The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.
.
Orbmiser

Re: N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

Want to sit in Picard's chair while spying on THE WORLD? We can make it so – ex-NSA man
[url]http://www.theregister.co.uk/2013/09/16/alexander_star_trek_bridge/[/url]
Tells magazine that NSA boss 'built replica Star Trek bridge'
NSA getting Stranger & Stranger! :?
.
roth

Re: N.S.A. Foils Much Internet Encryption

Post by roth »

realitykid wrote:
Orbmiser wrote:So long as I don't do anything deserving of prison time.
...Like being in the vicinity of a murder or, being suspected of links to terrorism or, jaywalking...
User avatar
excollier
Level 4
Level 4
Posts: 455
Joined: Mon Oct 01, 2012 3:31 pm
Location: Donegal, Ireland

Re: N.S.A. Foils Much Internet Encryption

Post by excollier »

roth wrote:
realitykid wrote:
Orbmiser wrote:So long as I don't do anything deserving of prison time.
...Like being in the vicinity of a murder or, being suspected of links to terrorism or, jaywalking...
Or anything they decree illegal this week....
Registered Linux user #557695
MX Linux user these days - I introduce newbies via Mint
samriggs

Re: N.S.A. Foils Much Internet Encryption

Post by samriggs »

Sooo if this was any citizen, anywhere, doing exactly what the N.S.A. is doing without permission they would be arrested for illegal hacking/cracking and stalking.
If you don't abide by their rules (which can change anytime) yup Snowdon was a real threat by telling everyone what most already knew and became number one or close to it on their hit list and a world wide manhunt went on for this poor guy just for telling everyone their being stalked and spied on by the government, hmmm wonder if this rules applies to all hackers/crackers and stalkers now? you tell on them and a world wide man hunt goes on for you, oh ya it's only the N.S.A. that is allowed to do such things, they got their own rules and laws that no one else has on the planet but will run over anyone that does the same things they do or tells anyone what there doing so they don't get caught.
Sounds like the bully in the school yard to me.
AS far as blocking them goes, not much can be done, your isp can work for them as far as you know, and anything you surf and or email or download etc can be taken from from your isp, just to many ways to get you if they really wanted to, it just irks me they are playing king of the hill with all this and the rules don't apply to them.
Orbmiser

Re: N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos show
Analysts grudgingly hail Tor as "king of high-secure, low-latency" anonymity.
[url]http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/[/url]
The classified memos and training manuals—which were leaked by former NSA contractor Edward Snowden and reported by The Guardian, show that the NSA and the UK-based Government Communications Headquarters (GCHQ) are able to bypass Tor protections, but only against select targets and often with considerable effort. Indeed, one presentation slide grudgingly hailed Tor as "the king of high-secure, low-latency Internet anonymity." Another, titled "Tor Stinks," lamented: "We will never be able to de-anonymize all Tor users all the time."
Well I know I'm Safe as I channel all my internet connections thru a Quantum Time Discriminator.
So the data arrives sometime in the future! :P
.
User avatar
excollier
Level 4
Level 4
Posts: 455
Joined: Mon Oct 01, 2012 3:31 pm
Location: Donegal, Ireland

Re: N.S.A. Foils Much Internet Encryption

Post by excollier »

"Quantum Time Discriminator"......is that in the repos? I'll take two......
Registered Linux user #557695
MX Linux user these days - I introduce newbies via Mint
Orbmiser

Re: N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

excollier wrote:"Quantum Time Discriminator"......is that in the repos? I'll take two......
Sure can order them thru my Paypal account. :mrgreen:
(2) Quantum Time Disciminators @ ( $150,666 ea.) or both for ( $300,000)
Quantum Time Dicriminator.jpg
Order within the next 24hrs. and receive 2 Quantum Flow Regulators Absolutely FREE! :P
Quantum Flow Regulators.jpg
ACT NOW! As Supplies Are Limited!
.
User avatar
excollier
Level 4
Level 4
Posts: 455
Joined: Mon Oct 01, 2012 3:31 pm
Location: Donegal, Ireland

Re: N.S.A. Foils Much Internet Encryption

Post by excollier »

Sorry, can't buy now, my Quantum Cash Regulator refuses to co-operate... :!: ...maybe some other time
Registered Linux user #557695
MX Linux user these days - I introduce newbies via Mint
User avatar
daveinuk
Level 7
Level 7
Posts: 1559
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Re: N.S.A. Foils Much Internet Encryption

Post by daveinuk »

Maybe they're not foiling as much as they like to think they are :shock:

[url]http://www.computerworld.com/s/article/9242992/Report_NSA_has_little_success_cracking_Tor[/url]
Orbmiser

Re: N.S.A. Foils Much Internet Encryption

Post by Orbmiser »

daveinuk wrote:Maybe they're not foiling as much as they like to think they are :shock:

[url]http://www.computerworld.com/s/article/9242992/Report_NSA_has_little_success_cracking_Tor[/url]
Yep was a relief to know only herculean efforts required to chase a specific target.
And zero chance of unraveling anonymity of all at once.

The ironic part is that Tor was invented at the U.S. Naval Academy as a project meant to help activists overseas evade surveillance by officials of repressive regimes. A good amount of its funding has come from the NSA’s parent agency, the U.S. Department of Defense.
.
helterskelter

Re: N.S.A. Foils Much Internet Encryption

Post by helterskelter »

Whats the big deal? Someone explain to me why I should be worried?
I really dont get all this conspiracy hooha.I think theres an awful lot of folks out their that need to see a shrink-Paranoia?

eddie
Locked

Return to “Open Chat”