NSA Building US's Biggest Spy Center

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

USA...we miss you!

[Anonymous Coward]

In american America, people monitor the government.
In soviet America, the government monitors the people.

Re:How many bits?

[KhabaLox]

How many bits should we use for encryption now?

More.

Re:How many bits?

[SuricouRaven]

I think at this point it isn't about the number of bits, it's about luck, implimentation issues and the search for user error. Doesn't matter how many bits you use if they can sneak a copy of your laptop hard drive and find the key somewhere in swap space, or if your 8192-bit key is derived from a passphrase that's only ten alphanumeric characters, or if they can pull off an effective MITM attack on an SSL by threatening/bribing/asking a trusted certification authority to sign their cert.

Intelligence pays for itself

[betterunixthanunix]

We use our signals intelligence capability to pass the trade secrets of foreign companies on to our own domestic companies; there is plenty of money to be made from being able to decrypt messages that the NSA intercepts.

What am I missing?

[Fnkmaster]

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force. Even AES-128 is essentially unbreakable under any known attacks then, since brute forcing a single AES-128 password is so far beyond feasibility, it's absurd. My understanding is that the best known attacks on AES are side-channel attacks, which require only modest computational resources, but need access to the encrypting machine, and related-key attacks that are only effective for certain small classes of keys.

So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

And there have been several reports of FBI and other federal agencies being unable to recover AES-256 encrypted hard drives. So if NSA has the capability to do so even for small numbers of keys using existing computing power, they obviously keep it incredibly restricted and under wraps.

So... this is BS by somebody, right? Either congress is getting BSed into funding stuff that won't do what they're being told it will do, or the public is getting BSed into believing that using encryption is pointless because NSA can real-time decrypt anything, so just don't bother, mmm'kay?

Re:a thought

[Anonymous Coward]

First off, AES isn't public key, it's just usually used in conjunction with public key. The public key portion of the exchange is used to communicate an AES key (the "shared secret") which is then used for communication moving forward. This is because public key encryption is "expensive" by comparison to block cyphers like AES. Secondly, you don't communicate a passphrase with public key. The passphrase that you're used to using is so that keys can be securely stored and someone that gains access to your key file doesn't get access to your key.

You could potentially communicate a new AES key with every message, which would greatly reduce the chances of a bruce force attack being successfully since most rely on the ability to analyze a large number of blocks that use the same key. That said, if you crack one key you do gain access to every key that followed in the chain.

Re:How many bits?

[TheGratefulNet]

and even better: send false positives to waste their time.

perhaps the crypto protocols need enhancing to allow fake bullshit messages that can't easily be told from real crypto stuff.

ie, DOS them.

I know, they have lots of power but it IS a war. war on our privacy and its so blatant now, they don't even try to hide their break-in attempts to us, anymore.

the ONLY reason encryption was allowed in the first place was for banking and online 'business'. if there was not this use-case, we would be disallowed encryption entirely.

It's unlikely the real target is breaking codes

[mbkennel]

I actually doubt that they are most interested in brute-force codebreaking through the front door except in a few rare situations.

Most of the time, it's massive traffic analysis: searching and analyzing a titanic, dynamically changing graph, nodes are IP addresses and phone numbers of the planet.

Once they find a 'target of interest', then they would usually ask the FBI or other authority just to put a tap on a specific line, or if necessary break in and install a trojan on the target's phone or computer, avoiding front-door code-bashing, which isn't generally feasible in large scale any more.

There are companies (e.g. http://www.conveycomputer.com/ [conveycomputer.com]) which make highly parallel co-processors from FPGA's which give user-definable vectorized instructions on enormous memory bandwidth.

This is just the thing for the NSA.

Re:How many bits?

[GameboyRMH]

Don't forget there are commercially available quantum computers already, it's safe to say the NSA is already somewhat ahead of that, and they're on the bleeding edge of cryptography research. I've already phased out AES-128 and RSA-2048 from my systems just because I can.

Re:All your secrets belong to us...

[rot26]

Yeah, that's always the problem, innit? I personally wouldn't mind the NSA reading all of my email if it were, in fact, a sort of protector of good. How can any politician EVER control a beast that knows where every skeleton in every closet is and can protect that information behind armed guards and blast-proof doors? It's a deal with the devil if there ever has been one.

Re:USA...we miss you!

[TehZorroness]

Well, here's a word from me at least. Obama can eat a dick. I'm getting so fed up with this gradual transition to full autonomous surveillance. There will be people out in the streets about this when things start getting bad. Soon enough, the schism between reality and the fairy tales they told us about freedom in public school will be too wide even for the American Idol crowd to believe. An interesting time to live. It's just too bad we can't be investing these man-years and resources on attaining sustainability before the Earth becomes a giant radioactive ball of toxic shit inhabited by cannibalistic asshats.

Re:USA...we miss you!

[homer_ca]

That's ok. As long we get to keep our birth control and our gay rights, democracy is safe, right?

Re:USA...we miss you!

[jmcvetta]

There will be people out in the streets about this when things start getting bad.

Yes, but the drones will take care of them.