NSA Building US's Biggest Spy Center

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

Deficit

[ehiris]

I thought we were bankrupt. Don't we have better things to spend (or save) our money on?

Re:a thought

[adturner]

That's basically what happens today with most protocols like SSL/TLS. For each new connection, the client and server negotiate a new key via public key crypto like RSA. Actually, based on some comments in the article, like needing more "transactions" to help break the encryption, makes me believe the NSA is actually working to break RSA then AES.

Re:Notice how the "crypto guys" are the "old guys"

[TheGratefulNet]

WHO would work for them, I ask you?

decades ago, the people didn't view their government quite the way they do today. some patriotism did exist and people wanted to help their government. *generally*.

today we all see how invasive and evil our government has become. totally 100% lost its way. almost anything it does, it does badly and hurts people, long and short run.

if I was offered a job for the so-called white hats (which I now see as black hats) I'd turn it down. I would not be able to live with myself knowing I'm helping an evil force become more evil and more forceful.

I do realize a lot of people can easily shelve their ethics and see money-making jobs as separate. but I wonder how many people still believe that if they join the government or gov-sponsored jobs, that they are really HELPING things?

too many black marks on the government. working for them could be as bad as working for the old mafias. the people that they do get, I would not trust. they are whores.

One Time DVD or SD anyone?

[Gim Tom]

The one time pad could make a comeback in the form of a one time DVD's or maybe even SD or Micro SD chips. I know, it is not scalable due to the problem of distribution. It is also symmetric in that the same "key" encrypts and decrypts, but it is also immune to brute force since your one time key is equal to or longer than the message length. An interesting variation might be to use an image file that is very long, but completely innocent as a pseudo random key and only have two copies of that exact image. The former Soviet Union used a one time cypher for all of their clandestine agent communications.

Re:Notice how the "crypto guys" are the "old guys"

[slew]

I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

Crypto-guys are the "old guys" from a tradecraft point of view. AFAIK, in the NSA, many of the old-guys are involved with developing clever new internal ciphers (so-called classified "suite-A" algorithms). Since many of the "bad-guys" aren't nation states with heavy duty crypto development capablities, they often are using off the shelf stuff like AES/ECDSA (members of the "suite-B" algorithms). Until someone discovers a huge gaping hole backdoor, breaking these "suite-B" algorithms benefit from mostly from brute force (even if you know a few clever tricks that others do not which chops things down an order of magnitude or two). This is pretty much an admission that there is no huge gaping back door in these suite-B algorithms, not that any crypto-tradecraft capability was in trouble.

I find it oddly somewhat comforting that the we have "old-guys" that realize that sometimes the best thing to do is to throw this problem at a box of computers and spend their time on other pursuits. Who knows, this facility might be dedicated to cranking on some clever cracking algorithm that is unknown to the public, all we know it it takes lots of OPS. Isn't surpising to me that cracking these algorithms are hard. As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits).

Re:Intelligence pays for itself

[Ghostworks]

The cited section basically talks about widespread French spying on American companies, and then claiming it was all a big conspiracy to make the French look bad once it came to light.

The fact remains that even if the U.S. government were willing to steal information and share it with American companies -- and this is pretty unlikely given that the U.S. doesn't have the sort of cozy, formal overlap of public and private sectors that France, China, or even Great Britain have -- most other countries haven't had anything we want. You have to go back to 1793 Pawtucket to find a good example of the U.S. gaining an edge through industrial espionage.

Don't get me wrong, the U.S. government has shown it's willing to co-op private technology for its own ends. (For example, when it co-opted the patent for Phillip French's Crater Coupler and then used that state secrets privilege to get the dispute tossed out of court.) They just haven't been shown to help private U.S. firms with any of it, or to do it specifically to improve the competitive advantage of a U.S. company.

Hiding secrets from the future with math.

[Tackhead]

The former Soviets got caught re-using their one time pads after a year.

"Best of all, your secret: nothing extant could extract it.
By 2025 a children's Speak-and-Spell could crack it.

They were thinking, who would store the eTexts for that long, since OTP is unbreakable?

You can't hide secrets from the future [youtube.com] with math.
You can try, but I bet that in the future they laugh,
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past."

- MC Frontalot, Secrets from the Future [frontalot.com]

Secrets cost money. How long do you need to keep them? Today we believe - with good reason - that most cryptographic protocols are secure. Bue even if that's true (and there's no guarantee), why not hoover up the data while it's available and wait for your opponent to slip up, or your mathematicians (or computer engineers) to make a breakthrough, whichever comes first?

NSA Building US's Biggest Spy Center

[taichibabbo]

I am shocked at the lack of facts that the general public holds about the NSA, cryptography, encryption and the state of the art of decryption today. If I had worked for such said Agency for 27+ years (which I absolutely didn't). In various fields, such as cryptography and the construction of the massive "brute force" systems used to break specific codes of interest (which I didn't). I would say the following: NSA truly has better and more important functions, like providing near-realtime intelligence to commanders in the field. This precludes listening in on each and everyone's personal telephone calls (land lines or cells), their e-mails and facebook pages. It's super computers are keep quite busy with the ever increasing amount of "raw" intel that floods back from the "field" to the Ft. Meade complex. Let's say that I retired back in 2004 (which I couldn't have done since I didn't really work for the Agency) but if I had I would have left knowing that breaking AES -128 and AES -256 encryption was child's play, that the Agency had abandoned 4096 bit keys years earlier in favor of "quantum encryption" which didn't really remain "unbreakable" all that long, so it also had to be abandoned. As for the person who thinks encryption was invented solely for "banking" and "something else". I would invite that person to visit the "National Cryptologic Museum" site at http://www.nsa.gov/about/cryptologic_heritage/museum/ [nsa.gov]. I am sure some of the information presented there although old a.k.a. de-classified for public consumption is still very compelling and interesting. Encryption and decryption history goes back quite a ways in history, long before modern banking systems came to be.