What The CIA WikiLeaks Dump Tells Us: Encryption Works (ap.org) 202
"If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works," writes the Associated Press, "and the industry should use more of it." An anonymous reader quotes their report:
Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago"... Cindy Cohn, executive director for Electronic Frontier Foundation, a group focused on online privacy, likened the CIA's approach to "fishing with a line and pole rather than fishing with a driftnet."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."
When can we expect a ban? (Score:5, Insightful)
Now the powers to be really have an incentive to outlaw encryption. Great!
Re:When can we expect a ban? (Score:5, Insightful)
The CIA is supposed to spy on foreign subjects. How will the US manage to ban encryption for foreigners?
Banning the export of encryption already has been tried, and we see how effective that was.
Re: (Score:3, Funny)
How will the US manage to ban encryption for foreigners?
How will the US manage to ban foreigners?
The US government is working on banning foreigners. And they would have gotten away with it by now, if it wasn't for those meddling courts, with their Mystery Machine and the dorky dog.
"I think we should tax foreigners, living abroad." -- Monty Python
"I think we should ban foreigners, living abroad." -- Uncle Sam
Re: (Score:3)
Re: (Score:2, Insightful)
Yet Saudi Arabia isn't on the list, arguably the biggest terrorist-proucing country on the planet.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
You can't ban mathematics.
"Fake Math" [Re:When can we expect a ban?] (Score:2)
But I wouldn't put it beyond certain politicians to try.
Re: (Score:2)
You can't ban mathematics
You obviously haven't read enough dystopian SciFi. Heck, Even the relatively benign world(s) of Anathem put all the mathematicians into a locked-down monastery.
Re:When can we expect a ban? (Score:4, Insightful)
Oh, they always did. You just know about it now, but you should have suspected it all along.
Unless, of course, the leak is a plant, which you always have to consider the possibility of. If there's going to be leaks, why not engineer one that claims you can't, say read encrypted WhatsApp messages, when you actually can. While it's near impossible to break encryption algorithms, implementations are often if not usually significantly weaker than their algorithms are on paper.
Already got rid of a ban (Score:3)
Now the powers to be really have an incentive to outlaw encryption. Great!
There used to be a ban on exporting encryption software [wikipedia.org]. It was classified as a munition. Of course this preposterous classification relied on the absurd assumption that nobody outside the US could develop software to do useful encryption or that they would be unwilling to distribute it if they did. Eventually the ban was lifted during the 1990s because it was hurting US companies and because it was basically an unenforceable anachronism once the internet became a thing.
That's not to say that the US (or
Re: (Score:2)
Unless you adopt an intentionally myopic view of 'munitions' that excludes pretty much everything except the actual component that ends up embedded in your opponent's chest cavity, encryption has at least as good a claim as, say, imaging hardware, ECM, fancy radar absorbent materials, and similar things that don't directly kill anyone; but are enormously useful in either detecting the othe
Re: (Score:2)
So, you're against the right to privacy. Allowing LE access to everything is not the right answer. Especially with a petty asshole as president.
Fighting fire with fire (Score:3)
If tech companies continue to make it difficult/impossible for law enforcement to do basic law enforcement-type things merely for the sake of making extreme, unnecessary obfuscation of your pointless texts a marketing slogan, this is where things will wind up.
Perhaps but I doubt it. See companies like Apple and Google have the money to pay for lobbying, bribes, and thanks to a recent decision by our Supreme Court unlimited campaign contributions. Companies can and do buy politicians.
Only a clueless idiot things that encrypting my communications is "unnecessary". I don't actually need to have done something wrong for my communications to be used against me. Innocent remarks can be incredibly easy to misconstrue, intentionally or unintentionally. Just
Re: (Score:3)
No need. They are just putting in backdoors in the firmware instead. Intel chipsets have been using encrypted binary blobs for years, and the new AM4 from AMD will have the same thing.
Re: (Score:2)
How long until foreigners just stop using US-designed chips?
Re: (Score:2)
Re: (Score:2)
Only the Asymmetric ones.
Symmetric encryption schemes should be OK for the time being.
Re: (Score:2)
Re: (Score:2)
"if the U.S. government" (Score:5, Insightful)
This is what really pisses me off: the unstated assertion that *only* the US gubmint has these techniques.
Re: (Score:2, Informative)
In fairness the leaks were of US government agency documents, so although you can presume non-US agencies have the same issues we don't have comparable document leaks to prove that.
Lies (Score:3, Funny)
I know Apple has backdoors and shit because Apple is evil. And I know it because I believe it with all my heart.
Re: (Score:3)
Quantum computers (Score:2)
Once the government figures out that quantum computers can be used to easily crack conventional encryption, you can bet that those new machines will be locked up behind a top secret order that's about 30 pieces of paper thick.
Re: (Score:2)
There are already defences against this.
I'd be rather disappointed if military encryption specialists weren't already designing more and even using them in practice already.
What it also tells us... (Score:3, Insightful)
... is that, with the cat out of the bag, Congress will be working hard to criminalize consumer encryption like it has been done in so many other totalitarian dictatorships.
One thing has been made clear by all of this though: we are not free. We do not live in the land of liberty. And, the government is completely out of our control.
Re: (Score:3, Insightful)
Well, the intent of the second amendment was that The People be just as well-armed as the government, so that in the case of an out of control government, the people could throw it off by force if necessary.
But, the government, being interested in perpetuating itself at all costs, was successful in neutering the second amendment with the courts, so that it could not accomplish its stated intent.
All the handguns in the world are not going to overthrow a government armed with .50 caliber machine guns, attack
Re: (Score:3)
I won't get into whether the government neutered the second amendment, because even if you're right there, your next statement is wrong. The U.S. has, for a lot of various and obvious historical reasons, decided that it had to outpace the rest of the world with military technology. It spends billions on R&D every year and tens of billions on acquiring equipment. The result is weaponry that civilians couldn't hope to own even if it were legal to do so, and equipment that demands highly trained crews and
No it doesn't (Score:5, Insightful)
Re: (Score:3)
Well, yes and no. Providing data-in-transit protection between two endpoints only mattes if both end points are of an equally trustworthy nature. Hat is a combination of security of the device, assumption that it has not already been compromised, and that the operator is operating in good faith.
Sending a confidential message via trusted channel to another terminal being operated by Loud Howard who will read the message out loud to himself subverts all the technical controls, too, if he is being listened to
Re:No it doesn't (Score:5, Insightful)
Security is more about defence in depth than worrying about one compromised endpoint. Encryption makes bulk interception not work, they have to expend far more effort going after the endpoints if they want to listen in. Going after endpoints is not without risk - all the really good zero day exploits are too valuable to waste on the little guys.
Re:No it doesn't (Score:4, Interesting)
I couldn't agree more. However, a lot of security technologies and methodologies seem to be predicated on the assumption that both terminals in a communication remain uncompromised or, in some (older, more troubling models), the assumption that by connecting two untrusted peers together over a trusted channel that the peers somehow inherit a general trust property, rather than just the trust implicit in authentication between endpoints.
That said, most of the public discussion seems to be go like this: either a), "crypto is great and as long as we use crypto, we're totally secure!" -- ignoring the fact that one compromised endpoint compromises the confidentiality of the channel, or b) "z0mg!! the endpoints can be compromised, so what good is encryption!? Signal is defeated!!", which is equally absurd.
People freak out about the ability of the CIA to conduct targeted operations because it is in the news, and people are bad at risk estimation and therefor threat modeling, especially if they aren't security professionals (i.e., most people). The CIA isn't necessarily in my threat model. However, mass surveillance is, because I'm part of the masses. Targeted actions by non-US foreign intelligence services have been, due to employment. So has industrial espionage, criminal hacking, and hacktivism. One can assume, however, that any non-US threat actors have at least the same level of sophistication for targeted endpoint compromise, even if they don't have the sophistication to suck all the comms out of the air.
So, absolutely defense in depth. But part of that is recognizing that if I put two untrusted endpoints together with a trusted channel, I don't magically get two trusted systems. I get two suspect systems that are able to exchange messages of dubious quality over an overt channel that is less susceptible to passive attack.
Re: (Score:2)
That said, most of the public discussion seems to be go like this: either a), "crypto is great and as long as we use crypto, we're totally secure!" -- ignoring the fact that one compromised endpoint compromises the confidentiality of the channel, or b) "z0mg!! the endpoints can be compromised, so what good is encryption!? Signal is defeated!!", which is equally absurd.
I agree, but earlier you talk about trusted and untrusted terminals. Trust isn't binary and in reality no terminal is every fully trusted if you are sending remote messages to it. You should take your own advice :-)
Re: (Score:3)
Re: (Score:3)
All your "cloud" data (email, voice, whatever) is unencrypted on the server side
Not all cloud data is like this. Many require your password in order to decode the decryption key. At least plenty of online backup services adhere to this - if you forget your password and don't have a backup of your encryption key, your cloud data is useless.
Re:No it doesn't (Score:4, Interesting)
Exactly. Most of the surveillance is gone by tapping one of the endpoints. All your "cloud" data (email, voice, whatever) is unencrypted on the server side and there is API access. On the client side, security is horribly broken because the client side software keeps changing and every change introduces new holes.
No, most of the surveillance was done by tapping the largely unencrypted data being sent over the internet backbone and warehousing it. The resulting database could then be data mined at the NSA/FBI/CIAs leisure. Once your data is encrypted they can't easily do that anymore because it isn't as simple anymore. Previously all they had to do was just sit there, watch a system management console while they warehoused insane amounts of unencrypted data and could implement deep intercepts of somebody's entire unencrypted communications with few mouse clicks in a web interface. With encryption they now have to seek out one or both parties in an encrypted data exchange and hack their computers which is a whole lot more hassle while wholesale warehousing and data mining of internet, voice and video traffic (the wet dream of the NSA/CIA/FBI and the politicians) is out of the question unless they can decrypt the vast majority of encrypted communications on the fly. I've heard figures of up to 20% of some HTTPS traffic being decryptable in bulk by the NSA because of encryption weaknesses but I'm having real trouble believing they'll be able to decrypt 90-100% of all encrypted traffic on the fly and warehouse it any time soon however much they'd like to.
Re: (Score:2)
The leaks tell us that encryption only works if the endpoints are secure, which they are not.
That has always been true, even before electronic devices became common place. The person is always the weakest link, and thus the best target; and not necessarily the important person but the one near him or her that has access to their correspondence, devices and files. Ge to them and the door is open to bigger targets; and the are often an easier target to turn. Now, you may be able to install a desired program without help, but you still target a person as the vector to the device.
Re: (Score:2)
Re: (Score:2)
It's a bit different, because it's now not the person that you're attacking, it's something that the user views as part of the communication channel. The analogy would be sending a message in a sealed box in an armoured car with an armed escort and then delivering it to someone's unlocked mailbox where anyone off the street could grab it and make a copy.
While I get your point, I still contend the person remains the weak link; it's more like sending it to a locked mailbox where someone can be convinced to lend out the key (akin to opening that pdf that came as an attachment) or putting it in a locked dropbox that either has a default password that can be determined or you pay the courier to give you access. While it is a communications channel the two end points tend to be the weakest links because of human behavior; and subject to coercion, blackmail, mone
Sigh. (Score:5, Insightful)
Not surprising, really, given that's exactly what encryption was invented for. To military standards. For military purposes. To prevent other militaries doing exactly what you don't want them to do.
All the scaremongering around encryption "being broken" by these "acres of datacentre" junk is just that - scaremongering. Hell, didn't the NSA recently ask for help breaking Skype? I'm sure there's a certain amount of misdirection there (I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves), but nobody has yet shown practical attacks against large enough primes used in PKE.
So far, everything they've done is via side-channel attacks and those are present in every system anyway. And when you have these organisations paying for tools that can open up iPhones, you know that they are struggling to cope.
If you want to secure data, encrypt it and abide by all the necessary precautions for it (i.e. don't enter the passphrase on untrusted computers, etc.).
The whole point of encryption is that you can publish your data on the web and point EVERYONE at it (e.g. Wikileaks insurance file) and nobody can access it without the key. If you don't trust Google or similar to hold your files, only allow them access to the encrypted containers and not the decrypted files.
It's quite clear that encryption is doing its job. And if it wasn't, it would be fixed quite quickly (e.g. we're already preparing against quantum computing attacks).
Re: (Score:3)
Hell, didn't the NSA recently ask for help breaking Skype?
It's the difference between being able to break a single Skype connection with a legal request to Microsoft, and being able to record every Skype connection all the time. They are not satisfied with the former, and can't be allowed to have the latter.
Re: (Score:2)
They are not satisfied with the former, and can't be allowed to have the latter.
I wonder how long that will go on for. Your head honcho seems pretty obsessed with 'terrorists' both real and illusory. Poor Sweden.
Re:Sigh. (Score:5, Informative)
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
Personally, I have no real concerns about the NIST curves. Mostly because I think that if they were weak, the academic community would have discovered it by now, but also because if the NSA can crack them it's a closely-held secret which is used very sparingly, and nothing I encrypt or sign is that important.
IMO, the biggest problem with ECC is the lack of standardization around how to use it to encrypt. ECDSA is very well-standardized, but ECIES has too many free parameters (choice of KDF being the biggest) which makes interoperability hard.
Honestly, if I put on my tinfoil hat I'm more worried about what the NSA knows about how to break RSA than ECC. Not because I think they can factor products of large primes, but because there are so many subtle ways to screw up RSA and make it exploitable, and because the NSA really seems to discourage use of ECC for encryption. Not only have they not set out clear standards for ECIES, an odd exception to the normal thoroughness of the NIST standards which hinders interoperability and discourages use, but last year they even told the world not to bother with ECC and to stick with RSA until practical post-quantum algorithms are available.
nobody has yet shown practical attacks against large enough primes used in PKE
RSA != PKE. And, actually, there are lots of practical attacks, if you consider the space of the ways people screw up RSA. In addition, RSA's expensive key generation function makes forward secrecy impractical in most cases, which makes logged traffic vulnerable to subpoena attacks. This is the primary reason why all TLS security evaluations issue bad grades for any web server configured to use RSA. DH or ECDH are much better.
Every cryptographer I know recommends against using RSA. For encryption, pick your ECIES parameters and use it, with an authenticated encryption mode, e.g. AES-GCM. For signatures, use ECDSA. In both cases, if you're worried about backdoored curves use Brainpool curves, or Edd25519.
Re:Sigh. (Score:5, Interesting)
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
One should also note that when DES was being rolled out the NSA had specifically requested some tweaks be made to the algorithm that people were very skeptical of. Everyone thought the NSA was trying to do something sneaky then, too. It turned out that a known attack vector was discovered in the early 1970s and was not known to the public until the early 1990s. Whether or not the NSA is helping or hurting is something for the history books. There is no way for us to know at this point in time.
Re:Sigh. (Score:5, Interesting)
I'm still not convinced on EC cryptography, which was brought along with the help of the NSA choosing certain curves
There's nothing wrong with ECC. It has significant advantages over RSA, especially on low-power devices. There is a remote possibility that the NIST curves are weak in some way known to the NSA and not to the rest of the world, but if you're concerned about that you can simply choose different curves. Edd25519 is a particularly good choice (though Edwards curves work a little differently, so it's not a drop-in replacement for the NIST curves).
One should also note that when DES was being rolled out the NSA had specifically requested some tweaks be made to the algorithm that people were very skeptical of. Everyone thought the NSA was trying to do something sneaky then, too. It turned out that a known attack vector was discovered in the early 1970s and was not known to the public until the early 1990s. Whether or not the NSA is helping or hurting is something for the history books. There is no way for us to know at this point in time.
The NSA changed the DES S boxes to make them resistant to differential cryptanalysis, but it also shortened the key length. Had DES been standardized with IBM's original 128-bit key length (but with fixed S boxes), it would still be quite secure. So the NSA's role in DES was a mixed bag. They fixed a non-obvious flaw while introducing an obvious weakness (short keys) that would enable practical attacks in the future. The short key weakness wasn't what anyone could call a "back door", though, since it was obvious to everyone.
Re: (Score:2)
TLS has nothing to do with the underlying encryption. That hasn't been broken, but the trust put into the people verifying identities has been misplaced. That's an entirely different matter.
Re: (Score:3)
Yes it is.
That's exactly the point.
Because whether your data is on the front page of the evening news, flying across monitored connections all round the internet, broadcast in morse code over the airwaves, or stored in a file in your enemy's data capture centres, you can transmit your data (and they can capture and store it) over plaintext channels and yet THEY STILL CAN'T READ IT. Because they don't have the private key.
Hell, they can even send you a message (using your public key) and nobody but you can
Re: (Score:2)
Go read the history of DES.
First, they admitted lowering the key size.
Then they asked IBM to keep quite about attacks on it.
Sure, at a later date, they were making changes to strengthen it but you are assuming that they still have the same intention.
When an agency keeps secrets about an attack on the algorithm secret for 20+ years, while it was still an "authorised" algorithm, they aren't working in your interest.
False assumption (Score:3)
Re:False assumption (Score:5, Insightful)
And that's the point of the argument.
If breaking the encryption was easy, they could just decrypt everything they get off of the wire and not have to insert back doors into software and target into a suspect's OS.
But since encryption is (financially/time/computationally) expensive, it's cheaper to exploit flaws in software.
Re: (Score:2)
Re:False assumption (Score:4, Insightful)
The point is, getting around encryption is too costly to do it on a mass scale, so they can only really do it for the small portion of targets judged worth it.
It's like with door locks. Your door lock is good at stopping casual probing, but pretty much useless against a determined attacker. If a government agency (any government) decides that they really need to enter your home then they will enter. It may be with a warrant, with an armoured bulldozer or with a covert penetration team. But it's much too costly and much too risky to do so unless you have really good reason. They can't do it for every house in the city, on the off chance somebody might have something interesting stashed away somewhere.
Same thing with crypto: it may not stop them if they decide you are a high-value target. But it stops mass surveillance dragnets in their tracks.
Re:False assumption (Score:5, Interesting)
The point is, getting around encryption is too costly to do it on a mass scale, so they can only really do it for the small portion of targets judged worth it.
As an example, when you use https some secret code is negotiated between you and the server. There are some random numbers that should be used in the process, and apparently lots of servers use the same random numbers and don't change them. As a result, about 10% of all https at some point used the same random numbers.
In this particular case, there is an unconfirmed rumour that the NSA with an investment > $100 million managed to "crack" this one random number so that any https using one of those servers becomes crackable. That's $100 million, and that investment can be wiped out in a second by using a different random number. That gives you an idea of the cost of breaking encryption.
Economic limitations on surveillance (Score:5, Insightful)
it may not stop them if they decide you are a high-value target. But it stops mass surveillance dragnets in their tracks.
And that's really what privacy laws are supposed to be about. If the government has a legitimate good faith reason to be investigating someone they have the tools to do this and to a point should have reasonable rights to investigate. Broad sweeping surveillance however should not provide them the same degree of resolution on any given individual. Law enforcement and defense surveillance should have to jump through some hoops and do some actual work to target any individual. That's the entire point of the 4th Amendment we well as several others. An investigation should be harder than looking up a database record because government's have shown they cannot resist abusing such power when made available to them. The notion that encryption will somehow make it impossible for them to do their job just hasn't been shown to be true in reality.
In practical terms however the reason encryption works isn't a moral one. It works because it keeps the economic cost for police to watch a given individual remains non-trivial so that they have to pick and choose who is worth bothering to watch. It used to be that getting the records and communications required a significant expenditure of resources. With email, modern phone systems, and the internet some of that became much easier. So much easier that it causes all sorts of problems with protecting civil liberties. Encryption balances things back out. They can still come after you if they need to but it has to rise to a certain level of suspicion to make it worth their while.
Re: False assumption (Score:2)
^ this guy gets it. Security is primarily applied economics; cryptography is one tool employed in the Spy vs. Spy game, but you better not bet your life on your crypto's implementation being attack-proof. Yeah, they probably know about holes in e.g. Android FDE but it's so damn easy to just text you a bogus .mp4 and 0wn your device that there's no reason to spend the time attacking your FDE.
CIA != NSA (Score:2)
While it may be tempting to think of the recent leaks as evidence of some broader point about cryptography, please realize the CIA is not the NSA. The only thing this proves is there is a huge gap in the capabilities of different agencies.
It also tells us (Score:2)
They are using git, have troubles with idiots who put binaries in git, know about Git-Flow (my favorite branching technique), are doing retrospectives (so Scrum sprints), are trying to do something that looks like semver.org for release numbering (although most of it is quite wrongly numbered). All in all, quite a typical software development company. Okayish in software development processes and practices. Could be better here and there.
We knew that (Score:5, Interesting)
Re: (Score:3)
The point is that the mega companies are WILLINGLY giving your data away to anyone that pays.
Cite?
We know that AT&T was providing lots of data for years. There's some evidence that Microsoft was a bit more cooperative than they needed to be, though they seem to have changed their approach in recent years. I've seen no evidence that Apple, Google, Amazon or any other major tech company provides any data at all to government agencies, except pursuant to a valid and properly-construed warrant or subpoena. And none that payment is either demanded or accepted in exchange for user data. AFAICT, the
Re: (Score:3)
Yahoo
https://duckduckgo.com/?q=yahoo+backdoor+email+nsa&t=hc&ia=web
Point. Though the OP said "mega companies", which IMO excludes Yahoo.
Re: (Score:3)
That's not true. Definitely not true. The "cloud" hasn't weakened encryption because WhatsApp and Signal (more Signal than WhatsApp) use an open-source protocol that is zero-knowledge through transit. The guys running the servers don't know the contents of the communications. (I believe that WhatsApp collects metadata but Signal does not.)
Google's Android and Apple's iOS are not being deliberately bugged with back doors. For fuck's sake, Android is open-source. It is possible to compile Android from the sou
Re: (Score:2)
Re: (Score:2)
One broken, forever broken (Score:5, Interesting)
The other thing evident by ommission is that (say) the CIA gets a warrant to hack into your TV. They'll start collecting data, but will they 'unhack' your TV when they're done? Not much to suggest they do, so your TV stays hacked, even though you're not a suspect in some new case they're working on.
Re: (Score:2)
In the leaks you can find for almost all tools and implants that the developers of the tools provide methods to remove and also auto-remove the implant.
For example, Hive: page 4 of this https://wikileaks.org/ciav7p1/... [wikileaks.org] :
is the self delete delay (in seconds). Amount of time since last successful beacon or
trigger allowed to pass before self-deletion occurs. If unused, the default value is 60
days in seconds.
There is also an entire section devoted to self-delete, on page 14: 4.1 (S) Self-Delete
Re: (Score:2)
From Development Tradecraft DOs and DON'Ts [wikileaks.org]:
They want to avoid their toys falling into the wrong hands (i.e. anti-malware companies), so they don't want them sitting around for ever
Devil's advocate (Score:2)
Let me play devil's advocate here. Let's say for a moment that the CIA does indeed have whatever hardware is required to easily brute force modern encryption with the current key lengths we are using. Maybe that's some sort of quantum device or perhaps they have access to standard computing power beyond what anyone imagines. That part doesn't matter for the sake of this argument.
What would you do if you were the CIA? How about release exactly the information we see here - information about some actual to
Re: (Score:2)
Re: (Score:3)
This is a valid theory and is worth considering. But Occam's Razor leads me to choose the simpler theory: that encryption is working. This is because the contents of this leak are consistent with other public information. Public discussion indicates that D-wave's quantum annealing computers can't run Shor's algorithm, so they are not useful for this (yet). There aren't attacks on AES that make it practical to break on classical computers (yet). So what we see the CIA doing is consistent with the curren
Re: (Score:2)
Or am I giving the CIA way, way too much credit here?
Yep. It's a leak, an embarrassing one, and the resulting purge will be horrible for morale. Not worth it just to make the world think they're incompetent when they're really not.
This was no secret (Score:3, Insightful)
"Data Scrambling" Encryption (Score:2)
Can we please get tech-journalists that at least get the very basic vocabulary right?
sigh (Score:2)
it's all about how much time the end-user puts into encrypting their own data. oh, the things you can do with unhelpfully labeled nested zip-splitting...
Encryption lessons from CIA and NSA leaks. (Score:4, Interesting)
There is a huge gap between crypto theory (https://www.cs.princeton.edu/~felten/encryption_primer.pdf) and expressed and implemented crypto reality. This gap provides many opportunities for anybody who wishes to favor attack over defense.
Traffic Analysis/meta data collection provides cheap, effective attack against virtually all current communication channels. Once you know who, when, where, how, and approximately what they are saying, you usually don't need to break their crypto.
The easiest way to weaken crypto implementation is to simply withdraw support for updates and improvements. Good crypto is hard. Defense is expensive. Without constant support, defenses fail. If you wish to weaken crypto defenses, it is usually sufficient to withhold support for good standards and good processes, and fail to eliminate mistakes.
The next most cost effective ways to weaken crypto implementation is to focus on degrading or hindering:
Good crypto implementations are almost indistinguishable from bad crypto implementations. The market will cheerfully purchase poor crypto if it is available, cheap, and the consequences are not immediate.
If an attacker ever needs to access info that is protected by a robust crypto implementation, it is usually faster and cheaper to subvert it's surrounding environment, people, hardware or software.
Reform of the Intelligence agencies should begin by greatly reducing their budget. Currently, they are huge, bloated, unmanageable monsters. They twist government to their whim. They distort the civilian economy. They cause massive incidental damage. A slim, tightly focused agency can be more carefully controlled and managed. A small, efficient CIA or NSA would achieve almost all of OUR important goals with a tiny fraction of the collateral damage.
Re: (Score:3, Interesting)
If you look in the Wikidump you can see plain as day that NSA owned TrueCrypt, and it was backdoored the entire time using obfuscated code (written by a former obfuscated C-code contest winner - and of course we now know that the contest has been an NSA activity also since day 1).
What shut down TrueCrypt was that someone found the code and reported it and the NSA immediately scuttled the project.
Re: Truecrypt.. (Score:5, Insightful)
[citation needed]
Sarcasm aside, I'm really interested in reading more about that.
Re: (Score:2)
Re:Truecrypt.. (Score:5, Interesting)
There is literally no evidence to support any of what you claim. Please cite 1) Where it's plain as day the NSA owned it 2) Any evidence of a backdoor, especially given that we have the source code and people have compiled that source to match the published binaries 3) Who wrote it including when they won an obfuscated C contest
Stop spreading your infowars-esque conspiracy theory bullshit, people are libel to think you know what you are talking about.
Re: (Score:2)
LOL, deflection to protect infowars.
That's great.
Re: (Score:2)
Interesting arguments.. But to degrade Infowars?
Infowars is a conspiracy site, it is not even conservative, it is just badshit insane.
Re: (Score:2)
Interesting arguments.. But to degrade Infowars?
Infowars is a conspiracy site, it is not even conservative, it is just badshit insane.
Now now, that's the chemtrails talking.
Re: (Score:2)
But to degrade Infowars?
Mhmm, there really is no need to 'degrade' infowars.
Re: (Score:2)
Both proprietary and OSS software have to be written and reviewed by somebody; and ensuring that your people end up as some of the important 'somebodys' is likely to be pretty doable if you have competent employees ava
Re: (Score:2)
I think the GP is just being an ass, but something pretty goddamned odd happened with TrueCrypt.
Re: (Score:2)
Funny sarcastic comments can be interesting.
Re: Truecrypt.. (Score:5, Informative)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2, Insightful)
Will you please stop pasting this bullshit into every thread dealing with processors and security? It's written in the style of a paranoid conspiracy theorist which ensures that nobody will read it or click the links. All you're doing is making people scroll a lot to get past your bullshit so that they can read comments that are actually about the article.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Re: (Score:3, Interesting)
Given that IME is for system administrators, the good admins already know about it. The bad ones don't care. So posting this drivel only proves your stupidity and general asshole-ishness.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)