If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gawker)   Even your encrypted communications are being read by the NSA   (gawker.com) divider line 173
    More: Followup, NSA, online banking, private networks  
•       •       •

6663 clicks; posted to Main » on 05 Sep 2013 at 8:44 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



173 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | 3 | 4 | » | Last | Show all
 
2013-09-06 08:03:14 AM  
hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?
 
2013-09-06 08:34:29 AM  
I behalf of everyone that's ever been called a tinfoil hat, I would like to invite you all to go fark yourselves.  You've earned this.
 
2013-09-06 08:51:55 AM  

MythDragon: hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?


I'm sorry, I have no idea what you mean.  Could you explain further?
 
2013-09-06 09:21:27 AM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book


Kinda off topic, but if you want a good read about computer security from back in the day, check out The Cuckoo's Egg. I just finished it a couple days ago, and would highly recommend it.

http://www.amazon.com/CUCKOOS-EGG-ebook/dp/B0083DJXCM/ref=sr_1_1_bnp _1 _kin?ie=UTF8&qid=1378473655&sr=8-1&keywords=The+Cuckoo%27s+Egg
 
2013-09-06 09:31:31 AM  

Kahabut: dittybopper: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

This is a much more detailed article:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

They've taken a multi-pronged approach:

1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.

Yes and even with all that, it gives them your CC number.

Were there people stupid enough to think that SSL HTTPS was a secure standard?  Despite the numerous times it's been shown to be either completely broken, or partially broken?  Or the fact that you can simply MitM the server?  SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

There is an old thought process about encryption.  It goes roughly like this... How valuable is the material?  How time sensitive is it?  Now pick an algorithm that exceeds both those values.

Because the bottom line has always been that nearly any encryption can be broken, you just need it to hold long enough to get past the useful time frame of the information.  It's long been thought that SSL was good enough for it's use because criminal elements don't have the computer power required to crack it quickly (or at all), but that is utter fantasy land bullshiat.  Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and oth ...


This. Check out the Zeus botnet. Nasty shiat.

Users are stupid, and will always be the weakest point in any system. You can't change it, so just let them run wild, but make this standard software on all of your Windows deployments: http://www.bromium.com/products.html
 
2013-09-06 10:10:14 AM  

dittybopper: MythDragon: hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?

I'm sorry, I have no idea what you mean.  Could you explain further?


You start with a plain text message.
"I like cheese"
You encrypt it using whatever key
and you now have a coded message that you must unencrypt to read.

But what if you take the plain text and decrypt it using the same key?
You would have garbage that you'd have to encrypt to get it back to readable text right?

Say you use basic letter subsitution. In this case we'll just use one letter higher to encrypt. A=B, B=C, Z=A.
"I like cheese" becomes "J MJLF DIFFTF"
But if I decrypt "I like cheese" I get "H KHJD BFDDR" and if I try and use the key to unencrypt it I end up with "G JHIC AECCQ" which is still unreadable.
It's really simple to figure out using such an easy key, but if you use something harder, like AES would it make it harder for someone to analyise it? They are trying to decrypt your message when they need to be encrypting it. Or does it not work like that?
 
2013-09-06 10:31:17 AM  

MythDragon: Or does it not work like that?


It doesn't work like that.

In essence, you're encrypting with a different key.  That's all.  It's subject to the same cryptological and non-cryptological attacks.
 
2013-09-06 11:55:38 AM  

dittybopper: Twilight Farkle: I'm okay with #3 and #4; that's in line with their mandate.

Wrong.  Their actual mandate is to monitor *FOREIGN* communications.  That is what they were founded to do.

I would have zero problem with 1 through 4 provided they stuck to that mandate, but as we are all aware, they haven't done that.


Yeah, I was interpreting clever gadgets from #3, and better math from #4, as merely value-neutral tools/prerequisites to perform it. Tools are value-neutral; policymakers, not so much. FWIW to the extent they're doing something beyond than (ab)using the legal system as a $5 wrench to spare them from doing the math, I will be no less disappointed in their behavior, but I will be damn impressed. Moore's Law has its limits, and the person (in the open community) who discovers the current backdoors probably hasn't been born yet, but by the time they get their Ph.D. in Indistinguishablefrommagic, their side project of tinkering with old silicon and microcode will make fascinating reading. It only took 30 years for the 6502 to go from current hardware to something a transistor-level simulation in a web browser.

The one constant over the very long term has been that it doesn't matter whether it's math, hardware, or both. Someone eventually figures it out, publishes their results, and the rest of us get to sit back and watch in slack-jawed amazement at the cleverness of it all.
 
2013-09-06 12:27:18 PM  

MythDragon: dittybopper: MythDragon: hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?

I'm sorry, I have no idea what you mean.  Could you explain further?

You start with a plain text message.
"I like cheese"
You encrypt it using whatever key
and you now have a coded message that you must unencrypt to read.

But what if you take the plain text and decrypt it using the same key?
You would have garbage that you'd have to encrypt to get it back to readable text right?

Say you use basic letter subsitution. In this case we'll just use one letter higher to encrypt. A=B, B=C, Z=A.
"I like cheese" becomes "J MJLF DIFFTF"
But if I decrypt "I like cheese" I get "H KHJD BFDDR" and if I try and use the key to unencrypt it I end up with "G JHIC AECCQ" which is still unreadable.
It's really simple to figure out using such an easy key, but if you use something harder, like AES would it make it harder for someone to analyise it? They are trying to decrypt your message when they need to be encrypting it. Or does it not work like that?


I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.
 
2013-09-06 12:36:23 PM  
Joke's on them, none of my encrypted communications are interesting. Ha ha! My incredibly mundane existence finally pays off!
 
2013-09-06 12:53:08 PM  

UNAUTHORIZED FINGER: I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.


I thought a good encryption was like sticking your dick in a pickle slicer.

She gets fired too.

/Should have used that for the bad analogy thread.
 
2013-09-06 12:57:16 PM  

MythDragon: UNAUTHORIZED FINGER: I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.

I thought a good encryption was like sticking your dick in a pickle slicer.

She gets fired too.

/Should have used that for the bad analogy thread.


Hahaha/OUCH!
 
2013-09-06 02:20:23 PM  

Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


THEN WHY AM I SENDING THE FARKING THING?!?!

FARK YOU FOR NOT READING MY WORDS OF WISDOM!
 
2013-09-06 02:48:23 PM  

MythDragon: UNAUTHORIZED FINGER: I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.

I thought a good encryption was like sticking your dick in a pickle slicer.

She gets fired too.

/Should have used that for the bad analogy thread.


2048-bit Machine:

i39.tinypic.com
 
2013-09-06 03:45:50 PM  

dittybopper: Pointy Tail of Satan: Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.

Actually, what they do is they have a special law enforcement unit of the DEA called the "Special Operations Division" that takes that information from agencies like the NSA and feeds it to law enforcement.  It's like an "anonymous tip", but not really, because the ultimate source of the tip is an unconstitutional search:

The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."

A spokesman with the Department of Justice, which oversees the DEA, declined to comment.

But two senior DEA officials defended the program, and said trying to "recreate" an investigative trail is not only legal but a technique that is used almost daily.

A former federal agent in the northeastern United States who received such tips from SOD described the process. "You'd be told only, 'Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it," the agent said.


This is the stuff I find disturbing.
 
2013-09-06 04:29:39 PM  

WayToBlue: Once again, wtf are you on about? "SSL" is basically just a wrapper/glue protocol around other cryptographic primitives. What in particular are you suggesting can be "sliced through."


What does your bank use?  Want to watch me crack it?

256RES is pretty common on "high end" web encryption now.  It's child's play to break.  Not as easy as the 128AES systems that many websites still use, but hey, progress.

WayToBlue: That is simply untrue. Whoever told you it was only supposed to be good for a few hours lied to you.

I work with some of the people that developed these standards.  SSL was NEVER intended to be a permanent link, long term encryption.  First, if that was ever the use, it was cryptographically unsound.  SSL and the underlying cryptography were designed to be "light weight" so that they didn't eat CPU and memory too badly.  In crypto terms, that means SHORT TERM USE ONLY.  Which is also why any sort of proper implementation has a key expiration, and re-keying session every 30 minutes or so.  In truth, that's not good enough ANYMORE, but it was once.


WayToBlue: Such as . . .


Zeus for one, thorhmr and dozens more too.  I really hope you aren't involved in security implementations, because you apparently don't know what your enemies are up to.  

WayToBlue: The sad thing is you're not entirely wrong here, but not for any of the reasons you stated.


Let me break it down for you.
That garbage you call encryption, it's badly implemented, poorly maintained, and even under ideal circumstances, it's inadequate.  The reasons for this are various and far ranging.  The article covers some, I covered some others, Dittybooper provided some rather excellent crypto basics.  Generally, I think we've covered it well enough.

If you really want an education, with all the supporting facts, proofs, software and to have your systems re-implemented with something approaching a secure stack, I can do that.  It costs about 10,000-25,000$ But this being fark, I just assumed generalities would be good enough.


Look, all forms of crypto can be broken.  Including one time pads* (contrary to popular belief).  The amount of entropy inherent in the system used determines the MAXIMUM possible time it could take, it does not say anything about the MINIMUM time needed.  I've done a lot of work with crypto, and while I'm not versed well enough in the math to really get into it, the practical side I am versed in.  Running a cracker against any crypto is a crap shoot.  It might take 2 minutes or 300 years, but since you don't know, you throw processing power at it and see what you get.  I have brute forced 256bit keys in 30 seconds before, pure blind luck of course, but it still happens.  And I'm still not even touching on implementation weaknesses, subversion of the code base, back doors or flawed cryptographic principles, all of which exist in the real world.  Not to mention that most web based systems assume trust of the server or client or both, and that's just STUPID.  I OWN my servers, and I have an interest in the co-host company, and I still don't trust them, too much access, and too easy to tap the lines used for traffic.

*One time pads are by far the MOST secure system I know of, but they can hypothetically still be brute forced.  It's just that the entropy inherent in that particular system is rather absurdly high.  Doesn't mean you won't get lucky though, it just makes it a lot less likely.  (absurdly less likely)  I'm just being realistic though, nothing is unbreakable.  NOTHING.  OTPs are pretty close though.
 
2013-09-06 04:48:23 PM  

Kahabut: One time pads are by far the MOST secure system I know of, but they can hypothetically still be brute forced.  It's just that the entropy inherent in that particular system is rather absurdly high.  Doesn't mean you won't get lucky though, it just makes it a lot less likely.  (absurdly less likely)  I'm just being realistic though, nothing is unbreakable.  NOTHING.  OTPs are pretty close though.


Actually, no.

You can brute force an OTP, but in the end all you will be doing is making a list of every possible message the same length, with no way to know which is which.

Lets say you intercept an 8 character message.  You can brute force that fairly quickly, because there are only 208,827,064,576 possibilities, and if you can check a million per second, it would only take you about 2.4 days to run through them all.  The vast majority will be nonsense, but you can use a computer to winnow out the possibilities to those that contain actual English.

That's the easy part.

Does the 8 character message say "ILOVEYOU" or "IHATEYOU" or "KILLJEFF" or "SAVEJEFF" or "DUCKTALE" or "EATWORMS" or any other valid English word, phrase, or combination thereof?

You've got no way to know, so security is preserved even if you manage to brute force the solution, because there is no way for you to know when you have the correct solution.
 
2013-09-06 04:59:18 PM  
That's probably the biggest misconception about one time pads:  That a properly implemented one can be theoretically broken.  They can't.
 
2013-09-06 09:51:15 PM  
I don't think I believe Kahabut's hot air concerning the alleged "ease" of breaking one-time pad crypto unless he's an NSA operative.

He doesn't sound like one.
 
2013-09-06 10:02:57 PM  

Kittypie070: I don't think I believe Kahabut's hot air concerning the alleged "ease" of breaking one-time pad crypto unless he's an NSA operative.

He doesn't sound like one.


He's just misinformed about one time pads.

You *CAN* brute force a short message in one, but all you will be doing is compiling a list of every possible message of that length, with no way to distinguish the correct one from the billions or trillions of incorrect ones.

Which brings up an interesting property of OTPs:  If you're worried about them monitoring you, you could take a message that you've encrypted already and "recreate" a pad page that would decrypt that message into something innocuous, or perhaps embarrassing but not illegal (like, say, an affair).  You leave that bogus pad page accidentally hanging around like you forgot to destroy it, and when they go ahead and decrypt the one message they have a pad page for, it doesn't show what they think it should show, and in fact it exonerates you from suspicion of using an OTP to commit some nefarious act.
 
2013-09-06 10:10:01 PM  
I think a lot of people tend to denigrate OTPs unfairly.

This is because it's virtually impossible to correctly implement them by computer, and because most people think in terms of "must be able to send gigabytes of data every day", then yeah, it becomes inconvenient.  And distributing keys (the pads) is an issue for that amount.

But for short, infrequent, but *IMPORTANT* messages, OTPs can't be beat, security-wise.  That's why they are still used to communicate with agents in foreign countries, via numbers stations:  Anyone can monitor short wave stations, and the ability to add and subtract is really all you need to encode or decode a message, given the key.

The added bonus of not using a computer that might be vulnerable just enhances the security.
 
2013-09-07 03:25:50 AM  
Kahabut

WayToBlue: Once again, wtf are you on about? "SSL" is basically just a wrapper/glue protocol around other cryptographic primitives. What in particular are you suggesting can be "sliced through."

What does your bank use? Want to watch me crack it?


Let's say citibank, and yes I very much do want to see you crack it, so please post a youtube video. I'm sure it will be forth-coming.


256RES is pretty common on "high end" web encryption now. It's child's play to break. Not as easy as the 128AES systems that many websites still use, but hey, progress.

There is literally no such thing as RES in SSL/TLS, in fact it doesn't appear to exist in any context, but I can say definitively it does not exist in SSL/TLS; maybe that's why you can break it so easily? I'm amazed you can break 128-bit AES so easily since all the world-renowned cryptographers say otherwise. Perhaps a demonstration? I generated this ciphertext with 128-bit AES, I'll show you every step I took:

$ vim apology.txt <- Where I write you a nice apology letter about how wrong I am
$ dd if=/dev/random of=./randkey bs=16 count=1 <- Where I take 16 bytes of random data for the key
$ openssl aes-128-cbc -a -salt -in apology.txt -kfile randkey <- Where I encrypt my apology and output the base64-encoded ciphertext.
U2FsdGVkX19wxPhklzqiiyIlL69OGZHbfJq8Wx+JwTzVtE8R5Wb5I59boQHN28k/
UStLr5Qk/jk6laeTJgzVcYewM4lQZxwYc3sPhL3xEV0alA6ypeXbcOVxTxuf55hY
VGf4snOqjs8Q5LFIpDk6kx2hJSTbwpWk3fB2RRlS3qA9Qoq0uT2dmD6dZvSGOW12
NaH/J6/sKKIbwziW5aL8wA==

You said the fictitious 256RES encryption was "child's play," and 128AES is even easier, so please, give us the message or the key or STFU.


WayToBlue: Such as . . .

Zeus for one, thorhmr and dozens more too.


Zeus is a botnet (well, actually many separate ones), and even if it could concentrate all of the power of its millions of machines for years it wouldn't be powerful enough to break even 128-bit AES, not even close. That's how exponential growth works.

Thorhmr you appear to be making up, as it yields a whopping 196 hits on google with nothing remotely related to crypto. If you have a link I'd like to see it.

You mentioned commercial solutions, please name some and provide links.

WayToBlue: The sad thing is you're not entirely wrong here, but not for any of the reasons you stated.

Let me break it down for you.
That garbage you call encryption, it's badly implemented, poorly maintained, and even under ideal circumstances, it's inadequate. The reasons for this are various and far ranging. The article covers some, I covered some others, Dittybooper provided some rather excellent crypto basics. Generally, I think we've covered it well enough.

If you really want an education, with all the supporting facts, proofs, software and to have your systems re-implemented with something approaching a secure stack, I can do that. It costs about 10,000-25,000$ But this being fark, I just assumed generalities would be good enough.


Breaking something down generally means providing actual information... BTW, if you actually could break the crypto you claim you can, you'd already be rich.

I've done a lot of work with crypto, and while I'm not versed well enough in the math to really get into it,

Clearly.

the practical side I am versed in. Running a cracker against any crypto is a crap shoot. It might take 2 minutes or 300 years, but since you don't know, you throw processing power at it and see what you get. I have brute forced 256bit keys in 30 seconds before, pure blind luck of course, but it still happens.

No, it doesn't. Assuming anything you are saying is true, which I'm doubting, what you actually did is brute-force a human-chosen password that was fed into a KDF which spit out a 256-bit key. But make no mistake, you were not attacking that 256-bit key, you were attacking the crappy password the person chose, and if you got it in 30 seconds the entropy was on the order of ~30-40 bits at the far high end (likely much less). To go around telling people that you cracked a 256-bit key is retarded; the length of the key the KDF spits out is not relevant in this case, it could have spit out a 16KB key, it doesn't matter, that's not what you were attacking.

And I'm still not even touching on implementation weaknesses, subversion of the code base, back doors or flawed cryptographic principles, all of which exist in the real world.

Yay, something true. Although it comes right from the articles about this so I'm not sure how many points you get.

*One time pads are by far the MOST secure system I know of, but they can hypothetically still be brute forced. It's just that the entropy inherent in that particular system is rather absurdly high. Doesn't mean you won't get lucky though, it just makes it a lot less likely. (absurdly less likely) I'm just being realistic though, nothing is unbreakable. NOTHING. OTPs are pretty close though.

You're throwing words around like entropy, but I don't think you actually know what they mean. You can't "brute-force" an OTP, they are provably immune to this kind of attack. You actually managed to find the one (truly, the only one) kind of crypto in any real use that isn't vulnerable to this and claim it is.

"Brute-forcing" an OTP would mean generating every possible output of that length, but there's no correlation or feedback, so you never have a way to know if you're right. Any and every message of that length can be generated and is equally plausible. The only real attack against OTPs are when they aren't actually one-time (i.e. the pad is reused), or against the RNG that generated the pad. If you can find a bias in that then it can be broken, although still very difficult. Either way, you are not "brute-forcing" the OTP.

I realize you are probably just here to troll crypto people, so good job, i bit. But I felt it necessary to call out your nonsense lest the casual reader mistake you for someone who had the slightest notion of what they are talking about.
 
2013-09-07 06:51:54 AM  

WayToBlue: The only real attack against OTPs are when they aren't actually one-time (i.e. the pad is reused), or against the RNG that generated the pad. If you can find a bias in that then it can be broken, although still very difficult.


Even if there is a bias, so long as it's nondeterministic, you're still up shiat creek cryptanalytically.

The Soviets used to use manually generated pads that weren't strictly mathematically random.  In fact, they were generated by typists who were told to "go be random", but there were, statistically, too many left-right keyboard combinations, and too few repeats (triples, quadruples, quintuples).  But because there was no way to determine the next letter or number based upon the previous one, there was no way to effectively cryptanalyze the messages encoded in them.

Mathematically, they didn't meet the strict definition of true randomness.  Since you couldn't derive what the next key element was based upon the previous ones, though, you couldn't break messages that used them cryptanalytically.
 
Displayed 23 of 173 comments

First | « | 1 | 2 | 3 | 4 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report