Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gawker)   Even your encrypted communications are being read by the NSA   (gawker.com) divider line 173
    More: Followup, NSA, online banking, private networks  
•       •       •

6672 clicks; posted to Main » on 05 Sep 2013 at 8:44 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



173 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-09-05 07:47:31 PM  
Time to go with the smoke signals and carrier pigeon.
 
2013-09-05 07:56:00 PM  
There have been known security holes in SSL for years, not to mention the issues that have come up with hacked certificate authorities.

Still, I'd personally like to see the NSA not snoop on US citizens.
 
2013-09-05 08:03:43 PM  

Kit Fister: Time to go with the smoke signals and carrier pigeon.


Until the NRA hires Indians with shotguns.
 
2013-09-05 08:04:46 PM  
NSA. Why the hell is android auto-correcting that to NRA?
 
wee
2013-09-05 08:08:38 PM  
Was the obvious tag broken, subby?
 
2013-09-05 08:21:42 PM  
Well, not *MINE*.  Not when I use these:

img.fark.net

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.
 
2013-09-05 08:23:46 PM  

ecmoRandomNumbers: NSA. Why the hell is android auto-correcting that to NRA?


Why do you think that is? No one talks about the NBA on the internet without the NHL interfering through autocorrect...
 
2013-09-05 08:26:26 PM  
FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.
 
2013-09-05 08:32:19 PM  

NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.


This is a much more detailed article:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

They've taken a multi-pronged approach:

1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.
 
2013-09-05 08:46:53 PM  
I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy
 
2013-09-05 08:47:37 PM  

dittybopper: Well, not *MINE*.  Not when I use these:

[img.fark.net image 320x240]

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


Need to find my D&D dice bag......
 
2013-09-05 08:48:46 PM  
Good thing I never bothered to waste my time with that whole encryption thing when it was all the rage a few weeks back.
 
2013-09-05 08:49:12 PM  
So, I should just bcc them and try and get a tax rebate?
 
2013-09-05 08:49:18 PM  
12 11 2 3 25  14 11 24 16 2518 23
21 6 243 23 24 3 419 8 18 23 17
 
2013-09-05 08:49:23 PM  
But my question is WHY would the NSA be reading my communications, encrypted or in the clear?

Do they have time to detail someone to comb through my Facebook posts to my friends about our views on someone's difficulties with her boyfriend? Or another one's cat's antics?

IF I was doing anything wrong or illegal, guess what. None of it would be via computer anyway, and very likely not even by phone. It would be so far off the grid that the NSA wouldn't even know where to look for it--like the Unabomber did.
 
2013-09-05 08:49:52 PM  
Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book
 
2013-09-05 08:51:10 PM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.
 
2013-09-05 08:52:33 PM  
this is why I shave all of my communications into cats' fur
 
2013-09-05 08:52:52 PM  

ecmoRandomNumbers: NSA. Why the hell is android auto-correcting that to NRA?


It made sense with the NRA in that context.
 
2013-09-05 08:53:53 PM  
1.bp.blogspot.com
 
2013-09-05 08:54:22 PM  
It would be nice if the NSA actually stopped terrorism or human trafficking or some, you know, crime. I guess they're just syphoning up all that info for shiats and grins.
 
2013-09-05 08:54:56 PM  

Creoena: [1.bp.blogspot.com image 432x575]


The NSA won't turn over their backups of your data.
http://www.cbsnews.com/8301-205_162-57600777/techies-foia-request-fo r- backup-data-from-nsa-denied/
 
2013-09-05 08:55:13 PM  

dittybopper: Well, not *MINE*.  Not when I use these:

[img.fark.net image 320x240]

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper flashpaper FTW.


kicked up that security for ya
 
2013-09-05 08:55:16 PM  
www.audiobooksonline.com
 
2013-09-05 08:55:57 PM  

Gyrfalcon: But my question is WHY would the NSA be reading my communications, encrypted or in the clear?

Do they have time to detail someone to comb through my Facebook posts to my friends about our views on someone's difficulties with her boyfriend? Or another one's cat's antics?

IF I was doing anything wrong or illegal, guess what. None of it would be via computer anyway, and very likely not even by phone. It would be so far off the grid that the NSA wouldn't even know where to look for it--like the Unabomber did.


I would be impressed if they had the resources to read all user posts to fark.com alone...
 
2013-09-05 08:56:24 PM  
Ntan.  Ihapgstpt.  AitikhtrtC.
 
2013-09-05 08:56:41 PM  

ecmoRandomNumbers: NSA. Why the hell is android auto-correcting that to NRA?


Well only one exists, of course.
 
2013-09-05 08:58:20 PM  
The Freemasons know how to keep the NSA from reading stuff.  It's one of our few secrets.
 
2013-09-05 08:58:22 PM  
At first I 038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912
And then I  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 2 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 2 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 2 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238038482304802384  4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 2 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238038482304802384 0238409238409283408234082340 4092384 02384028i3 40 2 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384  409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 8123908123097 1 901 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912   1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 28340234 02384092384098 230948 203984 20398 0012381723812789090920918201 912 12 0 01 209128319238109238 82 381 8123908123097 1 901 830182 0381209 830912  038482304802384 0238409238409283408234082340 4092384 02384028i3 40 2
 
2013-09-05 08:58:31 PM  
I can't realky complain - my encryption only ever claimed to be 'pretty good'
 
2013-09-05 08:59:37 PM  

Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


Of course not.  They use machines for that.  Any e-mail with enough flags DOES get read by someone.
 
2013-09-05 09:00:18 PM  

Gyrfalcon: But my question is WHY would the NSA be reading my communications, encrypted or in the clear?

Do they have time to detail someone to comb through my Facebook posts to my friends about our views on someone's difficulties with her boyfriend? Or another one's cat's antics?

IF I was doing anything wrong or illegal, guess what. None of it would be via computer anyway, and very likely not even by phone. It would be so far off the grid that the NSA wouldn't even know where to look for it--like the Unabomber did.


I'm glad they use social security numbers instead of punching holes in our ears.
 
2013-09-05 09:00:26 PM  
I think the NSA is doing a terrific job.  Keep up the good work, guys, nothing to see here.

kthxbye
 
2013-09-05 09:00:55 PM  

AverageAmericanGuy: 12 11 2 3 25  14 11 24 16 2518 23
21 6 243 23 24 3 419 8 18 23 17


ÑB*¡@¡B*Ø.¢ƒ‰VkB
E*ÁŒYE1ÀäA!¨¤EÕM&]ÿ Ï좣_•ŒH[Fd*ÊU
* P€D(T$ „Pà/G#×½U  !! :)
 
2013-09-05 09:01:17 PM  
If they're looking at my encrypted stuff, I hope they enjoy weird porn.
 
2013-09-05 09:01:55 PM  

Gyrfalcon: But my question is WHY would the NSA be reading my communications, encrypted or in the clear?

Do they have time to detail someone to comb through my Facebook posts to my friends about our views on someone's difficulties with her boyfriend? Or another one's cat's antics?

IF I was doing anything wrong or illegal, guess what. None of it would be via computer anyway, and very likely not even by phone. It would be so far off the grid that the NSA wouldn't even know where to look for it--like the Unabomber did.


An eye reduces crime.
 
2013-09-05 09:02:50 PM  

Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL



i.imgur.com
Whether it's the NSA or your local cheeto-stained sysadmin, someone is reading your email.
 
2013-09-05 09:02:58 PM  

Snarcoleptic_Hoosier: If they're looking at my encrypted stuff, I hope they enjoy weird porn.


You mean there are spooks that don't enjoy weird porn?
 
2013-09-05 09:03:47 PM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


Obama 2012.
 
2013-09-05 09:04:40 PM  

AverageAmericanGuy: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.


Your Average Witty American isn't having ANY of their correspondence "flagged for further scrutiny".

Everyone is up in arms over NOTHING. Wah. Cry me a river.
 
2013-09-05 09:04:56 PM  

StopLurkListen: At first I *snip*


Jesus farking christ goddamnit this is supposed to be a safe for work site.  Good god man I'll never get that out of my mind.  Holy shiat that was horrific and I've seen some shiat.
 
2013-09-05 09:05:58 PM  
The Feds have a law that does not allow an encryption system that they cannot break or get into.
I heard that about 8 years ago.
 
2013-09-05 09:07:26 PM  

Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.

Your Average Witty American isn't having ANY of their correspondence "flagged for further scrutiny".

Everyone is up in arms over NOTHING. Wah. Cry me a river.


Well, the content would have to be interesting to be flagged, so I can see where you're coming from.
 
2013-09-05 09:07:52 PM  

Ivo Shandor: Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


[i.imgur.com image 380x380]
Whether it's the NSA or your local cheeto-stained sysadmin, someone is reading your email.


I'm actually far more worried about my local cheeto-stained sysadmin. The NSA is much less likely to stalk me in a furry suit and a cardboard sword named "Lemonslayer".
 
2013-09-05 09:08:10 PM  

dittybopper: Well, not *MINE*.  Not when I use these:

[check this sh*t out, NSA.jpg]

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


Hi ditty.

Those one time pads make me drool. I think I need more dice.
 
2013-09-05 09:08:46 PM  

Smeggy Smurf: StopLurkListen: At first I *snip*

Jesus farking christ goddamnit this is supposed to be a safe for work site.  Good god man I'll never get that out of my mind.  Holy shiat that was horrific and I've seen some shiat.


Yeah. I didn't even know hemaphrodite manatees existed
 
2013-09-05 09:14:14 PM  
I'm starting to think that the Government is going to have to drop all pretenses and just enslave us all before people will band together and stop all this bullshiat.
 
2013-09-05 09:15:08 PM  
Oh, I need to bring this back:
A series of tubes


♫ Enormous tubes... massive massive tubes...
It's not something you just dump something on... it's not a big truck
...It's a series of tubes! ♫
 
rpm
2013-09-05 09:16:19 PM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.


The encryption may be effectively unbreakable. The encryption programs and encryption standard process are not.
 
2013-09-05 09:16:20 PM  

GRCooper: Smeggy Smurf: StopLurkListen: At first I *snip*

Jesus farking christ goddamnit this is supposed to be a safe for work site.  Good god man I'll never get that out of my mind.  Holy shiat that was horrific and I've seen some shiat.

Yeah. I didn't even know hemaphrodite manatees existed


What are you guys talking about? it's just a schooner.
 
2013-09-05 09:20:08 PM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do


farm4.staticflickr.com

Dr. Gunther Janek unavailable for comment. . .

/Too Many Secrets
 
2013-09-05 09:22:01 PM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


If you are doing nothing wrong, you have nothing to fear!!!

I bet you were outraged when Bush did it, right?
 
2013-09-05 09:23:15 PM  
Simple rule: if you put it out there somebody can see it.
 
2013-09-05 09:23:38 PM  

dittybopper: Well, not *MINE*.  Not when I use these:



Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


But the duplication and distribution are the big weaknesses. Great for single important messages, labourous for day to day chatter.
 
2013-09-05 09:23:51 PM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book


That's all well an good, if the implementation is perfect and the system doing the crypto is otherwise secure... which it almost never is.
 
2013-09-05 09:32:14 PM  

dittybopper: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

This is a much more detailed article:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

They've taken a multi-pronged approach:

1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.


Yes and even with all that, it gives them your CC number.

Were there people stupid enough to think that SSL HTTPS was a secure standard?  Despite the numerous times it's been shown to be either completely broken, or partially broken?  Or the fact that you can simply MitM the server?  SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

There is an old thought process about encryption.  It goes roughly like this... How valuable is the material?  How time sensitive is it?  Now pick an algorithm that exceeds both those values.

Because the bottom line has always been that nearly any encryption can be broken, you just need it to hold long enough to get past the useful time frame of the information.  It's long been thought that SSL was good enough for it's use because criminal elements don't have the computer power required to crack it quickly (or at all), but that is utter fantasy land bullshiat.  Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and other similar programs proved that ages ago.

This isn't theoretical, this is shiat I've dealt with in the real world.  There is commercially available software that will break SSL by brute-force if you have a large enough botnet/system/MPP, and there are commercially available software for all of that too.
And that's the stuff the "hackers" have.  Imagine what the government agencies that have been at this for 60 years, and a couple trillion dollars, AND "national security" have going for them.

Current internet communications aren't secure, they never were, but for some reason a lot of people seem to think they are now, and that's just plain wrong.
 
2013-09-05 09:35:19 PM  
I guess it is time for Congress to deliver on what must have been a promise by the agencies of another grant of immunity from lawsuits in favor of the companies that cooperated, to the extent they are not covered by the original one.  And it may also have to immunize individual agents who acted for the government when the individual's employer was not cooperating, if there were any such cases, because the employer would have a claim against the employee.

Over in the TSA thread 4ts came out with some derp about how the US government is going to try to incentive people to adopt a government verified online identity, that would confer some benefit in return for which the user waives any right not to be tracked, the way many do in employment agreements.  I suspect they see a future in which the norm would be for people to authenticate for all communications, all platforms.
 
2013-09-05 09:35:42 PM  

edmo: Simple rule: if you put it out there somebody can see it.


Like nude teen selfies, got it.

What?
 
2013-09-05 09:37:39 PM  

4tehsnowflakes: I guess it is time for Congress to deliver on what must have been a promise by the agencies of another grant of immunity from lawsuits in favor of the companies that cooperated, to the extent they are not covered by the original one.  And it may also have to immunize individual agents who acted for the government when the individual's employer was not cooperating, if there were any such cases, because the employer would have a claim against the employee.

Over in the TSA thread 4ts came out with some derp about how the US government is going to try to incentive people to adopt a government verified online identity, that would confer some benefit in return for which the user waives any right not to be tracked, the way many do in employment agreements.  I suspect they see a future in which the norm would be for people to authenticate for all communications, all platforms.


That actually sounds close to what they're doing in China right now.
 
2013-09-05 09:38:15 PM  
Breaking the modern public key algorithm by a brute force man in the middle attack is, ultimately, a losing proposition.

So you have the most badass computer in the world, ok, I'll just double the length of my key. Now you'll need hundreds of millions of those computers, working for decades, to decode a simple message.

Unless they're decades ahead of the world in quantum computing, or have figured out an efficent prime number factoring equation, something that's eluded Mathmaticians for centuries
 
2013-09-05 09:40:18 PM  
Hello... Miley? Syria? We have more important things to worry about.
 
2013-09-05 09:42:48 PM  

Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL



It's cute that you're assuming that this is what subby is thinking.  Of course it's a /computer/ reading your farking mail (and your phone, and your skype, and your usenet, and your irc, and your gopher, and your sftp, and anything else that goes down the fiber) and cataloging it and filed away to be used against you in the future, should you become a threat to the powers that be.  So they can go back 20 years to find stuff to use against you.

That's why this is being done.
 
2013-09-05 09:42:57 PM  
Carter was the last President to even try to push back against this.
 
2013-09-05 09:44:27 PM  
Gyrfalcon
But my question is WHY would the NSA be reading my communications, encrypted or in the clear?
Do they have time to detail someone to comb through my Facebook posts to my friends about our views on someone's difficulties with her boyfriend? Or another one's cat's antics?


Ever searched for an ex or someone else you know/knew on Google or Facebook out of curiosity?
You used the tools that were available for you.
The NSA is made up of (hundred?)thousands of people and contractors who drink beer, fart and scratch their privates in about the same proportion as the rest of the population.
Given how Snowden could dump tons of data and go to Russia and publish stuff in the newspapers before anyone noticed, they don't seem to be all that worried about internal monitoring. So some of those thousands of people very likely decide to use the tools available to them.
I remember a couple of threads on Fark about police officers abusing their access to data to stalk women; I don't see why NSA employees would be any different.

Or to reference your comment about your local cheeto-stained sysadmin:
I would be surprised if there aren't quite a few cheeto-stained sysadmins or sexually-frustrated math nerds in NSA basements across the country.
 
2013-09-05 09:45:01 PM  
We never dealt with domestic. With us, it was always war. We won the war. Now we're fighting the peace. It's a lot more volatile. Now we've got ten million crackpots out there with sniper scopes, sarin gas and C-4. Ten-year-olds go on the Net, downloading encryption we can barely break, not to mention instructions on how to make a low-yield nuclear device. Privacy's been dead for years because we can't risk it. The only privacy that's left is the inside of your head. Maybe that's enough. You think we're the enemy of democracy, you and I?

filmdope.com

 I think we're democracy's last hope.
 
2013-09-05 09:46:01 PM  

rpm: TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.

The encryption may be effectively unbreakable. The encryption programs and encryption standard process are not.


Math lacks agency. Code does not.

/although I think even the first part is debatable, somewhat.
 
2013-09-05 09:59:27 PM  

NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.


Sure they would. It's a win-win for them. If you cooperate, they weren't evil people who spied on you - you gave them the key. If you don't cooperate, they have one more reason to throw you in prison.
 
2013-09-05 10:02:04 PM  
The NSA is looking through everything because they are looking for any excuse to ruin you.
 
2013-09-05 10:02:16 PM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book


Yeah, if I release it to the public I get a Nobel and some cash along with hate from everyone who depends on that for their security.  If I license it to the NSA I can live a life of ease cause they'll write me a check for a million a month just to keep it quiet.  Seems like a no brainer unless you're a real attention whore.
 
2013-09-05 10:06:43 PM  

Suckmaster Burstingfoam: edmo:

nude teen selfies


Now we can truly say, this thread is worthless without pix
 
2013-09-05 10:07:19 PM  
I bet ya the NSA already knows this, so hell, why not tell the rest of you?

I love tranny porn with a lot of big bulging objects that get inserted into certain body organs

IM GONNA GO CRY NOW THAT MY SECRET IS OUT!
 
2013-09-05 10:09:40 PM  

bubo_sibiricus: Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


It's cute that you're assuming that this is what subby is thinking.  Of course it's a /computer/ reading your farking mail (and your phone, and your skype, and your usenet, and your irc, and your gopher, and your sftp, and anything else that goes down the fiber) and cataloging it and filed away to be used against you in the future, should you become a threat to the powers that be.  So they can go back 20 years to find stuff to use against you.

That's why this is being done.


That right there. If you ever become worthy of destroying, they can easily do that.
 
2013-09-05 10:12:44 PM  
It doesn't matter what rights you believe you have.  If you are unable to verify and assert them, they might as well not exist at all.  This is why secrecy is so important to these organizations. You can not find redress against an invasion of your rights that you don't know exists.  They exaggerated and contorted the meaning of the law until it was suitable to what was convenient for them and then used effectiveness as an excuse to not tell us, thus preventing us from seeing the obvious misrepresentation they were executing and correcting it.
 
2013-09-05 10:14:54 PM  

Evil High Priest: bubo_sibiricus: Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


It's cute that you're assuming that this is what subby is thinking.  Of course it's a /computer/ reading your farking mail (and your phone, and your skype, and your usenet, and your irc, and your gopher, and your sftp, and anything else that goes down the fiber) and cataloging it and filed away to be used against you in the future, should you become a threat to the powers that be.  So they can go back 20 years to find stuff to use against you.

That's why this is being done.

That right there. If you ever become worthy of destroying, they can easily do that.




A whole lotta this.

I've been saying and writing this for years.
 
2013-09-05 10:17:55 PM  

4tehsnowflakes: Suckmaster Burstingfoam: edmo:

nude teen selfies

Now we can truly say, this thread is worthless without pix


I try to do my bit.
 
2013-09-05 10:22:21 PM  

The Voice of Doom: Gyrfalcon
But my question is WHY would the NSA be reading my communications, encrypted or in the clear?
Do they have time to detail someone to comb through my Facebook posts to my friends about our views on someone's difficulties with her boyfriend? Or another one's cat's antics?

Ever searched for an ex or someone else you know/knew on Google or Facebook out of curiosity?
You used the tools that were available for you.
The NSA is made up of (hundred?)thousands of people and contractors who drink beer, fart and scratch their privates in about the same proportion as the rest of the population.
Given how Snowden could dump tons of data and go to Russia and publish stuff in the newspapers before anyone noticed, they don't seem to be all that worried about internal monitoring. So some of those thousands of people very likely decide to use the tools available to them.
I remember a couple of threads on Fark about police officers abusing their access to data to stalk women; I don't see why NSA employees would be any different.

Or to reference your comment about your local cheeto-stained sysadmin:
I would be surprised if there aren't quite a few cheeto-stained sysadmins or sexually-frustrated math nerds in NSA basements across the country.


Which goes back to "WHY"?

Yeah, I could find just about anyone, right now, with the tools available to me. I don't need to worry about breaking their encryption. Hell, I've done it. If someone wants to stalk me--or IS stalking me--or wants to stalk someone else--they don't need to be in the NSA to do it; they can use the tools available. It's why my street address is not on my driver's license or my billing statements and why I don't post "I'm at Joe's having lunch!" updates all over Facebook like so many of my friends.

So with all that, the real question is "WHY would the NSA (or any government agency) be looking at your communications UNLESS you are already on their radar?" This idea that they "might" be storing stuff up "in case" they might want to frame you or prosecute you at some future date because of something you could do in the future or if the government were to become more evil or totalitarian overlooks the fact that a) if you do something in the future that puts you on their scopes, they'll have plenty of material to bust you on and won't NEED your dallyings in the past, and b) if the government is that evil in the future, again, they won't need to have actual stuff to bust you on, they'll just invent whatever they don't have.

Either a government is bound by rules of law or they aren't--and in either case, they won't be relying on stored data that is years or decades old to put someone in prison. They'll either have legitimate new data or they'll just create illegitimate new data. And insofar as weird stalkers or criminals--again, they don't need encrypted data when people so obligingly put that info out on Facebook and Twitter for all to see.
 
2013-09-05 10:22:38 PM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


No wonder no one is reading your email, you type in all caps.
 
2013-09-05 10:26:46 PM  

indy_kid: Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL

Of course not.  They use machines for that.  Any e-mail with enough flags DOES get read by someone.


You know, ever since I read about the governments "persona management" efforts some posts seem to jump out at me a little differently.

http://www.rawstory.com/rs/2011/02/22/exclusive-militarys-persona-soft ware-cost-millions-used-for-classified-social-media-activities/
 
2013-09-05 10:28:18 PM  

dittybopper:
1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.


I'm okay with #3 and #4; that's in line with their mandate. It's #1 and #2 where I draw the line. NSA's other mandate used to be to secure the communications of US persons, both meat-based and corporate. It took NSA 10-15 years to get over the stigma of the rumors that they farked with the S-boxes to put a back door in DES, before the community finally realized they'd been trying, as hard and as quietly as they could, to help.

Today I learned that the tinfoil hats of the 80s weren't wrong, they were just a few decades ahead of their time. How well can any business trust the AES-NI instruction set in that spiffy CPU of theirs?

/sigh. I'm not surprised anymore, just disappointed.
 
2013-09-05 10:34:01 PM  
And now the Internet has brought me porn that features a bunch of chubby, sweaty, middle-aged guys gang-banging the fourth amendment. Awesome.
 
2013-09-05 10:38:17 PM  
setec astronomy
 
2013-09-05 10:40:02 PM  
Here's my take on this:

I have no skeletons in my closet.  None.  No amount of peeking into my Facebook or Gmail account is going to yield blackmail-able information about me, because nothing of the kind exists.  I am an honest-to-God upstanding citizen.  I don't drink and drive.  I've never been arrested.  I've never attended a protest.  I don't have any porn of any type on my computer.  I've never cheated on anyone. I vote in every election.  And so on and so forth...

What bothers me is that the NSA (or whoever) may need a scapegoat for something down the road, and I might just be too convenient for that purpose, in which case they would have to LIE and invent "evidence" in order to make such an accusation stick, which may include information that they claim they got through NSA surveillance (but wouldn't be able to disclose exactly how, since that information needs to be kept confidential for national security purposes).  In which case it doesn't matter what my "rights" are; I will have no protections whatsoever.
 
2013-09-05 10:40:05 PM  
Is truecrypt any good?
 
2013-09-05 10:45:02 PM  
Can you imagine how many peda bytes of porn the NSA collects daily?!

The only thing I have ever seen consistently encrypted had been things guys don't want their girlfriends to know about...
 
2013-09-05 10:47:00 PM  

whither_apophis: dittybopper: Well, not *MINE*.  Not when I use these:

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.

But the duplication and distribution are the big weaknesses. Great for single important messages, labourous for day to day chatter.


True, but think about it:  How many of your communications are actually inane and/or unimportant?

It's a large fraction, I'll bet.

Duplication of the keys themselves isn't a problem.  You make the duplicate when you make the original, either using carbon paper, which is getting harder to find and must be destroyed afterwards, or two-part carbonless forms.

When you type the pads on your manual typewriter*, you are making the original, and a copy for your correspondent.

Distribution isn't as big a problem as people make it out to be.  You can transfer a whole lot of pads all at once in a physical transfer.  If you can't afford to be seen together, do a dead drop.  Or you could just mail them in tamper-evident packaging.  It doesn't have to be tamper*PROOF*, you just have to be able to detect that it's been opened.  Foil and superglue, combined with tell-tales, make an excellent and cheap way to do that.


*The big vulnerability is electronic devices.   Never use them to generate pads.
 
2013-09-05 10:47:33 PM  
It's been a long time since I read "The Code Book" and someone correct me if I'm wrong, but can't you crack SSL by factoring two large prime integers that were multiplied together?  I remember reading about the "assumption" that there wasn't a good way to do it, so they assumed the transmission was secure.  That was 10 years ago.  I imagine they have a good way of doing it now.
 
2013-09-05 10:49:20 PM  
Wake me up when they figure out how to crack PGP.
 
2013-09-05 10:53:40 PM  

Gyrfalcon: IF I was doing anything wrong or illegal, guess what. None of it would be via computer anyway, and very likely not even by phone. It would be so far off the grid that the NSA wouldn't even know where to look for it--like the Unabomber did.


Er, they caught him.

http://en.wikipedia.org/wiki/Ted_Kaczynski#Arrest
 
2013-09-05 10:58:44 PM  

AverageAmericanGuy: Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.

Your Average Witty American isn't having ANY of their correspondence "flagged for further scrutiny".

Everyone is up in arms over NOTHING. Wah. Cry me a river.

Well, the content would have to be interesting to be flagged, so I can see where you're coming from.


That's exactly my point. If you're emailing grandma to thank her for that swell sweater she got you for your birthday, no one is going to read it. If you're setting up a tryst with your 19 year old college cheerleader girlfriend behind you're wife's back, no one is going to read it. If you're texting your buddy "hey bro u me n a 6pack 4 NFL 2nite?" no one is going to read it. You have to really go out of your way to be a slimy sack of homeland security threatening shiat to get your email or text messages read. I highly, HIGHLY doubt any of us is sending emails/texts that would get flagged for further review. It's common sense for most people. Other people like to get worked up over nothing.
 
2013-09-05 11:00:42 PM  
This is one of those things that earlier NSA whistleblowers had revealed, but since they lacked the proof that Snowden provided, they were ignored.

For instance, here:

The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails-parking receipts, travel itineraries, bookstore purchases, and other digital "pocket litter." It is, in some measure, the realization of the "total information awareness" program created during the first term of the Bush administration-an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans' privacy.

But "this is more than just a data center," says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle-financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications-will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: "Everybody's a target; everybody with communication is a target."
 
2013-09-05 11:00:50 PM  

saturn badger: Er, they caught him.


Only when his brother turned him in.
 
2013-09-05 11:01:05 PM  

bingo the psych-o: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No wonder no one is reading your email, you type in all caps.


True fact: when you email in all caps, the program reading your messages uses up twice as many CPU cycles in a fit of rage.
 
2013-09-05 11:01:34 PM  
Hell, the NSA can read my stuff all they like, it should be useful for curing their insomnia.
 
2013-09-05 11:01:47 PM  

machoprogrammer: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

If you are doing nothing wrong, you have nothing to fear!!!

I bet you were outraged when Bush did it, right?


Bush himself could sit down and read every text I've ever sent, and I wouldn't give a shiat nor a second thought.


bingo the psych-o: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No wonder no one is reading your email, you type in all caps.


You saw that only one line was in all caps, for the sake of emphasis, right? Or are you just stupid?

/haven't sent a non-work email in years, actually
//so I don't care
 
2013-09-05 11:02:24 PM  
i2.kym-cdn.com
 
2013-09-05 11:03:16 PM  

Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.

Your Average Witty American isn't having ANY of their correspondence "flagged for further scrutiny".

Everyone is up in arms over NOTHING. Wah. Cry me a river.

Well, the content would have to be interesting to be flagged, so I can see where you're coming from.

That's exactly my point. If you're emailing grandma to thank her for that swell sweater she got you for your birthday, no one is going to read it. If you're setting up a tryst with your 19 year old college cheerleader girlfriend behind you're wife's back, no one is going to read it. If you're texting your buddy "hey bro u me n a 6pack 4 NFL 2nite?" no one is going to read it. You have to really go out of your way to be a slimy sack of homeland security threatening shiat to get your email or text messages read. I highly, HIGHLY doubt any of us is sending emails/texts that would get flagged for further review. It's common sense for most people. Other people like to get worked up over nothing.


Well, then there's nothing to worry about, is there. I don't have any bombs in my luggage either. I don't even both with the TSA lock anymore, if the government wants to search my stuff, it must be for a good reason. Who am I to feel uncomfortable that my privacy is gone?
 
2013-09-05 11:04:36 PM  

cman: I bet ya the NSA already knows this, so hell, why not tell the rest of you?

I love tranny porn with a lot of big bulging objects that get inserted into certain body organs

IM GONNA GO CRY NOW THAT MY SECRET IS OUT!


Wanna trade? EIP.
 
2013-09-05 11:05:23 PM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.


I suggest you read up on how Stuxnet exploited a fundamental weakness in MD5, allowing for the integrity of AES encryption to be compromised.

The keys to the castle have been had for over a decade now.
 
2013-09-05 11:05:34 PM  

Your Average Witty Fark User: You have to really go out of your way to be a slimy sack of homeland security threatening shiat to get your email or text messages read.


History shows that you could also simply be expressing political views the powers that be do not appreciate.

Like Dr. King's belief that all men are created equal. Even if black.

Or Vietnam war protestors.

Or Occupy protestors against economic injustice.

We already know all of those were targeted and treated like terrorists for their political views.
 
2013-09-05 11:16:05 PM  

MemeSlave: [i2.kym-cdn.com image 758x600]


i.imgur.com
And keep those hooves on the keyboard, not in your pants, citizen!
 
2013-09-05 11:24:25 PM  

Ivo Shandor: saturn badger: Er, they caught him.

Only when his brother turned him in.


Still got caught. Doesn't really matter how.,
 
2013-09-05 11:31:05 PM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book


NSA is the largest private employer of mathematics PhD's in the country. They have their own engineers to build their supercomputers since no one makes the technology they need. Rumor has it that it took less than 30 minutes for them to break the internet 128 bit encryption just by using brute force.
 
2013-09-05 11:33:19 PM  

dittybopper: Well, not *MINE*.  Not when I use these:

[img.fark.net image 320x240]

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


Yeah, about that.  Unless you're using code words as well it'll still read it.   And it could read it wrong in a worse way too.
 
2013-09-05 11:33:26 PM  
I was already laughing at the people getting those programs to "encrypt" and "protect" their data. I was thinking this story would've taken at least two weeks to appear, but even so I'm sure those companies already made a hell of a profit saying they could hide you.
 
2013-09-05 11:46:11 PM  
BullBearMS:  "Everybody's a target; everybody with communication is a target."

The documents excerpted in the Guardian version actually talk about the cryptanalytic efforts as being directed at "civilians and other adversaries".  It's a war on you and your privacy.  And as if to drive the point home, the US and UK agencies each named their version of the operation after a civil war battle from the histories of their respective countries.
 
2013-09-05 11:50:40 PM  

Kahabut: dittybopper: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

This is a much more detailed article:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

They've taken a multi-pronged approach:

1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.

Yes and even with all that, it gives them your CC number.

Were there people stupid enough to think that SSL HTTPS was a secure standard?  Despite the numerous times it's been shown to be either completely broken, or partially broken?  Or the fact that you can simply MitM the server?  SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

There is an old thought process about encryption.  It goes roughly like this... How valuable is the material?  How time sensitive is it?  Now pick an algorithm that exceeds both those values.

Because the bottom line has always been that nearly any encryption can be broken, you just need it to hold long enough to get past the useful time frame of the information.  It's long been thought that SSL was good enough for it's use because criminal elements don't have the computer power required to crack it quickly (or at all), but that is utter fantasy land bullshiat.  Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and oth ...


Not to mention that servers almost never change their keys so once you crack it you're good to go forever.
 
2013-09-05 11:50:45 PM  

NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.


Because the NSA doesn't care about the run of the mill pedo or small time meth dealer and they aren't going to show what they can do just so John Law can look good in the local papers
 
2013-09-06 12:00:14 AM  

smerfnablin: Can you imagine how many peda bytes of porn the NSA collects daily?!

The only thing I have ever seen consistently encrypted had been things guys don't want their girlfriends to know about...


The NSA probably does have one of the largest databases of porn files in the world.

Though it is probably orders of magnitude smaller than the amount of porn in the internets.

When the NSA comes across a big encrypted file maybe it IS ultra-top-secret plans for the new KeyHole-666 spy satellite or maybe it's just another porn file. If they automatically decrypt it and can match it against the porn DB then it is no big deal and goes into their records as just evidence that a particular citizen likes porn. If they can't match it against something known then it requires further attention - maybe using some secret heuristic classifier or having an actual human look at it.

Having enormous DBs of porn, music, movies, and other things that copies of commonly float around the internets is an easy way of weeding out things that don't need attention.
 
2013-09-06 12:00:23 AM  

saturn badger: Ivo Shandor: saturn badger: Er, they caught him.

Only when his brother turned him in.

Still got caught. Doesn't really matter how.,


Sure it does. Did they catch him because of de-crypted emails, reams of documents, sekrit files full of phone messages and all kinds of other stuff people are worried about? No. They caught him the hard way, by releasing his "manifesto" which is brother happened to see, and recognized the style. Which led to his remote cabin that was full of other, usable evidence--bomb making materials similar to other bombs the Unabomber had sent, the typewriter used to type the "manifesto" and other things that would have convinced a jury (if he had gone to trial) in no uncertain terms, that this was the guy who'd been blowing people up for the past 25 years.

Which is the other issue: In a country that still nominally runs by rule of law, you get a fair trial. All this crap the NSA is sekritly compiling to theoretically make you look bad if someday they need to scapegoat you because for some reason or other--assuming they did, you still go to trial in open court, unless you're being court-martialed. And juries are still oddly reluctant to convict based on strange evidence they don't really understand, gotten in ways they can't comprehend by agencies they don't particularly like--which is why OJ and Casey Anthony got away with it. (DNA? What's DNA? how does that work? Why can't they just talk about how Nicole was murdered?)

Unless by now you're so paranoid you think you're going to be tried in secret by a rigged jury and not given your choice of attorney--in which case why does the evidence against you matter anyway?--then this fear of what the NSA is doing is misplaced. The fears should not be what they're doing, but how to prevent use of whatever they're getting from being used once they've got it; because they're going to get it regardless.
 
2013-09-06 12:02:39 AM  

Smeggy Smurf: StopLurkListen: At first I *snip*

Jesus farking christ goddamnit this is supposed to be a safe for work site.  Good god man I'll never get that out of my mind.  Holy shiat that was horrific and I've seen some shiat.


Guys like you and me, we need a "I survived Gorgor" badge or something.
 
2013-09-06 12:04:33 AM  

vsavatar: Wake me up when they figure out how to crack PGP.


This
 
2013-09-06 12:14:16 AM  
Zoiuvwbu uim gomg:

VO! VO! W'a fsorwbu mcif saowzg!
 
2013-09-06 12:36:08 AM  
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

1. Reasonable to search everything for everybody?
2. What is the probable cause for searching everything?
3. What is the target of the warrant to search?
 
2013-09-06 12:50:55 AM  

AltheaToldMe: vsavatar: Wake me up when they figure out how to crack PGP.

This


Bless your heart.
 
2013-09-06 12:50:56 AM  
Can I just say I don't care any more. I have been suicidal for days and just don't care.
 
2013-09-06 12:56:07 AM  
I don't worry, my data is well-encrypted, and stored in a safe server in the Sultanate of Kinakuta.
 
2013-09-06 01:10:42 AM  
Seriously? Seriously, tell me you are the least bit surprised by any of this. Tell me you are surprised that the gummint, with billions of our money behind them, has the capability to monitor your communications. Tell me that given the capacity to listen and watch anything they please that you think for a second the career spies are foregoing the opportunity out of a sense of decency or because there might be one or another puny law standing in their way? In a few years they will be able to read our very thoughts, never mind our Internet ramblings. Hell, hobbyists can buy camera-equipped remote-control drones right now! Even Santa Claus just buys his naught and nice list from the gummint nowadays. Yes, indeed, the days of private lives are a thing of the past. Who needs black helicopters when the alien technology that used to be at Area 51 is now disseminated to Homeland Security? Do you think the RFID chips for your pets are just a slightly-creepy way of getting your lost dog back? It is to soften us up for universal implantation, Yes, just like mandatory fingerprinting, it will begin with prisoners, to "protect" us from bad people, then kids to "protect the children", then mandatory universal GPS implants! The gummint will soon be able to enhance their "revenue" by issuing speeding tickets by computer, documented by your GPS implant! The gummint will soon be sending goon squads to snatch you off of the street for smoking dope, detected by how often you blink! Trespass on gummint property? You bet that's a takedown by the SWAT team, and off you go in the unmarked black van. Sneak out of work early? That's a failure to contribute to corporate profitability, and off you go! Skip church on Sunday? You're a Godless Democrat, and a threat to what's left of "society"! Smoke a Cuban cigar in the US of A? You're an evil smoker! Off you go! Ranting on Fark.com? Are you kidding?
 
2013-09-06 01:17:37 AM  
Was the obvious tag out behind the dumpster getting slapped around with a rubber hose until it pledged loyalty to the fourth reich?
 
2013-09-06 01:18:36 AM  
Kahabut

Were there people stupid enough to think that SSL HTTPS was a secure standard? Despite the numerous times it's been shown to be either completely broken, or partially broken? Or the fact that you can simply MitM the server? SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

That is simply untrue. Whoever told you it was only supposed to be good for a few hours lied to you.

Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and other similar programs proved that ages ago.

Once again, wtf are you on about? "SSL" is basically just a wrapper/glue protocol around other cryptographic primitives. What in particular are you suggesting can be "sliced through."

This isn't theoretical, this is shiat I've dealt with in the real world. There is commercially available software that will break SSL by brute-force if you have a large enough botnet/system/MPP, and there are commercially available software for all of that too.

Such as . . .

Current internet communications aren't secure, they never were, but for some reason a lot of people seem to think they are now, and that's just plain wrong.

The sad thing is you're not entirely wrong here, but not for any of the reasons you stated.
 
2013-09-06 01:21:33 AM  
I have a theory.  My theory states that all data has a big security hole.  Gigantic.  Ready?  IT'S ALL JUST A  BUNCH OF F*UCKING ONES AND ZEROS JUMPING THROUGH HOOPS MAKING SIMULACRA OF ACTUAL THINGS.  Math.  Very, very narrow number set math.  All of it.  Ha ha.
 
2013-09-06 01:31:52 AM  

alice_600: Can I just say I don't care any more. I have been suicidal for days and just don't care.


You know the NSA won't read this for 20 years, so they won't send anyone to stop you until it's too late.

/also don't be suicidal, whatever's wrong will pass, just give it time.
 
2013-09-06 01:33:44 AM  
alice_600

Can I just say I don't care any more. I have been suicidal for days and just don't care.

For you. Apply liberally.
 
2013-09-06 01:38:48 AM  
Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.
 
2013-09-06 01:42:17 AM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


You're right. No human is. But we allow machines to do so. I hope you never piss off your town alderman.
 
2013-09-06 01:45:10 AM  

Pointy Tail of Satan: Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.


They don't have to admit or use the evidence themselves, but they can tip off lower level authorities to say, generate a "random" traffic stop in order to leap to a larger crime.
 
2013-09-06 01:49:17 AM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


well, *I* am reading my email.  and my wife probably reads it because there are so many women after me and she assumes i'm cheating.

/ so you trust that people with access would never abuse it?  you are a fool.
 
2013-09-06 01:50:17 AM  

machoprogrammer: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

If you are doing nothing wrong, you have nothing to fear!!!

I bet you were outraged when Bush did it, right?


If the NSA is doing nothing wrong, they have nothing to fear by Snowden.  but they seem to be afraid.
 
2013-09-06 01:51:43 AM  
I sound fat:
If the NSA is doing nothing wrong, they have nothing to fear by Snowden.  but they seem to be afraid.

ZING
 
2013-09-06 02:02:39 AM  

pedobearapproved: alice_600: Can I just say I don't care any more. I have been suicidal for days and just don't care.

You know the NSA won't read this for 20 years, so they won't send anyone to stop you until it's too late.

/also don't be suicidal, whatever's wrong will pass, just give it time.


This
 
2013-09-06 02:10:41 AM  

relaxitsjustme: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

Because the NSA doesn't care about the run of the mill pedo or small time meth dealer and they aren't going to show what they can do just so John Law can look good in the local papers


Yeah, about that...

http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa -i s-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/
 
2013-09-06 02:19:44 AM  

bunner: Was the obvious tag out behind the dumpster getting slapped around with a rubber hose until it pledged loyalty to the fourth reich?


[gallops up with a loud burble and headbonks bunner]

Pardon the foolishness, bunner, but I missed you.
 
2013-09-06 02:27:31 AM  

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


I don't think anyone is reading it... I think they are storing it... and I think that storage presents a huge risk for abuse. Aside from that, the court has ruled that unauthorized copying of electronic data, to include communications, not just intellectual property, constitutes "taking" and theft in a criminal sense, given that it is law enforcement doing the taking, it falls under the auspices of "seizure," which is lawful only when done with a duly issued warrant. Given that the fourth amendment to the constitution is explicitly clear about the need for specificity("particularly describing the place to be searched, and the persons or things to be seized") , I cannot fathom how a warrant could be duly issued such that it particularly describes every person from whom email is being seized, and establishes anything resembling probable cause to suspect said persons.

That said, I don't believe them. If they were that good at decrypting things with any efficiency, they wouldn't be before the courts in GB saying that Greenwald's partner had those thousands and thousands of documents, but they couldn't tell what they were. Ceteris Paribus, and given their tenuous history with the truth, I would chalk this bit of "news" up to counter-intelligence more than I would a leak or serious issue with security of well-encrypted communications.

As a security side note, encrypting your communications does not mean sending email via some service that claims to be secure or encrypted. Securing your communications means encrypting it your darned self, using key(s) (defined to include typed, photographic, biometric, and other keys) that only you and the recipient will have access to. In a more ideal world, direct transfers via physical mediums are superior. Though your email is of dubious status with regards to the need for a specific warrant for you, your mail is not... if someone wants to open an actual article or package sent through the mail, they'll still be able to do it, but they'll need to go to an actual judge (not just one of the FISA rubber stamps), and articulate a reason for going through your stuff.  If the information you are sending is *so* sensitive that you're actually worried about emailing it, that'd probably be the way to go.

/it's gonna be a clusterfark when someone cracks the NSAs database and pretty much everyone's personal stuff is all of a sudden very very public, beyond the clear potential for massive fraud/identity theft, there is no such thing as a perfectly secure system, and our government has not demonstrated anywhere near the level of competence necessary for me to believe that they could adequately hold and secure that information in perpetuity.
 
2013-09-06 02:31:20 AM  

Kittypie070: bunner: Was the obvious tag out behind the dumpster getting slapped around with a rubber hose until it pledged loyalty to the fourth reich?

[gallops up with a loud burble and headbonks bunner]

Pardon the foolishness, bunner, but I missed you.


*bonk*

:  )

ouch

Hey, kitty
 
2013-09-06 02:47:08 AM  

Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.

Your Average Witty American isn't having ANY of their correspondence "flagged for further scrutiny".

Everyone is up in arms over NOTHING. Wah. Cry me a river.

Well, the content would have to be interesting to be flagged, so I can see where you're coming from.

That's exactly my point. If you're emailing grandma to thank her for that swell sweater she got you for your birthday, no one is going to read it. If you're setting up a tryst with your 19 year old college cheerleader girlfriend behind you're wife's back, no one is going to read it. If you're texting your buddy "hey bro u me n a 6pack 4 NFL 2nite?" no one is going to read it. You have to really go out of your way to be a slimy sack of homeland security threatening shiat to get your email or text messages read. I highly, HIGHLY doubt any of us is sending emails/texts that would get flagged for further review. It's common sense for most people. Other people like to get worked up over nothing.


email: "Honey, the pressure cooker died today.  Could you pick one up on your way home from work.  Oh, and little Cindy needs a new backpack for school.  Just drop by Target."
 
2013-09-06 02:53:03 AM  
vrax:
email: "Honey, the pressure cooker died today.  Could you pick one up on your way home from work.  Oh, and little Cindy needs a new backpack for school.  Just drop by Target."

"pressure cooker"

Some emails are stored.  Yours just got read.
 
2013-09-06 02:55:13 AM  

WayToBlue: alice_600

Can I just say I don't care any more. I have been suicidal for days and just don't care.

For you. Apply liberally.


Yeah, enough about the depressing state of affairs reported by TFA.  Alice, you probably should not kill yourself.  I say probably only because I have no way of knowing whether you have six kidnapped people chained up in the basement as sex slaves.  In any case, you have no right to deprive the rest of Farkdom of your future posts.

800 273 8255 is a number you can call if you want to find someone to help talk you through.
 
2013-09-06 03:09:20 AM  
Alice?

Don't check out early.

You already paid for the room.

Wait for the front desk to call.  Several times.
 
2013-09-06 03:42:41 AM  
Most of the time, your likely being watched if your up to no good.

/meth
//drugs
///weapons
 
2013-09-06 03:48:13 AM  
firefly212:

the court has ruled that unauthorized copying of electronic data, to include communications, not just intellectual property, constitutes "taking" and theft in a criminal sense, given that it is law enforcement doing the taking, it falls under the auspices of "seizure," which is lawful only when done with a duly issued warrant.

Ah, the firefly is here to light up the night.

It's a seizure for 4th Amendment purposes, but whether it is a taking is doubtful.  Here we are talking about the seizure of files, so intellectual  property: copyrights, patents, trademarks and trade secrets.  A taking means the G must pay you compensation.  It's only a taking if they seize the entirety of the property or do something else, like enact a regulation, that destroys the value of the property.  Does that happen here?  Not for patents (copying a document is not using the invention, so no infringement, no taking).  Not for trademarks (same, no use as a mark, no infringement).  Probably not for copyrighted works (keeping a single copy in the secret archives does not materially impair the value of the copyrighted work).  Maybe for trade secrets.  In Ruckelshaus v Monsanto, the Supremes said a regulation that would have resulted in the disclosure of trade secrets to competitors was a regulatory taking.  But it is not clear the result would be the same if no competitor could learn the secret from the agencies.

 I would chalk this bit of "news" up to counter-intelligence more than I would a leak or serious issue with security of well-encrypted communications.

By counterintelligence did you mean to say disinformation?  I get that you agree with the people saying "they can't crack everything" but this is real news, based on newly released documents from the Snowden files.  The news outlets redacted the documents somewhat this time, but it is clear enough from the redacted documents that the agencies did what the article said.
 
2013-09-06 04:44:17 AM  

alice_600: Can I just say I don't care any more. I have been suicidal for days and just don't care.


everyone always thinks suicide is the easy way out.  It isn't.  You emotionally scar the person who finds you.  You burn the memories of the people who loved you.  Your parents have to bury a child.  If that doesn't kill one of them from a broken heart, they will be seriously debilitated for the rest of their lives.  A part of their world will be missing.  Someone they can never get back.

You miss out on all the good stuff in life.  That is why it is called life: the good stuff: sex.  We like sex.  Most of us at some point have had some, and we keep going for more of it, despite all the pointy knee comments and such.  That high after an awesome run.  The smell of O3 just before it rains or after a lightning storm.  The Caturday pictures everyone throws together, and tries to kill the server with.  The smile of a newborn; after about 1 month, they're all chubby cherubs, smiling, giggling, laughing.  Best part of that is that when they start to cry, you can just hand the munchkin back to their mother/father, and move on, having gotten your cuteness fix for the day.

If you don't think anyone cares for you, stop while walking to the coffee pot or the lunch area tomorrow.  That geek looking away just as you turn your head.  Yeah, him.  Dave, from the tech department.  He's been trying to put together the courage to ask you out for the last 3 months.  He's been worried about your reaction so much he's been memorizing counter arguments to your turning him down for a date.  Yes, he has a slight stutter, but he's about as sweet a guy as you'll ever know.  He'll treat you like a queen, and a little TLC is all he needs every now and again.  Hell, just smile in his general direction and he'll be happy all week.  Maybe you should ask him out.  Don't wait for some other girl to figure out what a sweety he is and snatch him away, take charge and take him out of circulation yourself.

For, what else is life for?

/and there's all the blood and brains and bone to clean up...
//maybe that's just guys who go for the violent endings
 
2013-09-06 04:48:23 AM  
HairBolus:

The NSA probably does have one of the largest databases of porn files in the world.

Wouldn't it stand to assume, that some of that is also illegal? What happens if, for the lulz, someone reports them to the FBI or that other internet crimes agency?

Also, the real fun will start when the NSA begins sharing these databases with the IRS and DEA.
 
2013-09-06 04:58:07 AM  
Trance354:
everyone always thinks suicide is the easy way out.  It isn't.  You emotionally scar the person who finds you.  You burn the memories of the people who loved you.  Your parents have to bury a child.  If that doesn't kill one of them from a broken heart, they will be seriously debilitated for the rest of their lives.  A part of their world will be missing.  Someone they can never get back.

You miss out on all the good stuff in life.  That is why it is called life: the good stuff: sex.  We like sex.  Most of us at some point have had some, and we keep going for more of it, despite all the pointy knee comments and such.  That high after an awesome run.  The smell of O3 just before it rains or after a lightning storm.  The Caturday pictures everyone throws together, and tries to kill the server with.  The smile of a newborn; after about 1 month, they're all chubby cherubs, smiling, giggling, laughing.  Best part of that is that when they start to cry, you can just hand the munchkin back to their mother/father, and move on, having gotten your cuteness fix for the day.

If you don't think anyone cares for you, stop while walking to the coffee pot or the lunch area tomorrow.  That geek looking away just as you turn your head.  Yeah, him.  Dave, from the tech department.  He's been trying to put together the courage to ask you out for the last 3 months.  He's been worried about your reaction so much he's been memorizing counter arguments to your turning him down for a date.  Yes, he has a slight stutter, but he's about as sweet a guy as you'll ever know.  He'll treat you like a queen, and a little TLC is all he needs every now and again.  Hell, just smile in his general direction and he'll be happy all week.  Maybe you should ask him out.  Don't wait for some other girl to figure out what a sweety he is and snatch him away, take charge and take him out of circulation yourse ...


+1 for sheer epicness!
 
2013-09-06 05:23:50 AM  

Evil High Priest: That right there. If you ever become worthy of destroying, they can easily do that.


I can think of some ways they can put that power to good use, starting with

baltimorepostexaminer.com
 
2013-09-06 05:40:04 AM  

Ivo Shandor: Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


[i.imgur.com image 380x380]
Whether it's the NSA or your local cheeto-stained sysadmin, someone is reading your email.


It's true, someone, or at least something, is pretty much always reading your e-mail.  Even if it's just an anti-spam gateway.

It even happens by accident.  Many years ago, we were having a training session on a new bit of network kit.

The output was all up on a projected screen in front of the whole IT department, the network flow chosen, purely at random, happened to be a webmail site.  And that's how the entire department found out that one of the senior managers was having an affair.

dforkus: Breaking the modern public key algorithm by a brute force man in the middle attack is, ultimately, a losing proposition.

So you have the most badass computer in the world, ok, I'll just double the length of my key. Now you'll need hundreds of millions of those computers, working for decades, to decode a simple message.

Unless they're decades ahead of the world in quantum computing, or have figured out an efficent prime number factoring equation, something that's eluded Mathmaticians for centuries


From my understanding of the article, most of what they are doing is obtaining private keys through methods other than cracking them,  If you have the legitimate private key, then the rest is easy sauce.

Getting someones private key is sometimes trivial.  I've worked with companies that have shelled out for FIPS complaint hardware but send the private key via e-mail.  Or just leaving it lying around on the network in a publicly accessible share for any yahoo to take a copy of.

The thing that amuses me is that MitM is so trivial that most proxy servers are capable of doing it.  In most corporate environments, if you actually check out the information behind that little padlock in your supposed secure session, you'll see that it's probably signed by the company you work for.

I also remember reading a while back that there has been at least one incident of a major CA producing a root-certificate re-signer appliance for a 3rd party.So they could MitM any device on their network without having to install their own CA certificate on the devices.  You can bet that other such devices have been produced and are out in the wild .
 
2013-09-06 06:55:03 AM  

Twilight Farkle: I'm okay with #3 and #4; that's in line with their mandate.


Wrong.  Their actual mandate is to monitor *FOREIGN* communications.  That is what they were founded to do.

I would have zero problem with 1 through 4 provided they stuck to that mandate, but as we are all aware, they haven't done that.
 
2013-09-06 07:00:28 AM  
 
2013-09-06 07:06:00 AM  

Pointy Tail of Satan: Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.


Actually, what they do is they have a special law enforcement unit of the DEA called the "Special Operations Division" that takes that information from agencies like the NSA and feeds it to law enforcement.  It's like an "anonymous tip", but not really, because the ultimate source of the tip is an unconstitutional search:

The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."

A spokesman with the Department of Justice, which oversees the DEA, declined to comment.

But two senior DEA officials defended the program, and said trying to "recreate" an investigative trail is not only legal but a technique that is used almost daily.

A former federal agent in the northeastern United States who received such tips from SOD described the process. "You'd be told only, 'Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it," the agent said.
 
2013-09-06 07:20:40 AM  

dittybopper: Well, not *MINE*.  Not when I use these:



Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


And the one other person that you speak to is very happy that your messages are encrypted.
 
2013-09-06 07:24:35 AM  

vsavatar: Wake me up when they figure out how to crack PGP.


They don't have to.  They can side-step that by putting a keylogger on your machine, and read what you type before it's encrypted.
 
2013-09-06 07:59:17 AM  

kim jong-un: dittybopper: Well, not *MINE*.  Not when I use these:

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.

And the one other person that you speak to is very happy that your messages are encrypted.


Well, think about that for a minute:  How many people do you actually talk important stuff with?

Right now, I have probably 2 to 4 at most:  My wife, my father, and perhaps a couple of other people.  I generally talk about stuff in person with the distaffbopper, so there is no need to encrypt there.  Same with my father.

I'd have to generate pads for each, which for a low number of correspondents isn't that big a deal, and it has the advantage/disadvantage that what I say to Bob isn't readable by Charlie.

But if I had a larger number of correspondents, I'd generate a fairly limited number of one time pads, and I would use them to transmit the strip alphabets and keying orders for strip ciphers.

A strip cipher, similar to this one I made a while back:

img31.imageshack.us

is very secure if you use a fraction of large number of strips (say, 90 total strips, and you only use 30 on any given day) and you keep the amount of traffic fairly low.  The Germans were able to break the US M-138 strip cipher occasionally during WWII, but that was due to the very large amount of traffic being sent in it, and the longevity of the strip alphabets.

Strip ciphers are especially secure because you never need to write down the plaintext, not during encryption or decryption, unless you want to.

You would generate the strip alphabets by pulling scrabble tiles out of a bag (bag contains 1 of each letter).  You number the strips 01 to 99, and to generate the keying document for a month, you roll 2 10-sided dice to generate the strip order, obviously skipping repeats.  So a simplified version for a single day, using only 20 strips, would look something like this:

SEPT 06:  01 23 67 92 43 87 22 59 11 07 69 57 88 04 55 15 66 22 86 13

It took me all of 2 minutes to generate that key, using 2 dice, and it would be good for an entire day, or, if your traffic is pretty light, maybe you could stretch that to a week.

Any particular set of strips would only be good for a limited amount of time, say, a month, or perhaps, at most, 6 months if you rarely communicate.

When you generate a new set of strips and new keying documents, you encrypt them in the one time pads, and then transmit them to your correspondents, or, if possible, simply transfer them physically to cut down on the amount you transmit.

It's not unbreakable, of course, but nothing short of properly implemented one time pads are unbreakable, and given large numbers of strips, of which only a fraction are used for any given key period, and a short strip life, I would be surprised if it could be broken cryptanalytically without physical access to the strips.
 
2013-09-06 08:03:14 AM  
hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?
 
2013-09-06 08:34:29 AM  
I behalf of everyone that's ever been called a tinfoil hat, I would like to invite you all to go fark yourselves.  You've earned this.
 
2013-09-06 08:51:55 AM  

MythDragon: hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?


I'm sorry, I have no idea what you mean.  Could you explain further?
 
2013-09-06 09:21:27 AM  

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book


Kinda off topic, but if you want a good read about computer security from back in the day, check out The Cuckoo's Egg. I just finished it a couple days ago, and would highly recommend it.

http://www.amazon.com/CUCKOOS-EGG-ebook/dp/B0083DJXCM/ref=sr_1_1_bnp _1 _kin?ie=UTF8&qid=1378473655&sr=8-1&keywords=The+Cuckoo%27s+Egg
 
2013-09-06 09:31:31 AM  

Kahabut: dittybopper: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

This is a much more detailed article:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

They've taken a multi-pronged approach:

1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.

Yes and even with all that, it gives them your CC number.

Were there people stupid enough to think that SSL HTTPS was a secure standard?  Despite the numerous times it's been shown to be either completely broken, or partially broken?  Or the fact that you can simply MitM the server?  SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

There is an old thought process about encryption.  It goes roughly like this... How valuable is the material?  How time sensitive is it?  Now pick an algorithm that exceeds both those values.

Because the bottom line has always been that nearly any encryption can be broken, you just need it to hold long enough to get past the useful time frame of the information.  It's long been thought that SSL was good enough for it's use because criminal elements don't have the computer power required to crack it quickly (or at all), but that is utter fantasy land bullshiat.  Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and oth ...


This. Check out the Zeus botnet. Nasty shiat.

Users are stupid, and will always be the weakest point in any system. You can't change it, so just let them run wild, but make this standard software on all of your Windows deployments: http://www.bromium.com/products.html
 
2013-09-06 10:10:14 AM  

dittybopper: MythDragon: hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?

I'm sorry, I have no idea what you mean.  Could you explain further?


You start with a plain text message.
"I like cheese"
You encrypt it using whatever key
and you now have a coded message that you must unencrypt to read.

But what if you take the plain text and decrypt it using the same key?
You would have garbage that you'd have to encrypt to get it back to readable text right?

Say you use basic letter subsitution. In this case we'll just use one letter higher to encrypt. A=B, B=C, Z=A.
"I like cheese" becomes "J MJLF DIFFTF"
But if I decrypt "I like cheese" I get "H KHJD BFDDR" and if I try and use the key to unencrypt it I end up with "G JHIC AECCQ" which is still unreadable.
It's really simple to figure out using such an easy key, but if you use something harder, like AES would it make it harder for someone to analyise it? They are trying to decrypt your message when they need to be encrypting it. Or does it not work like that?
 
2013-09-06 10:31:17 AM  

MythDragon: Or does it not work like that?


It doesn't work like that.

In essence, you're encrypting with a different key.  That's all.  It's subject to the same cryptological and non-cryptological attacks.
 
2013-09-06 11:55:38 AM  

dittybopper: Twilight Farkle: I'm okay with #3 and #4; that's in line with their mandate.

Wrong.  Their actual mandate is to monitor *FOREIGN* communications.  That is what they were founded to do.

I would have zero problem with 1 through 4 provided they stuck to that mandate, but as we are all aware, they haven't done that.


Yeah, I was interpreting clever gadgets from #3, and better math from #4, as merely value-neutral tools/prerequisites to perform it. Tools are value-neutral; policymakers, not so much. FWIW to the extent they're doing something beyond than (ab)using the legal system as a $5 wrench to spare them from doing the math, I will be no less disappointed in their behavior, but I will be damn impressed. Moore's Law has its limits, and the person (in the open community) who discovers the current backdoors probably hasn't been born yet, but by the time they get their Ph.D. in Indistinguishablefrommagic, their side project of tinkering with old silicon and microcode will make fascinating reading. It only took 30 years for the 6502 to go from current hardware to something a transistor-level simulation in a web browser.

The one constant over the very long term has been that it doesn't matter whether it's math, hardware, or both. Someone eventually figures it out, publishes their results, and the rest of us get to sit back and watch in slack-jawed amazement at the cleverness of it all.
 
2013-09-06 12:27:18 PM  

MythDragon: dittybopper: MythDragon: hat'say why I always alktay in a odecay they antcay derstanduncay.

Maybe dittybopper knows, if you unencrypt a plain text message using a key you end up with a reverse encrypted message that you must encrypt to get it back as readable text. Wouldn't this make it harder for another person to crack? They are spending all that time trying to unencrypt it, when they need to be encrypting it. Or is it pretty much the same thing, just figure out the key?

I'm sorry, I have no idea what you mean.  Could you explain further?

You start with a plain text message.
"I like cheese"
You encrypt it using whatever key
and you now have a coded message that you must unencrypt to read.

But what if you take the plain text and decrypt it using the same key?
You would have garbage that you'd have to encrypt to get it back to readable text right?

Say you use basic letter subsitution. In this case we'll just use one letter higher to encrypt. A=B, B=C, Z=A.
"I like cheese" becomes "J MJLF DIFFTF"
But if I decrypt "I like cheese" I get "H KHJD BFDDR" and if I try and use the key to unencrypt it I end up with "G JHIC AECCQ" which is still unreadable.
It's really simple to figure out using such an easy key, but if you use something harder, like AES would it make it harder for someone to analyise it? They are trying to decrypt your message when they need to be encrypting it. Or does it not work like that?


I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.
 
2013-09-06 12:36:23 PM  
Joke's on them, none of my encrypted communications are interesting. Ha ha! My incredibly mundane existence finally pays off!
 
2013-09-06 12:53:08 PM  

UNAUTHORIZED FINGER: I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.


I thought a good encryption was like sticking your dick in a pickle slicer.

She gets fired too.

/Should have used that for the bad analogy thread.
 
2013-09-06 12:57:16 PM  

MythDragon: UNAUTHORIZED FINGER: I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.

I thought a good encryption was like sticking your dick in a pickle slicer.

She gets fired too.

/Should have used that for the bad analogy thread.


Hahaha/OUCH!
 
2013-09-06 02:20:23 PM  

Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


THEN WHY AM I SENDING THE FARKING THING?!?!

FARK YOU FOR NOT READING MY WORDS OF WISDOM!
 
2013-09-06 02:48:23 PM  

MythDragon: UNAUTHORIZED FINGER: I think I get what you're saying, but anything that you can run in reverse and get the original message is breakable. A good encryption is like a meat-grinder. If you run it backwards, you don't get your cow back, you just get finer ground hamburger.

I thought a good encryption was like sticking your dick in a pickle slicer.

She gets fired too.

/Should have used that for the bad analogy thread.


2048-bit Machine:

i39.tinypic.com
 
2013-09-06 03:45:50 PM  

dittybopper: Pointy Tail of Satan: Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.

Actually, what they do is they have a special law enforcement unit of the DEA called the "Special Operations Division" that takes that information from agencies like the NSA and feeds it to law enforcement.  It's like an "anonymous tip", but not really, because the ultimate source of the tip is an unconstitutional search:

The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."

A spokesman with the Department of Justice, which oversees the DEA, declined to comment.

But two senior DEA officials defended the program, and said trying to "recreate" an investigative trail is not only legal but a technique that is used almost daily.

A former federal agent in the northeastern United States who received such tips from SOD described the process. "You'd be told only, 'Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it," the agent said.


This is the stuff I find disturbing.
 
2013-09-06 04:29:39 PM  

WayToBlue: Once again, wtf are you on about? "SSL" is basically just a wrapper/glue protocol around other cryptographic primitives. What in particular are you suggesting can be "sliced through."


What does your bank use?  Want to watch me crack it?

256RES is pretty common on "high end" web encryption now.  It's child's play to break.  Not as easy as the 128AES systems that many websites still use, but hey, progress.

WayToBlue: That is simply untrue. Whoever told you it was only supposed to be good for a few hours lied to you.

I work with some of the people that developed these standards.  SSL was NEVER intended to be a permanent link, long term encryption.  First, if that was ever the use, it was cryptographically unsound.  SSL and the underlying cryptography were designed to be "light weight" so that they didn't eat CPU and memory too badly.  In crypto terms, that means SHORT TERM USE ONLY.  Which is also why any sort of proper implementation has a key expiration, and re-keying session every 30 minutes or so.  In truth, that's not good enough ANYMORE, but it was once.


WayToBlue: Such as . . .


Zeus for one, thorhmr and dozens more too.  I really hope you aren't involved in security implementations, because you apparently don't know what your enemies are up to.  

WayToBlue: The sad thing is you're not entirely wrong here, but not for any of the reasons you stated.


Let me break it down for you.
That garbage you call encryption, it's badly implemented, poorly maintained, and even under ideal circumstances, it's inadequate.  The reasons for this are various and far ranging.  The article covers some, I covered some others, Dittybooper provided some rather excellent crypto basics.  Generally, I think we've covered it well enough.

If you really want an education, with all the supporting facts, proofs, software and to have your systems re-implemented with something approaching a secure stack, I can do that.  It costs about 10,000-25,000$ But this being fark, I just assumed generalities would be good enough.


Look, all forms of crypto can be broken.  Including one time pads* (contrary to popular belief).  The amount of entropy inherent in the system used determines the MAXIMUM possible time it could take, it does not say anything about the MINIMUM time needed.  I've done a lot of work with crypto, and while I'm not versed well enough in the math to really get into it, the practical side I am versed in.  Running a cracker against any crypto is a crap shoot.  It might take 2 minutes or 300 years, but since you don't know, you throw processing power at it and see what you get.  I have brute forced 256bit keys in 30 seconds before, pure blind luck of course, but it still happens.  And I'm still not even touching on implementation weaknesses, subversion of the code base, back doors or flawed cryptographic principles, all of which exist in the real world.  Not to mention that most web based systems assume trust of the server or client or both, and that's just STUPID.  I OWN my servers, and I have an interest in the co-host company, and I still don't trust them, too much access, and too easy to tap the lines used for traffic.

*One time pads are by far the MOST secure system I know of, but they can hypothetically still be brute forced.  It's just that the entropy inherent in that particular system is rather absurdly high.  Doesn't mean you won't get lucky though, it just makes it a lot less likely.  (absurdly less likely)  I'm just being realistic though, nothing is unbreakable.  NOTHING.  OTPs are pretty close though.
 
2013-09-06 04:48:23 PM  

Kahabut: One time pads are by far the MOST secure system I know of, but they can hypothetically still be brute forced.  It's just that the entropy inherent in that particular system is rather absurdly high.  Doesn't mean you won't get lucky though, it just makes it a lot less likely.  (absurdly less likely)  I'm just being realistic though, nothing is unbreakable.  NOTHING.  OTPs are pretty close though.


Actually, no.

You can brute force an OTP, but in the end all you will be doing is making a list of every possible message the same length, with no way to know which is which.

Lets say you intercept an 8 character message.  You can brute force that fairly quickly, because there are only 208,827,064,576 possibilities, and if you can check a million per second, it would only take you about 2.4 days to run through them all.  The vast majority will be nonsense, but you can use a computer to winnow out the possibilities to those that contain actual English.

That's the easy part.

Does the 8 character message say "ILOVEYOU" or "IHATEYOU" or "KILLJEFF" or "SAVEJEFF" or "DUCKTALE" or "EATWORMS" or any other valid English word, phrase, or combination thereof?

You've got no way to know, so security is preserved even if you manage to brute force the solution, because there is no way for you to know when you have the correct solution.
 
2013-09-06 04:59:18 PM  
That's probably the biggest misconception about one time pads:  That a properly implemented one can be theoretically broken.  They can't.
 
2013-09-06 09:51:15 PM  
I don't think I believe Kahabut's hot air concerning the alleged "ease" of breaking one-time pad crypto unless he's an NSA operative.

He doesn't sound like one.
 
2013-09-06 10:02:57 PM  

Kittypie070: I don't think I believe Kahabut's hot air concerning the alleged "ease" of breaking one-time pad crypto unless he's an NSA operative.

He doesn't sound like one.


He's just misinformed about one time pads.

You *CAN* brute force a short message in one, but all you will be doing is compiling a list of every possible message of that length, with no way to distinguish the correct one from the billions or trillions of incorrect ones.

Which brings up an interesting property of OTPs:  If you're worried about them monitoring you, you could take a message that you've encrypted already and "recreate" a pad page that would decrypt that message into something innocuous, or perhaps embarrassing but not illegal (like, say, an affair).  You leave that bogus pad page accidentally hanging around like you forgot to destroy it, and when they go ahead and decrypt the one message they have a pad page for, it doesn't show what they think it should show, and in fact it exonerates you from suspicion of using an OTP to commit some nefarious act.
 
2013-09-06 10:10:01 PM  
I think a lot of people tend to denigrate OTPs unfairly.

This is because it's virtually impossible to correctly implement them by computer, and because most people think in terms of "must be able to send gigabytes of data every day", then yeah, it becomes inconvenient.  And distributing keys (the pads) is an issue for that amount.

But for short, infrequent, but *IMPORTANT* messages, OTPs can't be beat, security-wise.  That's why they are still used to communicate with agents in foreign countries, via numbers stations:  Anyone can monitor short wave stations, and the ability to add and subtract is really all you need to encode or decode a message, given the key.

The added bonus of not using a computer that might be vulnerable just enhances the security.
 
2013-09-07 03:25:50 AM  
Kahabut

WayToBlue: Once again, wtf are you on about? "SSL" is basically just a wrapper/glue protocol around other cryptographic primitives. What in particular are you suggesting can be "sliced through."

What does your bank use? Want to watch me crack it?


Let's say citibank, and yes I very much do want to see you crack it, so please post a youtube video. I'm sure it will be forth-coming.


256RES is pretty common on "high end" web encryption now. It's child's play to break. Not as easy as the 128AES systems that many websites still use, but hey, progress.

There is literally no such thing as RES in SSL/TLS, in fact it doesn't appear to exist in any context, but I can say definitively it does not exist in SSL/TLS; maybe that's why you can break it so easily? I'm amazed you can break 128-bit AES so easily since all the world-renowned cryptographers say otherwise. Perhaps a demonstration? I generated this ciphertext with 128-bit AES, I'll show you every step I took:

$ vim apology.txt <- Where I write you a nice apology letter about how wrong I am
$ dd if=/dev/random of=./randkey bs=16 count=1 <- Where I take 16 bytes of random data for the key
$ openssl aes-128-cbc -a -salt -in apology.txt -kfile randkey <- Where I encrypt my apology and output the base64-encoded ciphertext.
U2FsdGVkX19wxPhklzqiiyIlL69OGZHbfJq8Wx+JwTzVtE8R5Wb5I59boQHN28k/
UStLr5Qk/jk6laeTJgzVcYewM4lQZxwYc3sPhL3xEV0alA6ypeXbcOVxTxuf55hY
VGf4snOqjs8Q5LFIpDk6kx2hJSTbwpWk3fB2RRlS3qA9Qoq0uT2dmD6dZvSGOW12
NaH/J6/sKKIbwziW5aL8wA==

You said the fictitious 256RES encryption was "child's play," and 128AES is even easier, so please, give us the message or the key or STFU.


WayToBlue: Such as . . .

Zeus for one, thorhmr and dozens more too.


Zeus is a botnet (well, actually many separate ones), and even if it could concentrate all of the power of its millions of machines for years it wouldn't be powerful enough to break even 128-bit AES, not even close. That's how exponential growth works.

Thorhmr you appear to be making up, as it yields a whopping 196 hits on google with nothing remotely related to crypto. If you have a link I'd like to see it.

You mentioned commercial solutions, please name some and provide links.

WayToBlue: The sad thing is you're not entirely wrong here, but not for any of the reasons you stated.

Let me break it down for you.
That garbage you call encryption, it's badly implemented, poorly maintained, and even under ideal circumstances, it's inadequate. The reasons for this are various and far ranging. The article covers some, I covered some others, Dittybooper provided some rather excellent crypto basics. Generally, I think we've covered it well enough.

If you really want an education, with all the supporting facts, proofs, software and to have your systems re-implemented with something approaching a secure stack, I can do that. It costs about 10,000-25,000$ But this being fark, I just assumed generalities would be good enough.


Breaking something down generally means providing actual information... BTW, if you actually could break the crypto you claim you can, you'd already be rich.

I've done a lot of work with crypto, and while I'm not versed well enough in the math to really get into it,

Clearly.

the practical side I am versed in. Running a cracker against any crypto is a crap shoot. It might take 2 minutes or 300 years, but since you don't know, you throw processing power at it and see what you get. I have brute forced 256bit keys in 30 seconds before, pure blind luck of course, but it still happens.

No, it doesn't. Assuming anything you are saying is true, which I'm doubting, what you actually did is brute-force a human-chosen password that was fed into a KDF which spit out a 256-bit key. But make no mistake, you were not attacking that 256-bit key, you were attacking the crappy password the person chose, and if you got it in 30 seconds the entropy was on the order of ~30-40 bits at the far high end (likely much less). To go around telling people that you cracked a 256-bit key is retarded; the length of the key the KDF spits out is not relevant in this case, it could have spit out a 16KB key, it doesn't matter, that's not what you were attacking.

And I'm still not even touching on implementation weaknesses, subversion of the code base, back doors or flawed cryptographic principles, all of which exist in the real world.

Yay, something true. Although it comes right from the articles about this so I'm not sure how many points you get.

*One time pads are by far the MOST secure system I know of, but they can hypothetically still be brute forced. It's just that the entropy inherent in that particular system is rather absurdly high. Doesn't mean you won't get lucky though, it just makes it a lot less likely. (absurdly less likely) I'm just being realistic though, nothing is unbreakable. NOTHING. OTPs are pretty close though.

You're throwing words around like entropy, but I don't think you actually know what they mean. You can't "brute-force" an OTP, they are provably immune to this kind of attack. You actually managed to find the one (truly, the only one) kind of crypto in any real use that isn't vulnerable to this and claim it is.

"Brute-forcing" an OTP would mean generating every possible output of that length, but there's no correlation or feedback, so you never have a way to know if you're right. Any and every message of that length can be generated and is equally plausible. The only real attack against OTPs are when they aren't actually one-time (i.e. the pad is reused), or against the RNG that generated the pad. If you can find a bias in that then it can be broken, although still very difficult. Either way, you are not "brute-forcing" the OTP.

I realize you are probably just here to troll crypto people, so good job, i bit. But I felt it necessary to call out your nonsense lest the casual reader mistake you for someone who had the slightest notion of what they are talking about.
 
2013-09-07 06:51:54 AM  

WayToBlue: The only real attack against OTPs are when they aren't actually one-time (i.e. the pad is reused), or against the RNG that generated the pad. If you can find a bias in that then it can be broken, although still very difficult.


Even if there is a bias, so long as it's nondeterministic, you're still up shiat creek cryptanalytically.

The Soviets used to use manually generated pads that weren't strictly mathematically random.  In fact, they were generated by typists who were told to "go be random", but there were, statistically, too many left-right keyboard combinations, and too few repeats (triples, quadruples, quintuples).  But because there was no way to determine the next letter or number based upon the previous one, there was no way to effectively cryptanalyze the messages encoded in them.

Mathematically, they didn't meet the strict definition of true randomness.  Since you couldn't derive what the next key element was based upon the previous ones, though, you couldn't break messages that used them cryptanalytically.
 
Displayed 173 of 173 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report