Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #83903

Re: How Is the NSA Breaking So Much Crypto?

Date 2015-10-21 16:42 -0600
From GreyCloud <cumulus@mist.com>
Newsgroups alt.computer.security, comp.sys.mac.system, alt.hacker, alt.privacy.anon-server, comp.os.linux.advocacy
Subject Re: How Is the NSA Breaking So Much Crypto?
References <637756e68148fcbce5a733a00e35faff@hoi-polloi.org> <6fc8ee2e12653d22c5238b7013c39998@anemone.mooo.com> <0OqdnR3lu6himrXLnZ2dnUU7-cGdnZ2d@earthlink.com>
Message-ID <CsGdnUmDUJMjibXLnZ2dnUU7-WednZ2d@bresnan.com> (permalink)

Cross-posted to 5 groups.

Show all headers | View raw

On 10/21/15 15:47, Big Bad Bob wrote:
> On 10/21/15 14:39, Jeremy Bentham so wittily quipped:
>> In article<637756e68148fcbce5a733a00e35faff@hoi-polloi.org>
>> Anonymous<anonymous@hoi-polloi.org>  wrote:
>>>
>>> Via SlashDot.org
>>> There have been rumors for years that the NSA can decrypt a
>>> significant fraction of encrypted Internet traffic. In 2012, James
>>> Bamford published an article quoting anonymous former NSA officials
>>> stating that the agency had achieved a "computing breakthrough" that
>>> gave them "the ability to crack current public encryption." The
>>> Snowden documents also hint at some extraordinary capabilities: they
>>> show that NSA has built extensive infrastructure to intercept and
>>> decrypt VPN traffic and suggest that the agency can decrypt at least
>>> some HTTPS and SSH connections on demand.
>>>
>>> However, the documents do not explain how these breakthroughs work,
>>> and speculation about possible backdoors or broken algorithms has been
>>> rampant in the technical community. Yesterday at ACM CCS, one of the
>>> leading security research venues, we and twelve coauthors presented a
>>> paper that we think solves this technical mystery.
>>>
>>> If a client and server are speaking Diffie-Hellman, they first need to
>>> agree on a large prime number with a particular form. There seemed to
>>> be no reason why everyone couldn't just use the same prime, and, in
>>> fact, many applications tend to use standardized or hard-coded primes.
>>> But there was a very important detail that got lost in translation
>>> between the mathematicians and the practitioners: an adversary can
>>> perform a single enormous computation to "crack" a particular prime,
>>> then easily break any individual connection that uses that prime.
>>>
>>> https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
>>
>> This is not a new problem.
>
> true, but the confirmation of NSA's capabilities might be.
>
>> To be fair, most of the exploits were the result of lazy, stupid
>> or incompetent programmers.
>
> not surprising.
>
>
> but since openssl gives you the ability to create new [reasonably
> secure] DH parameters, there's no excuse to re-use them, particularly
> for multiple clients.  [same client, no problem, just issue new ones for
> each session or whatever]
>
>
>
Right now, the NSA in Utah is using a new quantum computer to do the 
job.  If you hear about talk or reports about experimenting with quantum 
computers, then it has already been done.


-- 
When told the reason for daylight savings time the Old
Indian said, "Only the government would believe that you
could cut a foot off the top of a blanket, sew it to the
bottom, and have a longer blanket."

Back to comp.sys.mac.system | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Re: How Is the NSA Breaking So Much Crypto? Jeremy Bentham <nobody@anemone.mooo.com> - 2015-10-21 23:39 +0200
  Re: How Is the NSA Breaking So Much Crypto? Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> - 2015-10-21 14:47 -0700
    Re: How Is the NSA Breaking So Much Crypto? GreyCloud <cumulus@mist.com> - 2015-10-21 16:42 -0600
      Re: How Is the NSA Breaking So Much Crypto? meagain <rick0.merrill@gmail.com> - 2015-10-27 15:31 -0400
        Re: How Is the NSA Breaking So Much Crypto? William Unruh <unruh@invalid.ca> - 2015-10-27 19:47 +0000
          Re: How Is the NSA Breaking So Much Crypto? GreyCloud <cumulus@mist.com> - 2015-10-27 15:47 -0600
        A real quantum computer, doing real work, doesn't exist. Jeff-Relf.Me <@.> - 2015-10-27 12:50 -0700
          Re: A real quantum computer, doing real work, doesn't exist. Peter Köhlmann <peter-koehlmann@t-online.de> - 2015-10-27 21:18 +0100
            Re: A real quantum computer, doing real work, doesn't exist. William Unruh <unruh@invalid.ca> - 2015-10-27 20:49 +0000
            Re: A real quantum computer, doing real work, doesn't exist. Siri Cruz <chine.bleu@yahoo.com> - 2015-10-27 13:53 -0700
              Re: A real quantum computer, doing real work, doesn't exist. William Unruh <unruh@invalid.ca> - 2015-10-27 21:43 +0000
                Better Randomness ? ! Jeff-Relf.Me <@.> - 2015-10-27 22:41 -0700
                Re: Better Randomness ? ! dorayme <do_ray_me@bigpond.com> - 2015-10-28 19:41 +1100
                Re: Better Randomness ? ! moroney@world.std.spaamtrap.com (Michael Moroney) - 2015-10-28 14:33 +0000
                Re: Better Randomness ? ! chrisv <chrisv@nospam.invalid> - 2015-10-28 09:36 -0500
                Re: Better Randomness ? ! "Ezekiel" <zeke@nosuchemail.com> - 2015-10-28 10:46 -0400
                QueryPerformanceCounter() -- Better Randomness. Jeff-Relf.Me <@.> - 2015-10-28 08:28 -0700
                Re: QueryPerformanceCounter() -- Better Randomness. "Ezekiel" <zeke@nosuchemail.com> - 2015-10-28 11:48 -0400
                RDRAND has numerous problems. Jeff-Relf.Me <@.> - 2015-10-28 09:35 -0700
                Re: QueryPerformanceCounter() -- Better Randomness. moroney@world.std.spaamtrap.com (Michael Moroney) - 2015-10-28 16:17 +0000
                QueryPerformanceCounter() -- Better Randomness. Jeff-Relf.Me <@.> - 2015-10-28 09:50 -0700
                Re: A real quantum computer, doing real work, doesn't exist. chrisv <chrisv@nospam.invalid> - 2015-10-28 07:07 -0500
            Re: A real quantum computer, doing real work, doesn't exist. "Rice Rocketeer" <ricerocketeer@somemail.com> - 2015-10-28 11:57 +0100
          Re: A real quantum computer, doing real work, doesn't exist. GreyCloud <cumulus@mist.com> - 2015-10-27 15:47 -0600
            Re: A real quantum computer, doing real work, doesn't exist. Siri Cruz <chine.bleu@yahoo.com> - 2015-10-27 15:38 -0700
              Re: A real quantum computer, doing real work, doesn't exist. Davoud <star@sky.net> - 2015-10-27 22:29 -0400
                Re: A real quantum computer, doing real work, doesn't exist. GreyCloud <cumulus@mist.com> - 2015-10-27 23:02 -0600
                Re: A real quantum computer, doing real work, doesn't exist. Anonymous <nobody@remailer.paranoici.org> - 2015-10-28 10:19 +0000
              Re: A real quantum computer, doing real work, doesn't exist. GreyCloud <cumulus@mist.com> - 2015-10-27 22:58 -0600
            Re: A real quantum computer, doing real work, doesn't exist. William Unruh <unruh@invalid.ca> - 2015-10-27 22:47 +0000
              Re: A real quantum computer, doing real work, doesn't exist. GreyCloud <cumulus@mist.com> - 2015-10-27 23:34 -0600
        Re: How Is the NSA Breaking So Much Crypto? GreyCloud <cumulus@mist.com> - 2015-10-27 15:46 -0600

csiph-web