Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Building US's Biggest Spy Center

Soulskill posted more than 2 years ago | from the you-can-trust-us dept.

Encryption 279

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

cancel ×

279 comments

Sorry! There are no comments related to the filter you selected.

All your secrets belong to us... (3, Funny)

Grog6 (85859) | more than 2 years ago | (#39379643)

Panopticon this week; Maybe we'll get Skynet by accident?

That might be best for everyone in the long run...

Wow! (-1)

Grog6 (85859) | more than 2 years ago | (#39379659)

First post, never got that before.

Re:Wow! (4, Funny)

Black Parrot (19622) | more than 2 years ago | (#39379853)

First post, never got that before.

You must be using the new FTL neutrino submission system.

Only 1 million square feet? (1)

Hadlock (143607) | more than 2 years ago | (#39380527)

For comparison, The Pentagon is 6.5 million square feet. Maybe I'm just jaded, but is the CIA more efficient, or is this building grossly undersized for the task it's designed for? Looking ahead 50 years, it would seem that the CIA's importance is going to dwarf the military's as we continue the long slow slide in to a permanent cold war with the rest of the world.
 
I am glad, however, that they're moving some of these larger installations off the east coast. Too many major federal buildings are located within 100 miles of the capitol building.

Re:All your secrets belong to us... (1)

kaws (2589929) | more than 2 years ago | (#39380523)

I personally wouldn't mind Skynet much if it developed into a sort of protector of good.

USA...we miss you! (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39379647)

In american America, people monitor the government.
In soviet America, the government monitors the people.

a thought (2)

zlives (2009072) | more than 2 years ago | (#39379649)

First, I already assumed they were doing this. second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.

Re:a thought (1, Informative)

MetalliQaZ (539913) | more than 2 years ago | (#39379733)

Yes, you could, but it would be useless. You would then have to transmit the new key to your recipient for every message. If they can intercept the message, they would get your keys also.

Anyway AES is public key encryption. I think you meant passphrase, not key. In any case, the same problem applies.

What you are getting at is called a one-time-use pad. It is pretty much the most secure form of protection, but also very unwieldy for Joe Everyman.

-d

Re:a thought (1)

Anonymous Coward | more than 2 years ago | (#39379789)

"Anyway AES is public key encryption"

O'rly.

Re:a thought (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39379887)

First off, AES isn't public key, it's just usually used in conjunction with public key. The public key portion of the exchange is used to communicate an AES key (the "shared secret") which is then used for communication moving forward. This is because public key encryption is "expensive" by comparison to block cyphers like AES. Secondly, you don't communicate a passphrase with public key. The passphrase that you're used to using is so that keys can be securely stored and someone that gains access to your key file doesn't get access to your key.

You could potentially communicate a new AES key with every message, which would greatly reduce the chances of a bruce force attack being successfully since most rely on the ability to analyze a large number of blocks that use the same key. That said, if you crack one key you do gain access to every key that followed in the chain.

Re:a thought (4, Informative)

zill (1690130) | more than 2 years ago | (#39379937)

Anyway AES is public key encryption.

AES is a symmetric-key algorithm.

Re:a thought (2)

klapaucjusz (1167407) | more than 2 years ago | (#39379775)

could you create an encryption method that generates a new encryption key for every new message.

Yes, modern cryptosystems do that. It's called an Initialisation Vector [wikipedia.org] .

Re:a thought (1)

TheTrueScotsman (1191887) | more than 2 years ago | (#39380315)

You have to share the initialization vector in the same way you have to share the session key.

Breaking either of these boils down to the same problem: breaking the asymmetric (e.g. RSA) keys.

This problem is doable for commonly-used 1024 bit RSA keys with absolutely massive amounts (the sort of thing a rich government may be able to come up with now) of CPU power; but not doable in the medium or long term for 2048 bit or greater keys, Of course, practical quantum computing will change this equation.

Re:a thought (4, Interesting)

adturner (6453) | more than 2 years ago | (#39379785)

That's basically what happens today with most protocols like SSL/TLS. For each new connection, the client and server negotiate a new key via public key crypto like RSA. Actually, based on some comments in the article, like needing more "transactions" to help break the encryption, makes me believe the NSA is actually working to break RSA then AES.

Re:a thought (1)

betterunixthanunix (980855) | more than 2 years ago | (#39379839)

second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.

Sure, but you have to be more specific. A one time pad might meet your definition, as might standard hybrid public/private encryption (which is widely used).

Re:a thought (1)

mlts (1038732) | more than 2 years ago | (#39380433)

PGP does this, as every message/file sent has its own symmetric encryption key, with only the key material encrypted with RSA/DSS.

However, if the public/private key gets broken, all bets are off.

Brute force.... (1)

vikingpower (768921) | more than 2 years ago | (#39379653)

...seems appropriate as a term for how the US government takes its stance towards the rest of the world. Even although broke. How long, yet ?

Re:Brute force.... (2)

Black Parrot (19622) | more than 2 years ago | (#39379827)

...seems appropriate as a term for how the US government takes its stance towards the rest of the world. Even although broke. How long, yet ?

We're not broke, just bleeding.

All the hand-wringing is because certain politicians are upset that we're not spending all of it on the haves.

Re:Brute force.... (1, Informative)

RenderSeven (938535) | more than 2 years ago | (#39380065)

All the hand-wringing is because certain politicians are upset that we're not stealing all of it from the haves.

FTFY

Re:Brute force.... (1)

Anonymous Coward | more than 2 years ago | (#39380249)

All the hand-wringing is because certain politicians are upset that we're not fooling enough people into thinking we're stealing all of it from the haves.

FTFY

Re:Brute force.... (1)

Anonymous Coward | more than 2 years ago | (#39380303)

LOL, what party in the US is not pro big corporations? They're both rabidly big banking, both pro big pharma/medical, both pro agriculture, etc. etc.

Deficit (1, Interesting)

ehiris (214677) | more than 2 years ago | (#39379675)

I thought we were bankrupt. Don't we have better things to spend (or save) our money on?

Re:Deficit (1)

Anonymous Coward | more than 2 years ago | (#39379859)

Debt and on-going budget deficits are not the same as "bankrupt" for the US government. It's not great though.

Though NSA is under DoD, who has been pulling down something like a trillion dollars a year to play with. A couple wars will do wonders for your budget.

So a few million for a data center is like worrying about new shoelaces when you're behind on two mortgages.

Intelligence pays for itself (4, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#39379865)

We use our signals intelligence capability to pass the trade secrets of foreign companies on to our own domestic companies; there is plenty of money to be made from being able to decrypt messages that the NSA intercepts.

Re:Intelligence pays for itself (5, Funny)

Anonymous Coward | more than 2 years ago | (#39379951)

You're Chinese?

Re:Intelligence pays for itself (4, Informative)

digitig (1056110) | more than 2 years ago | (#39380453)

Or French, or American [wikipedia.org] .

Re:Intelligence pays for itself (1)

Forbman (794277) | more than 2 years ago | (#39380057)

In this case, then, there's a market for the NSA to send trade secrets from company X in country Y to a different company in country W, too. Maybe that's how they're funding the whole operation...

Re:Intelligence pays for itself (1)

Relayman (1068986) | more than 2 years ago | (#39380107)

[citation needed]

Re:Intelligence pays for itself (0)

Anonymous Coward | more than 2 years ago | (#39380149)

I wish we actually did that. That would at least have the NSA providing value to the US rather than continuing to be a financial black hole.

"We" (1)

Anonymous Coward | more than 2 years ago | (#39380289)

You may want to reconsider your use of "we". If you don't benefit from this latest expansion of government (which you've implied), and you didn't take part in the decision-making process (which you've also implied), then logically, you are not part of the "we".

How many bits? (1)

Hatta (162192) | more than 2 years ago | (#39379681)

How many bits should we use for encryption now?

Re:How many bits? (5, Insightful)

KhabaLox (1906148) | more than 2 years ago | (#39379763)

How many bits should we use for encryption now?

More.

Re:How many bits? (4, Insightful)

TheGratefulNet (143330) | more than 2 years ago | (#39379911)

and even better: send false positives to waste their time.

perhaps the crypto protocols need enhancing to allow fake bullshit messages that can't easily be told from real crypto stuff.

ie, DOS them.

I know, they have lots of power but it IS a war. war on our privacy and its so blatant now, they don't even try to hide their break-in attempts to us, anymore.

the ONLY reason encryption was allowed in the first place was for banking and online 'business'. if there was not this use-case, we would be disallowed encryption entirely.

Re:How many bits? (4, Informative)

Black Parrot (19622) | more than 2 years ago | (#39379783)

How many bits should we use for encryption now?

If you assume peak computing power is doubling ever n years, they you need one more bit every n years to keep ahead.

And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

Re:How many bits? (1)

JesseMcDonald (536341) | more than 2 years ago | (#39379881)

At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

Re:How many bits? (1)

Anonymous Coward | more than 2 years ago | (#39379889)

It's more than that if you believe the GPU people - something like 10x. Cracking a password using rainbow tables and megabytes of memory is one way of doing it. Just precalculate every possible combination of plain text and encrypted text.

Re:How many bits? (1)

GameboyRMH (1153867) | more than 2 years ago | (#39380479)

And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

Which is the whole point of this new facility according to TFA.

Re:How many bits? (1)

GameboyRMH (1153867) | more than 2 years ago | (#39379791)

As many as you can. I get the feeling from TFA that they can at least crack AES-128.

Re:How many bits? (5, Funny)

Beardo the Bearded (321478) | more than 2 years ago | (#39379807)

Use no encryption and have a sig like mine. Eventually someone gets bored of reading every mundane post and email and puts you on an "ignore" filter.

Re:How many bits? (3, Insightful)

SuricouRaven (1897204) | more than 2 years ago | (#39379823)

I think at this point it isn't about the number of bits, it's about luck, implimentation issues and the search for user error. Doesn't matter how many bits you use if they can sneak a copy of your laptop hard drive and find the key somewhere in swap space, or if your 8192-bit key is derived from a passphrase that's only ten alphanumeric characters, or if they can pull off an effective MITM attack on an SSL by threatening/bribing/asking a trusted certification authority to sign their cert.

Re:How many bits? (1)

Hatta (162192) | more than 2 years ago | (#39379915)

If it wasn't about how many bits you used, there would be no use for the giant cluster they are building.

Re:How many bits? (1)

White Flame (1074973) | more than 2 years ago | (#39379941)

While those are legitimate attack vectors, they do not seem to be what this facility will perform. If it's purely a passive listener of all internet & phone communication, looking for "patterns" and "threats" from the entire haystack, then using stronger encryption would seem to be sensible.

Re:How many bits? (4, Funny)

mhajicek (1582795) | more than 2 years ago | (#39380449)

How many bits should we use for encryption now?

All of them.

Not sure about that (1)

Black Parrot (19622) | more than 2 years ago | (#39379757)

The more messages from a given target, the more likely it is for the computers to detect telltale patterns

IIRC, that's not true, for a good encryptation system.

For a *perfect* encryptation system, the messages would be indistinguishable from random patterns of bits.

Re:Not sure about that (1)

White Flame (1074973) | more than 2 years ago | (#39379995)

(it's "encryption", not "encryptation")

Think of the timing between messages, and the length of messages; those can tell a lot about the communication even without decoding anything. I'm not sure any popular cryptosystem uses junk payloads to thwart that kind of analysis, because of the extra computational and bandwidth burden.

It could also be the case that the NSA does have some weaknesses on popular algorithms, and that the "telltale patterns" fact does hold for bit analysis when the scales get really, really large.

the NSA is watching me (-1, Offtopic)

alen (225700) | more than 2 years ago | (#39379781)

i liked Jo Malone on facebook and now i get their ads on almost every web page. even slashdot

i went to best buy the other day and they asked me about jo malone. the NSA found out i bought it and told everyone

NSA history and modern crypto's impact upon it (3, Informative)

Anonymous Coward | more than 2 years ago | (#39379801)

The whole we-can't-break-codes-anymore story is told in

http://www.amazon.com/Coded-Messages-Hoodwink-Congress-People/dp/0875868142/ref=sr_1_1?ie=UTF8&qid=1331918025&sr=8-1

Coded Messages: How the CIA and the NSA Hoodwink Congress and the People

by Nelson McAvoy, former NSA person, who claims to have been at the early meetings from when the NSA was formed.

A secret role (3, Funny)

K. S. Kyosuke (729550) | more than 2 years ago | (#39379835)

One of its secret roles? Code-breaking your private, personal information. Everybody's a target.

Gee, if that is a secret, I promise not to tell anyone. Anyone joining me on that? Just hope that no one will read this article who doesn't already know, that would kind of spoil it.

Bluffdale?!??!?!?! (1)

OzPeter (195038) | more than 2 years ago | (#39379845)

How sure are you that they are actually breaking into anything there?

Notice how the "crypto guys" are the "old guys"??? (1)

SwedishChef (69313) | more than 2 years ago | (#39379861)

I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

Re:Notice how the "crypto guys" are the "old guys" (1)

Hentes (2461350) | more than 2 years ago | (#39379977)

Because codebreaking has been obsolete since 1978, as the NSA will find out the hard way.

Re:Notice how the "crypto guys" are the "old guys" (0)

Anonymous Coward | more than 2 years ago | (#39380371)

Codebreaking will never be obsolete, most of the time people just plain pick bad passwords.

The former Soviets got caught re-using their one time pads after a year. They were thinking, who would store the eTexts for that long, since OTP is unbreakable?

Re:Notice how the "crypto guys" are the "old guys" (4, Interesting)

TheGratefulNet (143330) | more than 2 years ago | (#39380011)

WHO would work for them, I ask you?

decades ago, the people didn't view their government quite the way they do today. some patriotism did exist and people wanted to help their government. *generally*.

today we all see how invasive and evil our government has become. totally 100% lost its way. almost anything it does, it does badly and hurts people, long and short run.

if I was offered a job for the so-called white hats (which I now see as black hats) I'd turn it down. I would not be able to live with myself knowing I'm helping an evil force become more evil and more forceful.

I do realize a lot of people can easily shelve their ethics and see money-making jobs as separate. but I wonder how many people still believe that if they join the government or gov-sponsored jobs, that they are really HELPING things?

too many black marks on the government. working for them could be as bad as working for the old mafias. the people that they do get, I would not trust. they are whores.

Re:Notice how the "crypto guys" are the "old guys" (1)

El Torico (732160) | more than 2 years ago | (#39380211)

WHO would work for them, I ask you?

Someone who likes lots of money.

Re:Notice how the "crypto guys" are the "old guys" (2)

PerfectionLost (1004287) | more than 2 years ago | (#39380251)

Mostly mathematicians. Where I went to college, after finishing undergrad you either went on to grad school, or you went and worked for the NSA. One of my friends who went to grad school to study abstract mathematics (as well as some encryption) said you could always tell the NSA people from the academics because they had no name tags on.

Re:Notice how the "crypto guys" are the "old guys" (0)

elrous0 (869638) | more than 2 years ago | (#39380459)

Everyone has a price. I'd like to think that most people would stand up to them, but I suspect the vast majority would only negotiate.

Re:Notice how the "crypto guys" are the "old guys" (1)

zill (1690130) | more than 2 years ago | (#39380019)

when a COS let an asset into their HQ and he blew half the station to kingdom come.

In case anyone else didn't get the reference. [wikipedia.org]

Re:Notice how the "crypto guys" are the "old guys" (1)

alen (225700) | more than 2 years ago | (#39380097)

same thing, different tech

you collect data, look for patterns and break the code

if someone is spying to blow up a building then they will do it for months and report back. the code they use for the target will probably never change and you just have to look for similar patterns

Re:Notice how the "crypto guys" are the "old guys" (4, Interesting)

slew (2918) | more than 2 years ago | (#39380493)

I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

Crypto-guys are the "old guys" from a tradecraft point of view. AFAIK, in the NSA, many of the old-guys are involved with developing clever new internal ciphers (so-called classified "suite-A" algorithms). Since many of the "bad-guys" aren't nation states with heavy duty crypto development capablities, they often are using off the shelf stuff like AES/ECDSA (members of the "suite-B" algorithms). Until someone discovers a huge gaping hole backdoor, breaking these "suite-B" algorithms benefit from mostly from brute force (even if you know a few clever tricks that others do not which chops things down an order of magnitude or two). This is pretty much an admission that there is no huge gaping back door in these suite-B algorithms, not that any crypto-tradecraft capability was in trouble.

I find it oddly somewhat comforting that the we have "old-guys" that realize that sometimes the best thing to do is to throw this problem at a box of computers and spend their time on other pursuits. Who knows, this facility might be dedicated to cranking on some clever cracking algorithm that is unknown to the public, all we know it it takes lots of OPS. Isn't surpising to me that cracking these algorithms are hard. As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits).

What am I missing? (5, Insightful)

Fnkmaster (89084) | more than 2 years ago | (#39379867)

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force. Even AES-128 is essentially unbreakable under any known attacks then, since brute forcing a single AES-128 password is so far beyond feasibility, it's absurd. My understanding is that the best known attacks on AES are side-channel attacks, which require only modest computational resources, but need access to the encrypting machine, and related-key attacks that are only effective for certain small classes of keys.

So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

And there have been several reports of FBI and other federal agencies being unable to recover AES-256 encrypted hard drives. So if NSA has the capability to do so even for small numbers of keys using existing computing power, they obviously keep it incredibly restricted and under wraps.

So... this is BS by somebody, right? Either congress is getting BSed into funding stuff that won't do what they're being told it will do, or the public is getting BSed into believing that using encryption is pointless because NSA can real-time decrypt anything, so just don't bother, mmm'kay?

Re:What am I missing? (2)

dkleinsc (563838) | more than 2 years ago | (#39379947)

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force

... known outside the NSA. If they have something that would break AES easily, they probably keep it safely classified.

Re:What am I missing? (2)

Dan1701 (1563427) | more than 2 years ago | (#39380331)

Even if they do have such a tool, it is still effectively useless. By analogy, during World War 2 the allies had broken the German ENIGMA codes, yet had to work very hard to pretend that the code was still secure, to prevent the Germans copping wise to the fact that their codes were useless and devising something better. The same applies here: if the NSA have broken AES, then they cannot use this hack for anything save national security, and must also work hard to prevent the merest suspicion of the hack getting out.

The best thing we could do would be to club together to fund a bounty for information on how to break AES without using brute-force computing, so that we'd know if it could not be trusted (we already know that no government can be trusted to act other than as a self-interested parasite).

Re:What am I missing? (1)

zill (1690130) | more than 2 years ago | (#39380503)

The best thing we could do would be to club together to fund a bounty for information on how to break AES without using brute-force computing

That's basically what academia has been trying to do before Rijndael even became AES. There are more than a dozen papers on AES attacks, the fastest of which is faster than brute-force by a factor of 4.

It basically comes down to whether academia has more brains or NSA has more brains.

Re:What am I missing? (2)

betterunixthanunix (980855) | more than 2 years ago | (#39380013)

My understanding is that the best publicly known general cryptanalytic attacks on AES are only marginally better than brute-force

That is what you are missing.

So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

How would we even know? The NSA will always have an advantage over public research: they have access to all the public research, as well as classified expertise.

Re:What am I missing? (0)

Anonymous Coward | more than 2 years ago | (#39380263)

How would we even know?

The same way they know in the spy business. If something encrypted with AES suddenly becomes public, that's a good indicator.

There is a long history of spies trying to make up a plausible story to cover up the fact that they cracked something or have a well-placed source.

Re:What am I missing? (2)

TheGratefulNet (143330) | more than 2 years ago | (#39380049)

Either congress is getting BSed into funding stuff that won't do what they're being told it will do

"star wars". lasers and shooting bad guys down. hey, idiots in 'elected office' can understand simple things like that. here, take my money!

same here: big supercomputers that cost money, staff to run it and fat budgets to keep it going. wet dreams, no? who would NOT want that? and its an easy sell. the world is filled with terr-a-wrists and we need lots and lots of big blinkinlight computers to keep us save.

here, take my money. how much do you need?

(puke)

Re:What am I missing? (2)

TheGratefulNet (143330) | more than 2 years ago | (#39380121)

"keep us save".

sigh. OT: I really do know the difference between 'safe' and 'save'. so why did I type 'save' on that post? I don't know,;but I'm not alone in this problem and I see lots of people type one thing when they were thinking another. its a real problem. brain rate != finger rate? lost sync in the clock and data streams? something like that.

Re:What am I missing? (1)

Anonymous Coward | more than 2 years ago | (#39380355)

"keep us save".

sigh. OT: I really do know the difference between 'safe' and 'save'. so why did I type 'save' on that post? I don't know,;but I'm not alone in this problem and I see lots of people type one thing when they were thinking another. its a real problem. brain rate != finger rate? lost sync in the clock and data streams? something like that.

Shoulda just dropped it - when I read it I thought you were doing perfect satire of the idiots who make these funding decisions.

Re:What am I missing? (0)

Anonymous Coward | more than 2 years ago | (#39380403)

It's called "proofreading". Handy thing, that "proofreading" is.

Re:What am I missing? (1)

An ominous Cow art (320322) | more than 2 years ago | (#39380511)

Don't worry about it. "serve" -> "server" is even more common :-).

Re:What am I missing? (0)

zill (1690130) | more than 2 years ago | (#39380135)

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force.

That's true for today, yes, but what about 20 years from now?

As long as Moore's law continues any algorithm is suspected to brute-force. The NSA's job is basically to capture as much fresh ciphertext as possible and crack as much of the old ciphertext as possible. All the the DES encrypted stuff from a few years back probably reads like an open book to them right now.

Re:What am I missing? (0)

Anonymous Coward | more than 2 years ago | (#39380195)

FTFA: "The more messages from a given target, the more likely it is for the computers to detect telltale patterns"

Re:What am I missing? (0)

Anonymous Coward | more than 2 years ago | (#39380307)

Efforts to break a cipher become exponentially more difficult when you encapsulate encrypted streams within encrypted streams. Better still would be to rotate the algorithmic stream order.

An example, aes-256 as your container cypher, inside that a Serpent encrypted message that contains a Rijndael encrypted stream that contains your actual message. Each iteration of encryption would divide the likelihood of a brute force success exponentially. Pain in the ass? Yes. But a message that doesn't break by their usually employed means, would definitely get their attention, as well as meet the end goal. Particularly if you rotate keys at each layer. You will effectively push their ability to decrpyt your messages back into the cold war era.

It stores only one bit of information (0)

Anonymous Coward | more than 2 years ago | (#39379869)

It stores only one bit of information. That bit is death.

encrypted message for the NSA (4, Funny)

lemur3 (997863) | more than 2 years ago | (#39379877)

uckfay offway ationalnay ecuritysay agencyway

April 1st? (0)

Anonymous Coward | more than 2 years ago | (#39379927)

Nope

1984? (1)

elrous0 (869638) | more than 2 years ago | (#39380471)

Yep.

Stranger than fiction? (1)

gregthebunny (1502041) | more than 2 years ago | (#39379967)

I think I've been watching too much Person of Interest [wikipedia.org] .

Does Anyone Have Lat/Long Numbers? (1)

BlueStrat (756137) | more than 2 years ago | (#39379991)

Just wondering if anyone has the exact latitude & longitude coordinates for this facility.

Gonna need 'em for programming all the home-brew autonomous high-explosive and incendiary-carrying kamikaze drones needed to take this facility out.

Strat

Re:Does Anyone Have Lat/Long Numbers? (1)

Anonymous Coward | more than 2 years ago | (#39380191)

About 40.449756,-111.942959.
I can see the construction from my office.
It's gonna be BIG

(Ironic captcha: paranoid)

Re:Does Anyone Have Lat/Long Numbers? (2)

KermodeBear (738243) | more than 2 years ago | (#39380213)

I know that you're probably trying to be funny, but in this case discretion may be a better idea.

Re:Does Anyone Have Lat/Long Numbers? (1)

Forbman (794277) | more than 2 years ago | (#39380229)

Strange, I just got a new email from Amazon Web Services and how they've got some new service offerings coming on line soon for the Virginia area...Hmm...

Also of note: (-1)

Anonymous Coward | more than 2 years ago | (#39380027)

It was announced this morning in an e-mail from my sister's uncles mother that it gets light outside after the sun comes up. I'm writing a blog about it, and will submit the article for wicked adsense revenue later today.

One Time DVD or SD anyone? (5, Interesting)

Gim Tom (716904) | more than 2 years ago | (#39380087)

The one time pad could make a comeback in the form of a one time DVD's or maybe even SD or Micro SD chips. I know, it is not scalable due to the problem of distribution. It is also symmetric in that the same "key" encrypts and decrypts, but it is also immune to brute force since your one time key is equal to or longer than the message length. An interesting variation might be to use an image file that is very long, but completely innocent as a pseudo random key and only have two copies of that exact image. The former Soviet Union used a one time cypher for all of their clandestine agent communications.

Who's going to work there? (2)

jfengel (409917) | more than 2 years ago | (#39380101)

The NSA is located in Maryland. At the end of the shift, traffic is bad enough between there and Columbia to block up the Interstates. That includes not just the cryptoanalysts, but the vast support staff: IT, cafeteria workers, security, human resources, etc etc etc.

Who's in Bluffdale? Where is all that support staff going to come from, and what are they going to do with the rest of their lives? Although the NSA is on a military base, a lot of the work is done by civilians, and you can't just order them into the middle of nowhere the way you can with soldiers.

Re:Who's going to work there? (0)

Anonymous Coward | more than 2 years ago | (#39380169)

Despite what its name may lead you to believe, Bluffdale is actually located in a fairly populated area. Its only about 20 minutes south of salt lake city

Re:Who's going to work there? (1)

PerfectionLost (1004287) | more than 2 years ago | (#39380297)

You don't need to actually be at a data center to take advantage of the computational power.

Re:Who's going to work there? (1)

jfengel (409917) | more than 2 years ago | (#39380373)

That's a lot of space for just computers. But then, it's a big thing they're trying to do.

Re:Who's going to work there? (2)

decsnake (6658) | more than 2 years ago | (#39380361)

who's going to be in bluffdale? almost nobody. Security, facility maintenance, remote hands and thats about it. The rest of the folks will be in your way on Rt 32 on their way home from work. Srsly, they are building office buildings where the Ft. Meade golf course used to be. Who do you think is going to be working in those?

Re:Who's going to work there? (2)

trolman (648780) | more than 2 years ago | (#39380533)

The primary problem in Maryland is power. There is not enough generation/transmission available. So the big data centers are being built where free cooling and cheap power can be found.

you FAIL it (-1)

Anonymous Coward | more than 2 years ago | (#39380205)

tops respOonsibility to get some eye Can connect to And reports and 800 w/512 Megs of progress. Any

Let the paranoid run loose! (2)

Relayman (1068986) | more than 2 years ago | (#39380209)

Code-breaking your private, personal information. Everybody's a target.

To target everyone would be a total waste of resources. I would spend as much money figuring out who to target as I would decrypting anything send by that target.

It's like saying, "We're going to mine the whole state of California to find the gold there."

Re:Let the paranoid run loose! (1)

bobbutts (927504) | more than 2 years ago | (#39380393)

Except that in the case of packets, they can be captured and sent along without any disruption to the parties exchanging them. So it's more like being able to discover all the gold by forcing everyone to participate in gold detection (to their detriment) before sending out the mining crew.

Advertisement Networks (0)

Anonymous Coward | more than 2 years ago | (#39380231)

I think the russian brides advertisement with voluptuous women in bikini that popped up near the blurb shows how well that NSA project is fucking useless.

Anonymous because who cares to log in if you are already profiled and cookied? :)

Queue (1)

Anonymous Coward | more than 2 years ago | (#39380277)

smoke and mirrors. The public hears "we need this for cryptoanalysis, brute force code breaking of AES, insert whatever you want the public to know. The reality of it will never be told to the public. This is the NSA people, smoke and mirrors to cover what the are really doing.

HTTPS (0)

Anonymous Coward | more than 2 years ago | (#39380407)

It's been pretty well documented that NSA has systems in place to monitor all internet traffic within the US. With everyone making the switch to using https, I suspect this facility was necessary for them to maintain the status quo.

The quote at the bottom of the page is too fitting (0)

Anonymous Coward | more than 2 years ago | (#39380445)

"With listening comes wisdom, with speaking repentance."

Apparently the NSA is from the same theory of thought and they seem very intent to make sure that whenever we speak they listen...

A tribute (2)

careysb (566113) | more than 2 years ago | (#39380487)

A tribute to "Person of Interest". The Machine.

Wow imagine that. (1)

sunking2 (521698) | more than 2 years ago | (#39380505)

Ask a bunch of people whether they need more resources and they got back a "yes! we can't do your job with what we have".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?