Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Foils Much Internet Encryption

timothy posted 1 year,14 days | from the do-your-taxes-buy-civilization? dept.

Encryption 607

An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.

cancel ×


Sorry! There are no comments related to the filter you selected.

Let us endeavour to create better encription (4, Funny)

ackthpt (218170) | 1 year,14 days | (#44769059)

For awesome powa []

Re:Let us endeavour to create better encription (5, Funny)

The Grim Reefer (1162755) | 1 year,14 days | (#44769089)

For awesome powa []

Hasn't the majority of the internet already applied that twice?

Re:Let us endeavour to create better encription (4, Funny)

snowraver1 (1052510) | 1 year,14 days | (#44769437)

You actually have to do it three times to be secure - like 3DES

Re:Let us endeavour to create better encription (-1, Redundant)

dmbasso (1052166) | 1 year,14 days | (#44769507)

Apply it a forth time, just to make sure.

[comment encrypted with 4ROT13]

Re:Let us endeavour to create better encription (4, Funny)

NettiWelho (1147351) | 1 year,14 days | (#44769141)

Hmm... I have a creeping feeling the NSA has already introduced a vulnerability into the rot13! If you click on encrypt twice the original contents are revealed!

Re:Let us endeavour to create better encription (2)

ackthpt (218170) | 1 year,14 days | (#44769277)

Hmm... I have a creeping feeling the NSA has already introduced a vulnerability into the rot13! If you click on encrypt twice the original contents are revealed!


Hit it a third time and we're all secure again! Quick!


Anonymous Coward | 1 year,14 days | (#44769091)

I love my country.

Works for me (0, Flamebait)

mozumder (178398) | 1 year,14 days | (#44769595)

So do you want the NSA to break Syria's encryption about their chemical weapons attacks?

Or do you prefer we not know that the Syrian government uses chemical weapons to kill civilian populations, affecting public policy?

Which social contract would you prefer government to break? the "Government shouldn't know private activities of foreign governments" or "Government shouldn't allow foreign governments to kill civilians"?

If your privacy is important, then you think that means your government shouldn't monitor foreign communications, correct? And that means you think it's ok for foreign governments to kill civilians as they please? And if you think foreign governments should be allowed to kill civilians, then I guess you don't donate to charity either? Why would you want to help other people, after all?

You can pick either charity or privacy, but you can't have both. Sorry. That's because bad guys have power, and you need more power to overcome those bad guys for the purposes of charity.

So charity or privacy? What's it going to be?

SSH? (3, Insightful)

Phibz (254992) | 1 year,14 days | (#44769095)

I wonder if their list includes SSH

Re:SSH? (-1)

Anonymous Coward | 1 year,14 days | (#44769163)

Unless you exchange private keys offline, manually, preferably not using any temporary electronic storage means, the NSA has your keys.

eveBot intercepts aliceCopter! (4, Funny)

Thud457 (234763) | 1 year,14 days | (#44769339)

surely there should be a ripe market niche for some smart geek to 3D print arduino-controlled quadcopters to facilitate key exchange. hmmmm... hold on, still a few bugs to be worked out...

Re:eveBot intercepts aliceCopter! (5, Insightful)

the_B0fh (208483) | 1 year,14 days | (#44769421)

Just don't use paypal to get funding...

Re:SSH? (4, Informative)

lister king of smeg (2481612) | 1 year,14 days | (#44769427)

Unless you exchange private keys offline, manually, preferably not using any temporary electronic storage means, the NSA has your keys.

um you never exchange privet key's you only share public keys.

Re:SSH? (4, Insightful)

bloodhawk (813939) | 1 year,14 days | (#44769591)

Why would anyone ever exchange private Keys???? The system does not work that way.

Re:SSH? (1)

Anonymous Coward | 1 year,14 days | (#44769179)

I wonder if their list includes SSH

It certainly includes threats to HTTPS, so that seems likely.

The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.

Re:SSH? (5, Insightful)

lgw (121541) | 1 year,14 days | (#44769243)

I'd wager that the fundamental flaw in HTTPS is that the government has the private keys direct from the CAs. The protocol is flawed in the key management (as most are).

Re:SSH? (3, Interesting)

jasno (124830) | 1 year,14 days | (#44769325)

Yeah, I figured they can always classify the private keys as business records and request them via subpeona. Nothing in the law prevents it.

Re:SSH? (3, Insightful)

MightyMartian (840721) | 1 year,14 days | (#44769363)

Yes, it goes without saying that the supreme weakness of key-based encryption is that you're only as secure as the security of the signing keys themselves.

The proper way to do it is to have your CAs sitting on a non-network connected computer sitting in a secure location, with as few individuals having access as possible. Obviously that's not 100%, as the NSA could still show up with a warrant, but you're going to know when you've been compromised, which is, really, the whole point behind proper key management.

Re: SSH? (0)

Anonymous Coward | 1 year,14 days | (#44769561)

problem is no one will auto trust your own CA.

NSA wouldn't have your SSL private key but could make an undetectable MIM attack if the CA gives them a seperate cert with your servername. Would be detectable if users checked thumbprint or public key. That is only way I see this being possible. This case self signed certs would be safer.

Re:SSH? (4, Informative)

Yaur (1069446) | 1 year,14 days | (#44769187)

The claim is VPNs and SSL... so either a break in RSA or AES, either way SSH would be covered. But there are so few details in the story its hard to know how technically competent the staff who reviewed the documents and therefore how serious the threat is.

Re:SSH? (1)

the eric conspiracy (20178) | 1 year,14 days | (#44769337)

The key generation process seems to me to be susceptible to corruption. []

Not so much when it's done locally like in SSH.

Re:SSH? (2, Informative)

SolitaryMan (538416) | 1 year,14 days | (#44769499)

Sounds like a pile of steaming bullshit to me, to be honest.

Re:SSH? (5, Informative)

amorsen (7485) | 1 year,14 days | (#44769543)

The claim is VPNs and SSL... so either a break in RSA or AES, either way SSH would be covered.

You do not need to break RSA or AES to break a lot of VPNs. I.e. if you use aggressive mode IKEv1 PSK (typically plus XAUTH, but that does not actually help), the shared private key can be recovered by offline attacks. NSA supercomputers should have no problem handling most keys. Alternatively, if certificates are used, many organizations buy premade certificates including secret keys instead of going through the trouble of generating their own secret keys. That means the NSA only has to compromise the few certificate vendors.

And this is just the passive attacks the NSA can do. If they actively interfere, they can use downgrade attacks or (for HTTPS) the various TLS vulnerabilities or use proper fake vendor certificates or all sorts of other mischief. That is harder to pull off unnoticed of course.

Very little equipment supports IKEv1 with "raw" RSA keys (no certificates), even though that takes the whole PKI problem away and avoids aggressive mode. I'm only aware of (free|open|libre|strong)SWAN and RouterOS. IKEv2 is almost non-existent, and what little equipment supports it tends to only support the equivalent of IKEv1 main mode with PSK or certificates -- precisely the areas where IKEv1 is already good enough.

For those of us who use proprietary encryption acceleration: how do we know that the session keys are chosen securely and not divulged with steganography somehow? I know that products have existed which did exactly that, revealing part of the encryption key in the encrypted data stream (and I know that because the vendor was fairly open about the practice).

Re:SSH? (5, Informative)

Anonymous Coward | 1 year,14 days | (#44769205)

I wonder if their list includes SSH

OpenSSL came from SSLeay, which was created outside of the US specifically for this reason.

Its not a technical attack in the first round;

    The long, strong arm of the NSA
    July 27, 1998
    Web posted at: 4:15 PM EDT []


    It's gotten to the point where no vendor hip to the NSA's power will
    even start building products without checking in with Fort Meade first.
    This includes even that supposed ruler of the software universe,
    Microsoft Corp. "It's inevitable that you design products with specific
    [encryption] algorithms and key lengths in mind," said Ira Rubenstein,
    Microsoft attorney and a top lieutenant to Bill Gates. By his own
    account, Rubenstein acts as a "filter" between the NSA and
    Microsoft's design teams in Redmond, Wash. "Any time that you're
    developing a new product, you will be working closely with the NSA,"
    he noted.


    Clearly wary of granting the government supervision over its products,
    Microsoft has stubbornly refused to submit a data-recovery plan, even
    though the Redmond giant already includes a data-recovery feature in
    its Exchange Server.

    "The Exchange Server can only be used when this feature is present,"
    Rubenstein said. "Because we haven't filed a product plan, it's harder
    for us to export this than for companies that have filed plans."


Re:SSH? (0)

Anonymous Coward | 1 year,14 days | (#44769331)

    The long, strong arm of the NSA
    July 27, 1998
    Web posted at: 4:15 PM EDT []


And nothing has changed in at least the last 15 years;

    Revealed: how Microsoft handed the NSA access to encrypted messages
    The Guardian, Friday 12 July 2013 03.53 AEST


    The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's portal from the
    moment the company began testing the service in July last year.

    Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption
    on chats

    A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with
    the issue. "These solutions were successfully tested and went live 12 Dec 2012."

    Two months later, in February this year, Microsoft officially launched the portal.

    Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and emails will be unaffected because Prism collects this data prior to encryption."

    Microsoft's co-operation was not limited to An entry dated 8 April 2013 describes how the company worked "for many months" with
    the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate
    authorization to its cloud storage service SkyDrive.

    The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that
    many analysts may not have known about".

    The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the
    result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

    A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to
    understand an additional feature in which allows users to create email aliases, which may affect our tasking processes."

    The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663
    million global users.

    One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio
    portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete
    'picture'," it says.

    Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.


Emphasis mine (and the NSA's).

Uh... okay (5, Insightful)

cryptizard (2629853) | 1 year,14 days | (#44769101)

I believe the "working with industries to install backdoors" part, but the cracking internet standards encryption? Nope. The report doesn't even say what they are supposed to have cracked, only some nebulous "widely used internet encryption". Do they have a ton of computation power? Yes. Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.

Re:Uh... okay (0)

Anonymous Coward | 1 year,14 days | (#44769117)

Root CAs have been in the NSA's back pocket since Day 1. HTTPS has never offered any protection against the prying eyes of government.

Re:Uh... okay (1)

cryptizard (2629853) | 1 year,14 days | (#44769131)

That's why I said I believe that part. What I don't believe is that they have cracked any widely used standard protocols like the article implies.

Re:Uh... okay (1)

geekoid (135745) | 1 year,14 days | (#44769159)

Nope. But go on with your lunacy.

Re:Uh... okay (5, Insightful)

cryptizard (2629853) | 1 year,14 days | (#44769199)

I don't know that it is necessarily true, but I wouldn't bet my life that they don't have a backdoor on at least one root CA. Remember, you don't need all of them, just one can do a lot of damage.

Re:Uh... okay (2)

Hatta (162192) | 1 year,14 days | (#44769317)

What reason do you have to believe that they haven't compromised the CAs? All it would take is one NSL, which the CAs could never appeal, or tell anyone about. Why would they not do that? Do you know of an alternative method that would be more effective?

Re:Uh... okay (2)

Yaur (1069446) | 1 year,14 days | (#44769263)

Even if the CA were in your back pocket how would you go about generating a rogue certificate with the same fingerprint as the real one?

Re:Uh... okay (1)

someSnarkyBastard (1521235) | 1 year,14 days | (#44769489)

How many people check the cert fingerprint? If the rogue cert has the a good root CA signature then most browsers will likely not flag it and that is probably as far as most users go towards verifying their SSL traffic is not being snarfed by a MITM attack.

Re:Uh... okay (1)

amorsen (7485) | 1 year,14 days | (#44769583)

There are some nice "QuickSSL" products from the various CAs, which offer to generate certificates without the hassle of you making your own secret key. For those, having the CA in your back pocket is extremely useful.

Re:Uh... okay (1)

MightyMartian (840721) | 1 year,14 days | (#44769383)

So, don't use them. It's trivially easy to build your own secure CA. Whatever technical prowess the NSA may have (and I'm sure they probably have more than any other single organization on the planet), the likelihood that they're going to be able to crack encrypted communications using keys you've signed with your own private CA are pretty bloody low.

Key distribution (1)

jotaeleemeese (303437) | 1 year,14 days | (#44769523)

The CAs' public keys come with your browser (or SSL client, it could be a web server or other piece of software). If you sign your own the problem becomes to distribute the keys.

Also it is trivial to stop the server with your private keys serving authentication requests. Governments will say terrorism, national security or one of those scary words and no judge will try to defend you rights, as shown in the UK they will even widen a narrow law to suit the needs of the security and/or intelligence bodies.

We are really fucked.

Re:Uh... okay (2)

thoromyr (673646) | 1 year,14 days | (#44769555)

Cracking encryption isn't a crap shoot -- its not like they get a single roll of the dice and say "damn, we didn't crack that one" -- it is just a matter of time. The question, really, is "how much time would it take to crack this encrypted communication" and the answer depends on a lot of factors. It rarely, if ever, is the theoretical limit to difficulty. A trivial example is the debian fiasco where nearly all entropy was removed from key generation. That is a bit extreme, but the point stands that the difficulty is, due to implementation issues and side channel attacks, very likely less than the theoretical.

It is popular to express the difficulty of decryption in time-to-decrypt. Even if the difficulty were always the theoretical this would still be wrong. There are orders of magnitude difference in computing power that can be applied. Just switching from a fast CPU to a good GPU will give you a very nice speed up -- and that is before clustering. Periodically I have to update a "time to crack a password based on complexity rules" table and its sad. Anyone using that kind of guidance is being misled: it isn't even useful for doing relative comparisons. "But these complexity rules mean that my password is 1000x harder to crack" is meaningless if it can still be done in less than five minutes.

Yes, breaking SSL is not the same as cracking passwords. But the same principles apply: a guided attack will usually perform far better. Periodically there is news in the security field about a vulnerability that made communications/stored files/SSL encryption much less strong than it should have been. And some people still don't see why the NSA maintains recordings of encrypted sessions. Can't crack it within a year? Better luck next month.

But regardless of any of that, it isn't going to do you much good to generate your own certificates when you connect to Amazon, Facebook, Google, etc., etc., etc.

Re:Uh... okay (1)

Charliemopps (1157495) | 1 year,14 days | (#44769557)

They said "the majority of" which is not what you're talking about. Even most security minded people don't bother with a private CA. I think most of their "cracks" don't even bother with the encryption anyway. If they have as many back doors as it looks like they do, and they have data collection at nearly every major hub in the world as well as equipment in all the ISPs they are reading so much of your data (basically ALL of it from both ends) they will know just about everything you do. It doesn't really matter if the email was encrypted if they have a keylogger on your PC or can remotely log into the webcam of the guy sitting next to you's laptop. It's kind of like the "eye of sauron" thing. They may not be omnipotent and able to target everyone at once, but once their eye turns your way there's little you can do about it short of jumping into a volcano.

Re:Uh... okay (1)

AmiMoJo (196126) | 1 year,14 days | (#44769173)

No cracks in commonly used encryption, just a lot of computing power to brute force it. I remember 10 years ago there was speculation that for a few billion dollars you could build a machine capable of cracking common codes in a few months, and that the some countries probably had them already.

Re:Uh... okay (3, Insightful)

cryptizard (2629853) | 1 year,14 days | (#44769245)

No, no and no. It would take a SIGNIFICANT theoretical break on encryptions to bring them within the realm of brute force capability. Even 80 bits of security is considered well outside of the reach of existing machines, and AES has at least 128 bits. Remember, every bit doubles the amount of time it takes to brute force. It would take all the computers in the world billions of years to brute force one key.

Re:Uh... okay (1)

Bert64 (520050) | 1 year,14 days | (#44769525)

But while there's potentially 2^128 possible keys if correctly implemented... Who's to say that the individual implementation actually generates keys truly randomly? A flaw in the key generation algorithm can significantly weaken the system as a whole while still using a strong encryption algorithm.

Re:Uh... okay (1)

dmt0 (1295725) | 1 year,14 days | (#44769477)

No cracks in commonly used encryption, just a lot of computing power to brute force it. I remember 10 years ago there was speculation that for a few billion dollars you could build a machine capable of cracking common codes in a few months, and that the some countries probably had them already.

You don't crack commonly known encryption, you just design flaws right into it at the standard level:

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says

Re:Uh... okay (5, Interesting)

Hatta (162192) | 1 year,14 days | (#44769189)

Cracking doesn't mean brute force. If you compromise the key, the encryption is just as surely cracked. Chances are what they really mean here is that they've compromised the certificate authorities that are trusted by default by most web browsers. Turns out self signed certificates really are more secure.

GPG and SSH are probably safe as you generate your own keys on the local machine.

Re:Uh... okay (5, Informative)

dgatwood (11270) | 1 year,14 days | (#44769371)

No need to compromise anything. They just need a single CA to be complicit with a court order to produce a certificate that signs an NSA-provided key for a specific site. Then, they can freely MITM that site. SSL is swiss cheese as security goes, because certs are automatically trusted if signed by a CA, are never stored, and their designated requirements are never checked when determining whether a new key should be trusted or not. In short, SSL is a train wreck.

Self-signed keys are not more secure. If a site goes from a self-signed cert to a signed cert with a different key, most browsers do not display any warning. Although you can install anti-MITM tools that produce a warning when the key changes, those tools would detect such a government MITM whether you're using a CA-signed cert or a self-signed cert. By contrast, a CA-signed cert makes it much harder to perform a MITM attack the first time a user goes to your site, effectively limiting such attacks to those who can convince a CA to give them a cert for your site. Guess which is more likely.

Re:Uh... okay (0)

Anonymous Coward | 1 year,14 days | (#44769279)

They don't need to crack AES. If they can solve integer factorisation, or the discrete logarithm problem efficiently then RSA, DH, and ECC fall - ie, AES key exchanges performed using public key crypto are broken, and the AES keys are retrievable. Sure, encryption is still possible with some other means of secure key exchange, but that's not how most people currently do their communication.

Note that no-one has been able to prove there are no efficient solutions to integer factorisation or discrete logs - maybe the reason those proofs is so elusive is because it doesn't exist.

It's possible they've solved only one of them. My bets would be on factorisation - this would explain why the NSA is so keen for US government to use methods based on discrete logarithms.

Re:Uh... okay (1)

thue (121682) | 1 year,14 days | (#44769303)

I am pretty sure they are refering to stuff like this: []

Re:Uh... okay (1)

steelfood (895457) | 1 year,14 days | (#44769343)

Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.

Here's hoping Wikileaks or some other organization will publish more details on what's been compromised.

Re:Uh... okay (0)

Anonymous Coward | 1 year,14 days | (#44769407)

True, but then you don't need a ton of computing power if you break into companies servers and steal their certificates/decryption keys, or more likely you force Google, Facebook etc to give them to you. Furthermore, the article describes that the NSA has purposefully promoted standards with weaknesses that only they are aware of, whose to say they haven't contracted with hardware companies to provides specialized equipment to exploit these weaknesses?

Re:Uh... okay (1)

StripedCow (776465) | 1 year,14 days | (#44769537)

Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.

That might be because NSA may have forward-engineered some tricks/backdoors into AES. Doing the reverse-engineering may be much harder.

The good news is that you can change your password (0)

Anonymous Coward | 1 year,14 days | (#44769103)

back to 1234.

Re: The good news is that you can change your pass (1)

techprophet (1281752) | 1 year,14 days | (#44769365)

I never even changed away from that

More technical discussion (5, Informative)

veg_all (22581) | 1 year,14 days | (#44769107)

From Bruce Schneier Here [] and here [] .

Also a nice call to arms here [] .
"I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better."

Re:More technical discussion (5, Insightful)

stenvar (2789879) | 1 year,14 days | (#44769443)

but the US has proved to be an unethical steward of the internet. The UK is no better

Any nation would prove to be an unethical steward of the Internet: power tempts and corrupts, whether it's the power to control the Internet, the power to wage war and kill people, the power to mess with the economy, or the power to hand out "benefits" to people.

The only solution to any of these problems is to rely on decentralized mechanisms that can't be controlled and corrupted by central authorities, and to limit the power of governments as much as possible and to the absolute minimum.

Re:More technical discussion (0)

Anonymous Coward | 1 year,14 days | (#44769519)

We need to pass a law to guarentee that governments have as little power as possible.

Re:More technical discussion (1)

Opportunist (166417) | 1 year,14 days | (#44769521)

Well, where do you want to put any part of it that won't bend over if the US says so?

Re:More technical discussion (1)

veg_all (22581) | 1 year,14 days | (#44769571)

I believe this is discussed in link #3 above. Cogently.

Re:More technical discussion (1)

Yaur (1069446) | 1 year,14 days | (#44769465)

Way more useful that what is linked in the summary.

The lede leaves out two important points (2, Interesting)

Anonymous Coward | 1 year,14 days | (#44769115)

1. The NSA actively worked to gain control of standards processes and subvert them.

2. The NSA covertly employs people in telcos without the knowledge of the telcos.

The sound you hear is the sound of the last 20 years of work in academic and industry, on standards
and code, on processes and procedures, quietly disintegrating.

And the crucial details.. missing (4, Insightful)

hydrofix (1253498) | 1 year,14 days | (#44769119)

All articles are missing the crucial details; namely which cryptographic algorithms have been successfully cracked and under which parameters. Guardian writes:

The three organisations removed some specific facts but decided to publish the story because of the value of a public debate about government actions [...] .

Yet, the article does claim this:

"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.

But they also quote Snowden that:

"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on," he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.

Maybe we still have some hope?

perspective (3, Interesting)

geekoid (135745) | 1 year,14 days | (#44769235)

the NSA has done over a 100,000,000 million legal searches.
From all the leaked records, 22,000 are questionable. Those 22,000 lie everywhere between needing a judicial interpretation, to blatant breech.
The leaks also show NSA's number one whistle blower to the courts is the NSA. They report them and correct them.

Not to excuse there blatantly illegal searches, but to thing the whole system is some corrupt entity that s out to get everyone is simply wrong.
No evidences supports that at all.we have a lot of hope becasue none of the evidences shows it to be nearly as bad as the media claims. And certainly nowhere near where the chicken littles on /. claim.

Re:perspective (1)

intermodal (534361) | 1 year,14 days | (#44769577)

That's fine and well in a ballbearing factory where the defective ballbearings are simply rejected and not used. But the NSA is not a ballbearing factory, and instead of being defective, each of those 22,000 violations of constitutionally guaranteed civil rights is a large problem that does not simply disappear due to "reporting and correcting" them. So I'm sorry, but your argument doesn't hold up.

Re:And the crucial details.. missing (1)

Anonymous Coward | 1 year,14 days | (#44769237)

I think that implies that some popular implementations of otherwise secure algorithms are compromised. They mention having the NSA social engineer the drafting of industry standards to be insecure, for example. Although a lot of these standards are technically open, few people are apparently reading them, and I'm sure it's not out of the realm of possibility that a subtle detail can be changed somewhere to make what seems like a secure implementation computationally more vulnerable to cracking.

They also mention having industry cooperate in placing backdoors, which seems to imply that there are many standards which are secure but commercial vendors are paid/strong-armed to introduce a backdoor into the product. I wouldn't trust a Cisco or Juniper (or any other major vendor) VPN appliance, for example.

Many popular encryption algorithms have had a lot highly intelligent of eyes looking at them to vet them but it's harder to trust that software that implements those algos are doing it properly.

We need to push The Guardian and etc. to be more specific as to which technologies are compromised so that we can protect ourselves. I believe they have a public duty to do so.

Re:And the crucial details.. missing (3, Insightful)

Laxori666 (748529) | 1 year,14 days | (#44769281)

Could they have just Man-in-the-Middle'd a whole ton of HTTPS connections? If they get certificates signed by the right authorities and have access to backbone routers, can't they just read HTTPS as if it were not even encrypted?

Re:And the crucial details.. missing (4, Insightful)

hydrofix (1253498) | 1 year,14 days | (#44769435)

Yes, but this could show up with tools like SSL Observatory, which has recorded millions of certificates from different web sites as seen by hundreds of thousands of Chrome and Firefox users globally. They would risk eventually exposing themselves, and the CAs who signed those bogus certificates for NSA would get nuked from all browsers, which is the absolute worst thing that can happen to a CA. If they use fake certs and MITM, it would have to be very elusive, and carry a calculated risk of exposure.

Hacking private keys (1)

jdev (227251) | 1 year,14 days | (#44769467)

Here's what I found in the article.

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

So various agencies hack companies' servers to obtain their private keys. Those keys get stored in some central NSA database and are used later to decrypt messages. That would indicate they didn't break all the encryption algorithms, but are getting around them via other means. Of course, it does sound like the NSA has backdoors in other protocols which let them get in. That part has been known for years, but hacking companies' servers sounds like something new. And probably illegal.

Re:And the crucial details.. missing (2)

DMJC (682799) | 1 year,14 days | (#44769509)

I think it's pretty safe to assume that all Cisco products have been cracked and the NSA has backdoors into all the infrastructure gear.

Re:And the crucial details.. missing (4, Insightful)

steelfood (895457) | 1 year,14 days | (#44769533)

There are literally hundreds of places to attack encrypted communications. The encryption algorithm itself is just one component in a chain that must be and remain secure. The NSA only needs to compromise one part of that chain to compromise the entire system.

It can be a mathematical breakthrough. It can be an implementation flaw. It can be an implementation flaw of any related--however loosely--system. It can be an embedded individual on one end. It can be a specific external device. It can be a component--however marginal--of a device. It can be a (secret) court order. It can be a xkcd-style baseball bat to the knee to one or both parties. It can be negotiated with one or both parties.

The founders knew this. They understood that an individual with limited resources had no chance against the government who would have relatively unlimited resources (the government's resources is the country itself, so it really is Person vs. United States), and the only way to prevent, stop, or avoid such a scenario is for the government to check and balance itself. Those checks and balances have (mostly) failed. We as individuals have no recourse.

There's always hope, but you'd be deluding yourself if you think there's any chance.

Re:And the crucial details.. missing (1)

poptartx (3044371) | 1 year,14 days | (#44769559)

I agree. Ssl, https are based on certs bought, but most of the popular encryption techniques that "are not" cracked yet(256AES) where developed for the U.S. The reason it was created was for a governenment contract, this makes it validity skeptic. We need an strong encryption standard made for the masses by the masses. There is no money making ciphers for free. This is one of the most inportant issues we face as a people. Ofcourse the opposition will say if you have nothing to hide why do you need encryption. I answer them by saying, do you like that creepy feeling of someone looking over your shoulder while you read. I wish a project manager with some brilliant math friends would start work on a stronger cipher for the masses. There might now be a lot of money, but you would be loved.

INteresting ebcasue (1)

geekoid (135745) | 1 year,14 days | (#44769137)

all the leaked evidence suggests otherwise.

So much for open source... (1)

dmt0 (1295725) | 1 year,14 days | (#44769143)

"Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

So much for having your source open. It takes time to find bugs even in standards that guide the way software is written. How many people are out there who are qualified to find such issues in the code?

Re:So much for open source... (1)

Impy the Impiuos Imp (442658) | 1 year,14 days | (#44769345)

One would think "somebody" does it. People who know the latest of each kind of crypto work on it as a hobby or professionally. I also assume people have hardware monitors on Windows (and other OS machines) at their router level and understand every single packet going out from the computer, and their contents, of the base OS. Does MS really only phone home for things they say in their EULA?

Take the power back (0)

Anonymous Coward | 1 year,14 days | (#44769165)

Scheiner's related call for engineers involved in creating backdoors to develop a conscience :

I'm stunned. (0)

Anonymous Coward | 1 year,14 days | (#44769167)

The NSA invented using computers with faster processing power to crack encryption?! I'm absolutely stunned that such a fine federal level agency has discovered such a feat with only the use of a giant budget.

The View From Jerry's Desk. (1, Interesting)

bmo (77928) | 1 year,14 days | (#44769185)

When writing finite bits to the disk sector, there is a finite probability that the resultant string of randomised bits MAY in fact generate something incriminating.

For example: (regardless of how unlikely this may seem), any string of random characters may well create a brand new wordfile on the computer by pure chance .. which contains legible words, which string together to form sentences which may in turn connect the previous owner of the hard disk with Al-Qaida, the Mafia, insider trading, un-patriotic activites, Linux 'development', or any manner of unsavory activities.

The larger the hard disk being randomly 'wiped' in this fashion, the greater the probability that some new and undesirable content would be created by chance.

I for one would NOT place my trust in such a tool, risking a lifetime of torment in Guantanimo Bay in exchange for the 'security' of having my hard disk cleaned prior to resale.

The solution ? One should purchase a new copy of the Windows 8 for the said hard disk, and install this on the disk. This would effectively wipe clean the disk of any previous content. The disk could then be disposed of cleanly, with a note that the new owner must purchase another legal copy of the Windows 8 before installing the disk.

In this situation - everyone wins.


Re:The View From Jerry's Desk. (0)

Anonymous Coward | 1 year,14 days | (#44769313)

Final step: dd if=/dev/null of=/dev/sdz

Re:The View From Jerry's Desk. (1)

wonkey_monkey (2592601) | 1 year,14 days | (#44769397)

What has this copypasta from 2007 (or before) got to do with anything?

I for one would NOT place my trust in such a tool

And yet you walk the streets every day blithely ignoring the much greater probability of being struck by a falling meteorite?

Re:The View From Jerry's Desk. (0)

Anonymous Coward | 1 year,14 days | (#44769425)

Assuming you trust Microsoft, yes. (As in that it does as advertised, and also that it not having a Machiavellian plot that it scoops the contents of the sectors prior to overwriting and sends them off to NSA as available to do so.)

An even better method: Pull the hard disk, drill multiple perforations through the disk surface. Crack the case, pull the platters, and throw them into a roaring fire (or better still a Terminator-esque crucible of hot molten steel.) Sell machine without a hard drive. Your buyer will pay less and you will be secure.

Everybody wins.

Re:The View From Jerry's Desk. (1)

dgatwood (11270) | 1 year,14 days | (#44769451)

One should purchase a new copy of the Windows 8 for the said hard disk, and install this on the disk. This would effectively wipe clean the disk of any previous content.

I think you're on the right track. Installing a single copy of Windows 8 should fill pretty much any hard drive, thus completely overwriting any contents that might have been there before.

Trojan (5, Funny)

Anonymous Coward | 1 year,14 days | (#44769191)

So I'm left with the impression that the NSA will add features in return for improved access.

SELinux comes to mind as a gift from the NSA to the Linux community. A gift with a hidden payload.

Hmm.... We can call it Trojan Linux. Ribbed for your pleasure. The ultimate in back door penetration.

Don't worry (0)

Anonymous Coward | 1 year,14 days | (#44769197)

No need to worry, actually telling companies of these vulnerabilities and helping to secure all of global commerce isn't a goal worth pursuing as long as the US can spy on people. The billions of dollars lost every year to theft, botnets, and other such attacks are of no consequence. Nor is revelations of spying and the loss of billions of dollars in US dominated cloud infrastructure and operations of any consequence so long as a handful of terrorists can be claimed to be caught. You might have a low paying temp job if any job at all, because of global economic effects more people will starve to death and die of disease because they can't afford food and medicine otherwise bought by jobs created by a better performing economy; But you'll be a tidbit safer from potential terrorist attacks! Have a nice day citizen, and remember, you'll only be directly affected by all this if you're muslim or know anyone personally at the NSA because they're probably spying on you.

I've got really good encryption (1)

SnarfQuest (469614) | 1 year,14 days | (#44769213)

I've got a really really strong encryption method that is impossible to decrypt. But that's the problem, it's impossible to decrypt.

Re:I've got really good encryption (1)

Thud457 (234763) | 1 year,14 days | (#44769411)

Bah, that's easy.
With MY algorithm, you don't even need to transmit the message to me, I can just generate it locally.
Heck, that's faster than the speed of light, time to fire up the patentbot9000 again!

Yes (1)

MRe_nl (306212) | 1 year,14 days | (#44769257)

Code breaking.
That is sort of what their stated mission is.
Not that i believe the premise of the article.
Which encryption, and more importantly how long does it take?
Shouldn't it be "NSA foils a lot of encryption" or "NSA foils most encryption" instead of "much encryption"?
It don't sound right to me.
"from the do-your-taxes-buy-civilization? dept"; are we referencing slashdot users sigs in the by-line now?

Suprising why? (2)

The Grim Reefer (1162755) | 1 year,14 days | (#44769265)

Does anyone really find this surprising? Wasn't it a few years back that the NSA told the banks that 128-bit encryption was perfectly safe, but mandated that the military switch to 256?

Nice. (1)

MobSwatter (2884921) | 1 year,14 days | (#44769269)

So now they've created a high value job because of the level of information access and made breaking the law classified on top of it!!! Next they will be hiring directly from minimum security detention facilities.


Anonymous Coward | 1 year,14 days | (#44769275)

Yes, where is Single Ply Two Squares Crow now? I miss her and her edgy guitar strap. I guess she's so busy sniffing her fingers, she doesn't have time to protest another illegal war.

SSL Obviously (1)

mrspoonsi (2955715) | 1 year,14 days | (#44769299)

The picture on the guardian site mentions:

CA Service Requests (certificate authority)

Now the question is...what is hardware accelerated decryption, they would not need this if they had the keys....they must have a weakness in SSL in its current form, one they can quickly get that sessions encryption, and if it cannot break in real time, then the encrypted data is saved for later.

Microsoft (0)

Anonymous Coward | 1 year,14 days | (#44769333)

Back around year 2000 Microsoft had a long quote emphasizing on everyone's Windows XP updater that encryption was so strong that it would take the age of the universe and all the energy in the universe to decrypt 128bits.

I call bullshit (4, Insightful)

JoeyRox (2711699) | 1 year,14 days | (#44769349)

The NSA can crack 4096-bit PGP keys? I doubt it. Seems like FUD to dissuade people from even attempting to use encryption

Lenovo? (5, Interesting)

steelfood (895457) | 1 year,14 days | (#44769389)

From ProPublica:

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

Who else remembers the debacle about the government no longer purchasing Lenovo computers? I remember some people saying that if the U.S. government is making all this fuss about it, they're probably the ones doing it.

This seems to indicate those people are correct.

Remember when RSA was hacked? (1)

thejynxed (831517) | 1 year,14 days | (#44769415)

They claimed it was "China". Now we know the truth.

My guess is for most of their easy-mode access, they are actually using a rootkit of some sort to simply pass along whatever they want before any encryption is applied.

10 year NSA program... (0)

Anonymous Coward | 1 year,14 days | (#44769417)

"A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly 'exploitable'."

The Slashdot article last month about RSA encryption failing in 5 years may in fact be behind the times. The only things that come to mine when reading the above blurb are a successful attack on 3DES, AES, RSA, or Diffie-Hellman.

NSA did it... (1)

MetricT (128876) | 1 year,14 days | (#44769479)

Over the past few years I have read about mind-boggling exploits in protocols WEP, WPS, and now IPMI. I have always thought it was either "idiot programmer who doesn't understand security 101" or "NSA". I think it's fairly obvious that a number of these things probably are their doing. Wonder if they are legally liable for the cost imposed on others to fix/repair/restore?

Usual Slashdot FUD (0)

Anonymous Coward | 1 year,14 days | (#44769485)

There is ZERO 'magic' cracking of encryption algorithms by the NSA. There are ZERO magic supercomputer facilities breaking into encrypted data that the informed community considers mathematically secure.

The NSA gets into people's data the same as everyone else- weak encryption- weak passwords- NSA backdoors in ALL significant commercial software- NSA backdoors in ALL major significant 'open-source' projects. You know, the usual age old methods of SPYCRAFT.

The NSA also spends tens of millions of dollars every year in propaganda stories like this one promoted by the owners of Slashdot. They are designed to weaken the resolve of users to use BEST PRACTICE. Make a thing seem 'pointless' and plenty of people won't take it seriously in the first place.

NSA full surveillance is NOT about slurping every piece of electronic data- it is about slurping almost every piece of data, and improving the dirty methods used to slurp data naive users think is secure is some way, including commercial encryption from Microsoft or Google. Compare with the NSA spy platform, Bill Gates' Xbox One. Will every idiot that buys this console set it up for optimal NSA spying? Of course not. The NSA is happy with the 95% of owners who will leave Kinect attached and the router connection permanently on. After all, the NSA can't get into the livings rooms of those that DO NOT buy the Xbone, can they?

Strong encryption defeats everyone. Deleting your HDD data properly (over-writing with 'trash' files full of random data) defeats everyone. The monsters that rule over you do NOT have access to 'magic' (even when you define 'magic' as significant secret technology). The NSA fear P2P end-point encryption above EVERYTHING else. P2P end-point encryption no more protects serious criminals than any other method (you become a target, and they'll watch you enter your password if necessary). But if ordinary users moved to such protected methods, the default slurping of ALL our available data would end.

PS we are seeing how Snowden, just like Assange, is a carefully managed FUD operation. Both men were purposely given access to large amounts of 'data' that is both laughable false, and serves the interests of those that rule the West. The three-ring-circus legitimises the 'leaks' from the manipulated dummies in the minds of the sheeple. And for those of you too thick to know anything of your History, the British were the masters of exactly this ploy during the time of WW2. The degree to which false information created by the British manipulated the Nazis is one of the most astonishing events in Human History. The pen is infinitely mightier than the sword, and 99.9% of your here have no critical facilities whatsoever. To fool you (given a fraction of the black ops budget of tens of BILLIONS that the intelligence operations of the West spend every year) is actually easier than taking candy from a baby.

Re:Usual Slashdot FUD (-1)

Anonymous Coward | 1 year,14 days | (#44769541)

This post is absolutely, 100% bullshit.

The NSA can MITM all SSL connections, because they have all of the Root CAs in their back pocket.

There's a reason that the NSA has hired almost every single winner of the code obfuscation contest.

You, sir, are a naive idiot.

Land of the free (1)

Hamsterdan (815291) | 1 year,14 days | (#44769515)

Glad I live in Canada, hold on, someone's knocking on my door...

Why is that organization still legal? (2)

Opportunist (166417) | 1 year,14 days | (#44769549)

By any stretch of the definition it fits the pattern as an organization that has a harmful, if not outright destructive, impact on the stability of the country and its relationships to other countries.

But probably they already have more than enough dirt on any politician to keep them in line. It's kinda scary if you think about it.

shared private passwords (1)

goffster (1104287) | 1 year,14 days | (#44769553)

Between two individuals:
It seems to me that encryption based on a shared private password
and then encrypted again with public/private key encryption gains you the best
of both worlds.

Obligatory... (0)

Anonymous Coward | 1 year,14 days | (#44769589)

Won't somebody think of the children!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>