#1 By: Cory Doctorow, September 4th, 2013 14:43
#2 By: Boundegar, September 4th, 2013 15:05
Could it simply be disinformation? If we bad guys thought strong crypto was cracked, we might not bother to use it.
#3 By: Pat Race, September 4th, 2013 15:21
Cue MC Frontalot's "Secrets from the Future"
#4 By: Pat Race, September 4th, 2013 15:43
This all makes me want to watch Sneakers again. Setec Astronomy - http://www.youtube.com/watch?v=GutJf9umD9c
#5 By: leidentech, September 4th, 2013 15:57
The strongest encryption today will be trivial to crack at some point in the future - sooner than you think.
#6 By: Bard, September 4th, 2013 16:03
I suspect (not know, not "am able to prove", suspect) that their "breakthrough" involves being a shadow-peer-certificate-authority, getting ahold of (or even having issued) the certs being issued to authenticate and encrypt.
My real paranoia says that they invented BitCoin in order to build a giant, more-or-less free method to do a lot of cracking computation on finding certificates with hash collisions that could be used.
Or it could be as simple as they found a side-channel timing attack in many (most) implementations of TLS, similar to the one described in [Remote Timing Attacks are Still Practical⋆ Billy Bob Brumley and Nicola Tuveri].
#7 By: Nadreck of Palain 7, September 4th, 2013 16:17
Future breakthroughs in Quantum Computing? If they'd already made them do you think they'd tell us? I knew one serious Crypto-Freak who said he'd followed the career paths of a dozen people who'd published one, usually very interesting, paper on Quantum Computing and they all ended up not publicly publishing anything else and going in some sort of vague "government work".
#8 By: awjt, September 4th, 2013 16:26
So what. Double the bits, then you're back out ahead. This is an arms race that can't be won by smarts, but can EASILY be won by brute force of a different kind. Compel big e-bizzes and cert authorities to share their keys, and you're in.
Why hot wire the car when you can just bust a small window in the kitchen with your fist and grab the keys off the keyrack? (And force a gag order on the homeowner, while you're at it.)
#9 By: Neil Mcconnell, September 4th, 2013 16:29
I like the theory that they are collecting haystacks, against some theoretical future development that facilitates finding needles
#10 By: marco, September 4th, 2013 16:31
Maybe not. It would take a major breakthrough in either
- quantum computing (which no one seems to be able to make work yet)
- cryptography (possible, but by no means guaranteed that some major flaw lies undiscovered in the algorithms in use)
If we're talking about brute force, it's just not likely to happen. My favourite illustration of that, is that the sun will not produce enough energy to advance a 128-bit counter all the way from 0 to 2^128 before it burns out. Nevermind doing any calculations with the number - just count that high. A perfectly efficient Dyson sphere powering a perfectly efficient 128-bit silicon-wafer register, and the sun would burn out before it counted that high.
#11 By: marco, September 4th, 2013 16:40
Interestingly, having issued the certs would not get them the ability to decrypt the traffic. A cert request does not include the private key, so not even the CA can decrypt traffic under certs it issued.
What they could do would be to issue additional, apparently valid, certs, to themselves - for which they would control the corresponding private keys. To make use of those, however, they'd have to redirect traffic of interest to their own infrastructure and conduct a man-in-the-middle attack.
#13 By: Kango Ru Foo, September 4th, 2013 16:53
Maybe, maybe not. If and when it happens there will be new crypto to deal with it. Also, everything needs encryption. We need to increase the amount of encrypted traffic so that targeting, storing, and breaking, cryptographic communication becomes VERY impractical.
Cryptography is only one tool in the security toolbox. Everything must be hardened to deny unauthorized and unwelcome access to any and all.
#14 By: Rusty, September 4th, 2013 17:22
I suspect that the real reason that they are capturing this information and hanging onto it, is because as various agencies image computers collected in investigations, and collect public and private keys from there, as well as getting public and private keys from businesses such as Google, Yahoo, Bing err Microsoft, et. all, they will be testing the cryptext against each of those keys, and as cryptext is decrypted, they will move that out of the pool of potential evidence, into the pool of material to review to determine if it is material that may be evidence of a crime or national security issue, and handle the material accordingly.
It would not surprise me if some of the suggested botnets that the FBI and others are supposedly running are not capturing public/private keypairs for the very same purpose.
#15 By: newliminted, September 4th, 2013 17:22
Or perhaps a future development that turns hay into needles.
#16 By: leidentech, September 4th, 2013 17:42
Sure, there will always be an arms (or crypto) race and I'm confident that the crypto will stay ahead of the cracking, at least in the near future. The point I'm making is that whatever you encrypt now that is being stored somewhere - be it a file locker or the NSA, that will be trivially cracked.
#17 By: Rusty, September 4th, 2013 17:42
As a minor note to this, the NSA doesn't necessarily need to know your private key to decrypt e-mails sent to you, it needs your private key, or the pair to the key the the encryption key for the e-mail was encrypted with, if the sender wants to keep the e-mail in a form that they can access later as well, without retaining a plaintext edition of the e-mail. It may be easier to get that than to get your private key.
#18 By: teapot, September 4th, 2013 23:22
1) Commercial quantum computers are now available
2) They've not broken strong crypto IMO. They're collecting encrypted data because one day it'll be easily decrypt-able and there's a good chance that most data they're interested in seeing is gonna be transmitted in an encrypted form
3) Of course they're gonna tell us it's broken to make us more complacent
#19 By: Allen Hall, September 5th, 2013 00:13
I believe there was some discussion that this ocurred with Lavabit on reddit.com. The certs were coming back from a different CA, and couldn't be traced back directly to Lavabit's CA. For the life of me I can't find that thread now. I noted as well that the CA was not correct when I attempted to sign up right after the Snowden news hit.
#20 By: zikzak, September 5th, 2013 11:59
But they know we don't trust them. So maybe they said they haven't broken strong crypto because they want us to think that they have broken it, when in fact they actually haven't! Maybe ROT13 is the only code the NSA can't crack, which is why they've been completely silent about it ever since the Snowden leaks dropped.
In crypto, as in any scientific field, there's no room for conspiracy thinking. There is no disinformation, there's only information (substantiated, verifiable observations) and non-information (unsubstantiated claims). Schneier does a great job keeping us focused on the former.
#21 By: Boundegar, September 5th, 2013 12:48
True, but there's ample room in politics.
next page →