Report: NSA slices through most 'net encryption, according to 'Bullrun' documents leaked by Snowden


#1

[Permalink]


NIST trying to win back crypto-cred after NSA sabotage
#2

I guess what I would do is XOR your message with random strings into n parts which would all need to be combined to reconstruct your message, then encrypt each of those strings with n independent shared key ciphers. Now split those shared keys into m parts for m independent public key ciphers and store the encrypted shared keys with your message.

That would require them to either defeat all m public key ciphers; or at least n-1 shared key ciphers to get any information even with a known plaintext. I guess I recommend m=n=3 or 4 for a decent compromise between filesize and paranoia.

Then, put your private keys on a computer that is never connected to the Internet, ideally with a different OS and processor than the one that you do connect with. You might want to double the air-gap with another disconnected computer to make sure you're not sharing your USB thumb drive between the online PC and the one with the keys...

OK, this is getting ridiculous. Call me crazy, but I'm starting to wonder if it may actually be easier to elect people to disassemble the NSA than develop a secure message channel.


#3

Funny how we get told we're getting screwed with encryption, but we don't know what's safe and what's vulnerable. Where are the hard facts here? What has the NSA broken... exactly?


#4

My browser just crashed when I opened up Bruce Schneier's article on how to be safe against the NSA! Uh oh!


#5

Well, let's see. I would assume:

  • any domestic USA internet company (Google, MSFT, Apple, etc) allows NSA to see unencrypted contents of any user messages that pass through their servers.

  • any clear-text content you send across the Internet is visible to the NSA through backbone taps.

The only thing that's safe is true end-to-end encryption where client software on your computer initiates the encryption with your personal private key, and the message only ever touches the Internet in encrypted form.

"Trust the math. Encryption is your friend."


#6

What the NSA has done is convince technology producing businesses to weaken their encryption. I wouldn't call it an innovation or "ground breaking". The NSA has been strong arming corporations since DES.

Open source, publicly available, peer reviewed crypto appears to be good. Stay professionally paranoid.

Since the NSA surveillance story broke open I have been reading Bruce Schneier closely.
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance


#7

Indeed. I would generally assume that if there is any information that the NSA could request of a company with a NSL, then they will. And if they can't, then they will hack it and steal it. There is simply no way to be able to trust any company, foreign or domestic, with your data right now.


#8

We pretty much have to assume that all electronic correspondence is crackable - given enough time and resources: which the NSA has plenty of both.

The only sure-fire way to ensure secure communication is to go analog. Maybe we'll see a resurgence in the US Postal Service again?


#9

Where is that substantiated in the articles? What encryption exactly is not vulnerable to NSA exploitation, and what is?


#10

According to the Bullrun doc from the guardian (http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide) it is explicitly stated that, "Because of multiple sources involved in BULLRUN activities 'capabilities against a technology' does not necessarily equate to decryption".

This, along with the analysis done by many in the field, strongly leads me to believe that the underlying algorithms for strong crypto remain strong. The danger comes from closed sourced software that has been backdoored/weakened without us knowing about it.


#11

No, that's a crazy tin foil hat assumption. Public open source crypto has been massively peer reviewed over decades.


#12

Stay professionally paranoid.

Considering they pluck many business and trade secrets at will, that's actually the professional thing to do.


#13

Right, and not to mention the government and quasi-governmental entities use the same encryption and they sure as hell don't want other factions of the government getting into their classified infos through a backdoor.


#14

All encryption is eventually crackable - infinite monkey theorem and all that....

These reports show documentary evidence that many (most?) of the encryption algorithms we depend on today for secure transactions have been compromised. It's naive to presume that open source crypto is somehow immune just because it's been peer reviewed. I don't need a tin foil hat to make the leap that all of our online information is not as secure as we've been lead to believe.


#15

That doesn't necessarily rule out decryption either.


#16

Some Secure Sockets Layer (SSL), virtual private networks (VPNs), and security used for 4G smartphones is vulnerable with backdoors according to the Times.

I think everyone is still sifting through to see what's screwed with backdoors or just more impervious to brute force attacks. Not to mention, I wouldn't doubt that the Times and Guardian are pre-emptively redacting a lot of it so the government doesn't decide to drone strike them (or at the very least raid their press offices and trash their computers).

Remember, freedom isn't free, war is peace and money is money.


#17

I think you have a misunderstanding. First of all, if it takes infinite time to do something, that's not "infinite monkeys", that's shorthand for "impossible".

Most of the evidence we've seen is about backdooring, where the NSA and US Government can compel companies to allow back-door access to their systems... and then force them not to talk about it with anyone, too. This is shitty, but governments can do things like that.

I'm not aware of any credible evidence whatsoever that well-known, public crypto has been compromised by magical unknown-to-the-world mathematics, or magical yet-to-be-invented quantum computers. If you have such evidence, please to be sharing it.


#18

What cipher suites and key exchange algorithm? What SSL versions?

The details are extremely important overall in this discussion.


#19

Like I already said, I think everyone is still trying to figure things out. And, like I said, I wouldn't doubt that the Times and Guardian are pre-emptively redacting a lot of it so the government doesn't attack them in some manner. That's our reality.

Hopefully more details will reveal themselves when/if they can. The solution to some of this is political, not technological. Businesses are putting backdoors into their products at the behest of our government. There's no technological reason to do that.

In the meantime, I do agree that everyone should share as much details on what's safer and which is probably compromised as well. As the NSA certainly already knows, knowledge is power.

Here's what they've said so far:

The secrecy of their capabilities against encryption is closely guarded, with analysts warned: "Do not ask about or speculate on sources or methods."
A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.

...

The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

...

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand.

If you're looking for things that the government will have issues with, do research...

https://en.wikipedia.org/wiki/Truecrypt#Legal_aspects?


#20

And a PGP protocol with a surreptitious Clipper Chip installed is effectively useless - only you don't know it. So what if the original protocol as designed is strong if there exists an exploitation on the front or back end or even at the hardware layer itself. There is no appreciable difference in the outcome - your data is still not secure.

The NYT article offers some insight into the documents that NSA is not solely looking for backdoor opportunities from service providers but secretly altering the specs of encryption designs at the source. The article confirms that at least one attempt was made to write vulnerabilities into the standards being adopted and others were put into the chips by the hardware manufacturer directly.

Nobody really knows what other exploitations may or may not have been successful. That's my original point - you can't assume that any data is truly secure. Frankly, I think tin foil hats should be in short supply right about now.