What encryption NSA can and can't crack (cira 2012)

[tangent4ronpaul]

http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

CCC video that goes with the article:
http://media.ccc.de/browse/congress...narratives_-_jacob_-_laura_poitras.html#video

-t

 

[Ronin Truth]

I think I've read recently that it's estimated that NSA current computer technology is about 50 years ahead of the public market.

Quantum computers???

 

[presence]

even if they can't crack it now they can save it until they can

 

[Suzanimal]

Leaked NSA Documents Reveal How To Hide From The NSA

If you want a truly anonymous life, then maybe it's time you learned about Tor, CSpace and ZRTP.

These three technologies could help people hide their activities from the National Security Agency, according to NSA documents newly obtained from the archive of former contractor Edward Snowden by the German magazine Der Spiegel.

The combination of Tor, CSpace and ZRTP (plus another anonymizing technology for good measure) results in levels of protection that the NSA deems "catastrophic" -- meaning the organization has "near-total loss/lack of insight to target communications," according to Der Spiegel.

"Although the documents are around two years old, experts consider it unlikely the agency's digital spies have made much progress in cracking these technologies," Spiegel's staff wrote.

In comparison, accessing somebody's Facebook messages is considered a "minor" task for the agency. Similarly, virtual private networks (or VPNs), which are widely used by companies, are easily accessed by the NSA, according to Der Spiegel's report, as are so-called "HTTPS" connections.

So, what are these services and what do you actually have to do to use them?

Tor is basically a network that offers an easy way for people to mask their location when communicating online. Anyone can download Tor's web browser -- it's available on Mac, Windows, Linux, and smartphones. It's not foolproof: When using Tor, you're advised to sacrifice the convenience of browser plugins, torrent downloads, and websites that don't use "HTTPS encryption" if you truly want to stay off the grid.

And that's just if you want to mask your online habits -- messaging and phone calls require more steps still, meaning you also have to add CSpace and ZRTP if you want to hide those from the NSA, according to Der Spiegel.

CSpace is a program that lets people text chat and transfer files, while ZRTP is a form of encryption that protects mobile phone calls and texting -- it's used in apps like RedPhone and Signal.

If that all sounds a bit daunting, anonymous living may not be for you. There are plenty of ways to stay relatively private online. But true anonymity is harder to achieve, and so coveted that some people will pay $629 for a special phone that purports to keep a user's information more secure.

As noted, the Snowden documents are a couple of years old; it's possible the NSA has found ways around these tools by now. But for the privacy-conscious, they are certain to work better than a tinfoil hat.(Dang it! *takes off tinfoil hat*:o)

http://www.huffingtonpost.com/2014/12/31/nsa-documents-anonymous-online_n_6401066.html

 

[jmdrake]

I think I've read recently that it's estimated that NSA current computer technology is about 50 years ahead of the public market.

Quantum computers???

I'm going to take a page from your playbook. https://www.google.com/?gws_rd=ssl#q=defeating+quantum+decryption

 

[jmdrake]

even if they can't crack it now they can save it until they can

True But will the information even be relevant then? Here's the deal. If everybody and I do mean everybody were to encrypt everything, the NSA's illegal mission to spy on American's private lives would grind to a halt. I don't care how many datacenters they had and how much money they spent. Eventually they would have to use human intelligence to pick up on high value targets and go after them. And that's what we want. It's our current compliance with the system due to our own laziness that allows the NSA to do what it does. And the fatalistic "Well if they really want to they can get the information anyway" attitude contributes to our laziness. And yes, I'm just as guilty of this too. And I'm going to have to drag some of my friends along with me kicking and screaming in 2015. I'm going to dump Skype. Facebook will be relegated to stuff like "Happy Birthday." I may even trash my current Facebook account. I really only use Twitter to sent out political messages that I want the whole world to know, so I'll keep Tweeting. I'm not going to send any kind of message over an unsecure text account. Once I get a cell phone plan with a decent data plan texting may be gone for good. These are my new years resolutions. How long are people who care about privacy going to just bitch about the NSA and not actually do anything about it? Calling congress isn't doing anything. Making the job of these government paid cyberpunks is doing something.

 

[CPUd]

I think I've read recently that it's estimated that NSA current computer technology is about 50 years ahead of the public market.

Quantum computers???

Maybe 10 or 15 years, definitely not 50. Quantum machines are just now passing the proof-of-concept phase. Also, they are not magic.

 

[Ronin Truth]

I'm going to take a page from your playbook. https://www.google.com/?gws_rd=ssl#q=defeating+quantum+decryption

Imitation is the sincerest form of flattery.

Aw, shucks! :o

 

[Ronin Truth]

Maybe 10 or 15 years, definitely not 50. Quantum machines are just now passing the proof-of-concept phase. Also, they are not magic.

The tech gap widens.


Update: https://www.google.com/search?hl=en.....1ac.1.34.heirloom-hp..2.11.2608.EBL8L16fdUE

 

[american.swan]

HTTPS might be "minor" because of a number of reasons. One being, are you sure you're connecting to the actual server or a NSA MITM attack.

 

[jmdrake]

Imitation is the sincerest form of flattery.

Aw, shucks! :o

LOL. Okay, I guess I have to go back to being myself. Here is one link out of the rat nest of Google results that explains why even quantum computing can't defeat encryption. Granted this requires people going away from current encryption schemes and going back to one that people somebody came up with 30 years ago. This reminds me of the Robert Redford movie "Sneakers". The plot was the NSA had come up with a decryption black box that could decrypt anything...only it didn't work against foreign computers like the Russians. It only worked against common U.S. computer algorithms.

http://www.popsci.com/technology/ar...yption-researchers-look-formulat-created-1978
Thirty-Year-Old Encryption Formula Can Resist Quantum-Computing Attacks That Defeat All Common Codes
By Clay Dillow Posted August 18, 2010
195

The Math, Clearly Explained

Hang Dinh et al. via arXiv:1008.2390v1

The core advantage of quantum computing -- the ability to compute for many possible outcomes at the same time and therefore crunch data much more quickly than classical computers -- also creates a problem for data security. Once the first high-powered quantum computers are functioning, they'll be able to quickly saw through many of our most common data encryption algorithms. But as it turns out, an obscure encryption code created in 1978 is resistant to all known methods of quantum attack.

Hang Dinh at the University of Connecticut and a few colleagues figured out that CalTech mathematician Robert McEliece's code is structured in such a way that a quantum computer couldn't just pull it apart, at least not by any known process. Rooted in a mathematical puzzle called the hidden subgroup problem, standard quantum fourier analysis simply can't crack the code.

What does all that mean? For a more extensive mathematical explanation, click through to Tech Review's more thorough and astute review of quantum encryption. But in summary, encryption is often conducted using asymmetric codes, meaning there's a public key that anyone can use to encrypt data and a private key for decrypting it. The basis of these encryption schemes is math that flows easily in one direction but not so easily in the other.

Such asymmetric code can be tricky for a classical computer to figure out but quantum computers are well suited to such work. To take a simple example, say a message was encrypted using basic multiplication -- one number is multiplied by a number to get a third number. It's not so easy to look at the third number and quickly determine the two numbers that spawned it.

In math, the process of doing this is called factorizing, and mathematicians factorize through a quality called periodicity -- the idea that a mathematical entity with the right periodicity will divide an object correctly while others will not. In 1994, a mathematician created an algorithm that does this very well, and that shortcut to finding periodicity has a quantum analogue known as quantum fourier sampling. Using fourier sampling, quantum computers can quickly factorise codes, rendering most of our most common encryption schemes useless.

But McEliece's little-used code doesn't rely on factorization, meaning quantum fourier analysis can't break it down. That means it's essentially impervious to all known forms of quantum attack. That's not to say that new modes of quantum hacking won't be developed to decrypt McEliece's system, but it's interesting that while standing at the threshold of a new era of computing power researchers are finding solutions that can keep our data safe more than three decades in the past.