Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
"Jeffrey I. Schiller" writes: >I bet the word "Perfect" mis-leads quite a few people. It isn't perfect >(unless you take as axiomatic that the cipher in question cannot be broken). > >Maybe the term should be renamed "Forward Secrecy... for now." :-) You could call it Pretty-good Forward Secrecy, thus retaining the PFS abbreviation. Or PFS-E&OE. Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
On 24/03/12 03:11 AM, Jeffrey I. Schiller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What percentage of acquirable/storable traffic do you suppose actually exhibits perfect forward secrecy? I bet the word "Perfect" mis-leads quite a few people. It isn't perfect (unless you take as axiomatic that the cipher in question cannot be broken). Maybe the term should be renamed "Forward Secrecy... for now." :-) This is a very good point. I'd also broaden it to include the distinction between "endogenous crypto-assumptive attacks" and "exogenous pain of reality." If you leave the chat records on your laptop, which is seized and used as evidence against you, you're perfectly screwed. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What percentage of acquirable/storable traffic do you suppose actually exhibits perfect forward secrecy? I bet the word "Perfect" mis-leads quite a few people. It isn't perfect (unless you take as axiomatic that the cipher in question cannot be broken). Maybe the term should be renamed "Forward Secrecy... for now." :-) -Jeff ___ Jeffrey I. Schiller MIT Technologist, Consultant, and Cavy Breeder Cambridge, MA 02139-4307 617.910.0259 - Voice j...@qyv.net http://jis.qyv.name ___ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFPbKBN8CBzV/QUlSsRAqirAKCAS3DOs2YPb0pem/qSHqowEHL5+gCgi3Bz xgM2ScLSCRIvNBwrFC0wGAE= =CHFt -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
jd...@lsuhsc.edu writes, in part: > Even if the intercepted communication is AES encrypted and unbroken > today, all that stored data will be cracked some day. Then it too > can be data-mined. What percentage of acquirable/storable traffic do you suppose actually exhibits perfect forward secrecy? --dan ...those who control the past control the future. -- George Orwell ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
On 22 March 2012 17:02, Marsh Ray wrote: > On 03/22/2012 09:57 AM, Peter Maxwell wrote: > >> >> From >> >> http://blogs.computerworld.com/19917/shocker_nsa_chief_denies_total_information_awareness_spying_on_americans?source=CTWNLE_nlt_security_2012-03-22 >> >> "Remember," former intelligence official Binney stated, "a lot of >>> foreign government stuff we've never been able to break is 128 or >>> less. Break all that and you'll find out a lot more of what you >>> didn't know-stuff we've already stored-so there's an enormous >>> amount of information still in there." >>> >> > In other words, they've accumulated a backlog of ciphertext. Encryption > working as designed. Depends on what you mean by "as designed" really. Personally, I'd presume as designed is to slow down or hinder an adversary, which would probably fit in this scenario. > > > Binney added the NSA is "on the verge of breaking a key encryption >>> algorithm." >>> >> > This sounds like budget boondoggle baloney to me. > > How can you be "on the verge" of something like that? > > You might have some ideas on how to attack it, but until they're proven > they're just guesses and likely to be dead ends. Not something you > should justify reworking your computing systems around. > > But once they're proven, you're not "on the verge". Meh, strictly speaking, yes, but if we're talking in practical terms it may be the case that they've figured out how to break some cryptographic primitive in significantly less time than the original design specifications but it would still take more computing oomph than they currently have. Fairly sure there was similar considerations about 64-bit RC5 in the late 90s - people knew it could be cracked by brute force, but took a distributed effort to prove as much (may have details slightly wrong as was long time ago and I can't be bothered looking it up). The scenario is not particularly likely though. > > > That sounds far more plausible than the previous explanations. I'd >> also suspect the "key encryption algorithm" may be RC4 and not AES >> at the moment. >> > > Or it could just be all the 40- and 56- bit stuff that was captured by > wiretapping Americans and not decrypted way back when the NSA felt > constrained by laws. > Hehe... "NSA constrained by laws", erm, yeah, I suppose there's a first for everything ;-) > > Or it could be everything using 512-bit RSA key exchange. > > Or it could be everything for which the security of the encryption > ultimately depends on a user-chosen password. E.g., MS-PPTP/MPPE (but > there's nothing really new about this). > > Or it could be a common protocol using a cipher weakly. For example, I > noticed this the other day about RDP "standard, non-FIPS" mode: > http://msdn.microsoft.com/en-us/library/cc240771%28v=prot.10%29.aspx > If the endpoints do actually manage to negotiate the use of 128 bit (as > opposed to 40 or 56 bit) security, it uses the output of RC4 without > discarding any initial bytes. Those initial bytes have some > correlations, some of which can expose the whole key. Just to make sure > the 1684 bit state size of RC4 doesn't get stale, the protocol refreshes > the key every 4096 packets. (Actually better than MPPE which seems to > rekey every 1 or 256 packets depending on negotiated options). > > Or it could be complete BS. In reality, they've probably got a lot of uses for more computing power and the chances of us ever finding out in our lifetime are slim. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mar 22, 2012, at 10:02 AM, Marsh Ray wrote: > > > Or it could be complete BS. > "The race is not always to the swift, nor the battle to the strong, but that's the way to bet." -- Damon Runyon. Jon -BEGIN PGP SIGNATURE- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFPa2cfsTedWZOD3gYRAvxtAJ9wVuVfkJVV3cn+NpTpN+8sxxUEIwCeKEvo 4a7DfTy0flJyn96s49GBcyM= =re6+ -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
On 03/22/2012 09:57 AM, Peter Maxwell wrote: From http://blogs.computerworld.com/19917/shocker_nsa_chief_denies_total_information_awareness_spying_on_americans?source=CTWNLE_nlt_security_2012-03-22 "Remember," former intelligence official Binney stated, "a lot of foreign government stuff we've never been able to break is 128 or less. Break all that and you'll find out a lot more of what you didn't know-stuff we've already stored-so there's an enormous amount of information still in there." In other words, they've accumulated a backlog of ciphertext. Encryption working as designed. Binney added the NSA is "on the verge of breaking a key encryption algorithm." This sounds like budget boondoggle baloney to me. How can you be "on the verge" of something like that? You might have some ideas on how to attack it, but until they're proven they're just guesses and likely to be dead ends. Not something you should justify reworking your computing systems around. But once they're proven, you're not "on the verge". That sounds far more plausible than the previous explanations. I'd also suspect the "key encryption algorithm" may be RC4 and not AES at the moment. Or it could just be all the 40- and 56- bit stuff that was captured by wiretapping Americans and not decrypted way back when the NSA felt constrained by laws. Or it could be everything using 512-bit RSA key exchange. Or it could be everything for which the security of the encryption ultimately depends on a user-chosen password. E.g., MS-PPTP/MPPE (but there's nothing really new about this). Or it could be a common protocol using a cipher weakly. For example, I noticed this the other day about RDP "standard, non-FIPS" mode: http://msdn.microsoft.com/en-us/library/cc240771%28v=prot.10%29.aspx If the endpoints do actually manage to negotiate the use of 128 bit (as opposed to 40 or 56 bit) security, it uses the output of RC4 without discarding any initial bytes. Those initial bytes have some correlations, some of which can expose the whole key. Just to make sure the 1684 bit state size of RC4 doesn't get stale, the protocol refreshes the key every 4096 packets. (Actually better than MPPE which seems to rekey every 1 or 256 packets depending on negotiated options). Or it could be complete BS. - Marsh ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
On 22 March 2012 14:15, Dean, James wrote: > From > http://blogs.computerworld.com/19917/shocker_nsa_chief_denies_total_info > rmation_awareness_spying_on_americans?source=CTWNLE_nlt_security_2012-03 > -22: > > Despite the fact that domestic spying on Americans is already an > e-hoarding epidemic, the massive new NSA storage facility in Utah will > solve the problem of how to manage 20 terabytes a minute of intercepted > communications. > > Even if the intercepted communication is AES encrypted and unbroken > today, all that stored data will be cracked some day. Then it too can be > data-mined. The super secret spook agency is full of code breakers. > "Remember," former intelligence official Binney stated, "a lot of > foreign government stuff we've never been able to break is 128 or less. > Break all that and you'll find out a lot more of what you didn't > know-stuff we've already stored-so there's an enormous amount of > information still in there." Binney added the NSA is "on the verge of > breaking a key encryption algorithm." > That sounds far more plausible than the previous explanations. I'd also suspect the "key encryption algorithm" may be RC4 and not AES at the moment. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
From http://blogs.computerworld.com/19917/shocker_nsa_chief_denies_total_info rmation_awareness_spying_on_americans?source=CTWNLE_nlt_security_2012-03 -22: Despite the fact that domestic spying on Americans is already an e-hoarding epidemic, the massive new NSA storage facility in Utah will solve the problem of how to manage 20 terabytes a minute of intercepted communications. Even if the intercepted communication is AES encrypted and unbroken today, all that stored data will be cracked some day. Then it too can be data-mined. The super secret spook agency is full of code breakers. "Remember," former intelligence official Binney stated, "a lot of foreign government stuff we've never been able to break is 128 or less. Break all that and you'll find out a lot more of what you didn't know-stuff we've already stored-so there's an enormous amount of information still in there." Binney added the NSA is "on the verge of breaking a key encryption algorithm." ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
Could it be an algebraic attack on AES? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography