Author Topic: NSA: Encryption? Hah!  (Read 9726 times)

bedlamite

  • Hold my beer and watch this!
  • friend
  • Senior Member
  • ***
  • Posts: 9,927
  • Ack! PLBTTPHBT!
Re: NSA: Encryption? Hah!
« Reply #25 on: September 12, 2013, 04:10:53 PM »


Where is Birdman anyway?
A plan is just a list of things that doesn't happen.
Is defenestration possible through the overton window?

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: NSA: Encryption? Hah!
« Reply #26 on: September 12, 2013, 04:20:46 PM »
Where is Birdman anyway?

Hovering in orbit, ready to be called in like the wrath of angry Elder Gods, just after being told Firefly was canceled.
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

Scout26

  • I'm a leaf on the wind.
  • friend
  • Senior Member
  • ***
  • Posts: 25,997
  • I spent a week in that town one night....
Re: NSA: Encryption? Hah!
« Reply #27 on: September 12, 2013, 05:47:13 PM »
Waiting to autoclave this thread?

Which to me sounds mostly like this:
http://www.youtube.com/watch?v=ss2hULhXf04

Which is more of a comment on me then you two gentlemen.   Please do carry-on, but as G98 stated, play nice.

 [popcorn] [popcorn]
« Last Edit: September 12, 2013, 07:44:28 PM by scout26 »
Some days even my lucky rocketship underpants won't help.


Bring me my Broadsword and a clear understanding.
Get up to the roundhouse on the cliff-top standing.
Take women and children and bed them down.
Bless with a hard heart those that stand with me.
Bless the women and children who firm our hands.
Put our backs to the north wind.
Hold fast by the river.
Sweet memories to drive us on,
for the motherland.

Ben

  • Administrator
  • Senior Member
  • *****
  • Posts: 47,851
  • I'm an Extremist!
Re: NSA: Encryption? Hah!
« Reply #28 on: September 12, 2013, 05:50:36 PM »
Hey Rev, Levant PM'd me and said he heard you use four character clear text passwords.
"I'm a foolish old man that has been drawn into a wild goose chase by a harpy in trousers and a nincompoop."

Ben

  • Administrator
  • Senior Member
  • *****
  • Posts: 47,851
  • I'm an Extremist!
Re: NSA: Encryption? Hah!
« Reply #29 on: September 12, 2013, 05:51:14 PM »
Hey Levant, Rev PM'd me and said he heard you use WEP on your wireless.
"I'm a foolish old man that has been drawn into a wild goose chase by a harpy in trousers and a nincompoop."

CNYCacher

  • friend
  • Senior Member
  • ***
  • Posts: 4,438
Re: NSA: Encryption? Hah!
« Reply #30 on: September 12, 2013, 05:55:01 PM »
Dem's fightin' words!
On two occasions, I have been asked [by members of Parliament], "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question.
Charles Babbage

AZRedhawk44

  • friends
  • Senior Member
  • ***
  • Posts: 14,032
Re: NSA: Encryption? Hah!
« Reply #31 on: September 12, 2013, 05:57:39 PM »
I heard that Rev's WinXP machine auto-logs in on boot.

I heard that Levant left the "sa" password blank on his SQL installation.
"But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist."
--Lysander Spooner

I reject your authoritah!

AmbulanceDriver

  • Junior Rocketeer
  • friends
  • Senior Member
  • ***
  • Posts: 5,987
Re: NSA: Encryption? Hah!
« Reply #32 on: September 12, 2013, 07:22:28 PM »
Hey Rev, Levant PM'd me and said he heard you use four character clear text passwords.
Hey Levant, Rev PM'd me and said he heard you use WEP on your wireless.
I heard that Rev's WinXP machine auto-logs in on boot.

I heard that Levant left the "sa" password blank on his SQL installation.

*gigglesnort*
Are you a cook, or a RIFLEMAN?  Find out at Appleseed!

http://www.appleseedinfo.org

"For some many people, attempting to process a logical line of thought brings up the blue screen of death." -Blakenzy

Balog

  • Unrepentant race traitor
  • friends
  • Senior Member
  • ***
  • Posts: 17,774
  • What if we tried more?
Re: NSA: Encryption? Hah!
« Reply #33 on: September 12, 2013, 11:33:58 PM »
Huh, did a mod make my post in reply to Bedlamite disappear or did it not post right? Don't want to repost if it got mod canned.
Quote from: French G.
I was always pleasant, friendly and within arm's reach of a gun.

Quote from: Standing Wolf
If government is the answer, it must have been a really, really, really stupid question.

Gewehr98

  • friend
  • Senior Member
  • ***
  • Posts: 11,010
  • Yee-haa!
    • Neural Misfires (Blog)
Re: NSA: Encryption? Hah!
« Reply #34 on: September 13, 2013, 12:23:49 AM »
Yes.  :police:
"Bother", said Pooh, as he chambered another round...

http://neuralmisfires.blogspot.com

"Never squat with your spurs on!"

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: NSA: Encryption? Hah!
« Reply #35 on: September 13, 2013, 10:21:13 AM »
Hey Rev, Levant PM'd me and said he heard you use four character clear text passwords.

'course I do. What else am I gonna put on my honeypots?

My ladyfriend and I are also still talking rigging up using DNS amplification attacks to honeypots. Probably not the wisest... Or most legal. But we kinda DO want to see if you can make core carriers routers catch fire from 1.2Tbps traffic. We're already giggling over our latest portspoofing antics. Forward all ports in iptables to a utility that generates a random (or not so random) service response. It's cute, but I'm preferring to actually generate the data pseudorandomly, and then make it the permanent responses. Otherwise you just have to diff the randomized data a couple times to find the real ports.
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

KD5NRH

  • friends
  • Senior Member
  • ***
  • Posts: 10,926
  • I'm too sexy for you people.
Re: NSA: Encryption? Hah!
« Reply #36 on: September 14, 2013, 02:10:59 AM »
So, what sort of computing power does it take to pull ~0.001% encrypted signal out of encrypted noise?

Had a script running for a while that would get random numbers x and y, then take x bytes of y, feed it to gpg to be encrypted to a random public key, and pass the output to mixmaster as a decoy message.  Also had it going to some web-based anonymous email services (via tor, of course) sending to my own addresses (ultimately filtered to /dev/null on my end) just to increase the noise out there.

I figure even if someone could crack every message for $1 each, they'd better find $1000 worth of usefulness in the one real message.  Not likely considering even the "signal" was 95% generic chatting with friends who have encryption set up on their email.


kgbsquirrel

  • APS Photoshop God
  • friend
  • Senior Member
  • ***
  • Posts: 5,466
  • Bill, slayer of threads.
Re: NSA: Encryption? Hah!
« Reply #37 on: September 15, 2013, 07:22:05 AM »
There are times I really wish I had gone CTN instead of CTR.

 [popcorn]

CNYCacher

  • friend
  • Senior Member
  • ***
  • Posts: 4,438
Re: NSA: Encryption? Hah!
« Reply #38 on: September 15, 2013, 11:35:42 PM »
So, what sort of computing power does it take to pull ~0.001% encrypted signal out of encrypted noise?

You don't have nearly enough zeros between the "." and the "1" for that to be a serious question.

A billion earths each with a billion people who each own a billion supercomputers, which are each one a billion times faster than a billion of our fastest supercomputers today, all running a coordinated brute force against modern encryption won't crack one billionth of the code in one billion years.


On two occasions, I have been asked [by members of Parliament], "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question.
Charles Babbage

lupinus

  • Southern Mod Trimutive Emeritus
  • friends
  • Senior Member
  • ***
  • Posts: 9,178
Re: NSA: Encryption? Hah!
« Reply #39 on: September 16, 2013, 05:33:42 AM »
You don't have nearly enough zeros between the "." and the "1" for that to be a serious question.

A billion earths each with a billion people who each own a billion supercomputers, which are each one a billion times faster than a billion of our fastest supercomputers today, all running a coordinated brute force against modern encryption won't crack one billionth of the code in one billion years.



Well when you put it like that...
That is all. *expletive deleted*ck you all, eat *expletive deleted*it, and die in a fire. I have considered writing here a long parting section dedicated to each poster, but I have decided, at length, against it. *expletive deleted*ck you all and Hail Satan.

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: NSA: Encryption? Hah!
« Reply #40 on: September 16, 2013, 07:28:34 AM »
You don't have nearly enough zeros between the "." and the "1" for that to be a serious question.

A billion earths each with a billion people who each own a billion supercomputers, which are each one a billion times faster than a billion of our fastest supercomputers today, all running a coordinated brute force against modern encryption won't crack one billionth of the code in one billion years.


If done correctly.
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

TechMan

  • Administrator
  • Senior Member
  • *****
  • Posts: 10,562
  • Yes, your moderation has been outsourced.
Re: NSA: Encryption? Hah!
« Reply #41 on: September 16, 2013, 08:26:12 AM »
Quote
Hawkmoon - Never underestimate another person's capacity for stupidity. Any time you think someone can't possibly be that dumb ... they'll prove you wrong.

Bacon and Eggs - A day's work for a chicken; A lifetime commitment for a pig.
Stupidity will always be its own reward.
Bad decisions make good stories.

Quote
Viking - The problem with the modern world is that there aren't really any predators eating stupid people.

Levant

  • friend
  • Senior Member
  • ***
  • Posts: 561
Re: NSA: Encryption? Hah!
« Reply #42 on: September 16, 2013, 02:27:46 PM »
You don't have nearly enough zeros between the "." and the "1" for that to be a serious question.

A billion earths each with a billion people who each own a billion supercomputers, which are each one a billion times faster than a billion of our fastest supercomputers today, all running a coordinated brute force against modern encryption won't crack one billionth of the code in one billion years.

so what you're saying is that the NSA is just wasting time trying to crack encryption?  And they've been wasting time since they began trying to crack encryption?

I'll send them a link to your comment so they can quit trying because, apparently, they don't agree with you.

Funny thing.   When I was in the military, I saw all kinds output of cracked military grade encryption between 1974 and 1982... But that was billions and billions of years ago.  No doubt the NSA hasn't gotten any better at it since then.
NEOKShooter on GRM
Republicans: The other Democratic Party

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: NSA: Encryption? Hah!
« Reply #43 on: September 16, 2013, 02:38:43 PM »
so what you're saying is that the NSA is just wasting time trying to crack encryption?  And they've been wasting time since they began trying to crack encryption?

I'll send them a link to your comment so they can quit trying because, apparently, they don't agree with you.

Funny thing.   When I was in the military, I saw all kinds output of cracked military grade encryption between 1974 and 1982... But that was billions and billions of years ago.  No doubt the NSA hasn't gotten any better at it since then.

Some kinds, yes, it would be. However, not everything is strong encryption and not all strong encryption is correctly implemented. Also, they apparently manage to backdoor some commercial alleged strong encryption. Oh, and break into places to steal the keys to the crypto.

Also, encryption outside of the NSA has vastly improved since the 1970's. AES is about several billion times more secure than crypto the Soviets made about 40 years ago. Commercial "encryption" was generally a joke back then. Homebrew encryption today is often a joke unless it's just using a normal code library, implementing something widely used. Computers are getting faster on a linear scale. Encryption gets tougher on an exponential scale. You seem to think things haven't changed in 3 or 4 decades.

I think we all misunderstood when we thought you were prompting a nerd challenge. I'm gathering you only want to "insult" people by making inaccurate assertions, phrased to be condescending in addition to short on actual insightful content. Then scurry away when called on the subject.
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

CNYCacher

  • friend
  • Senior Member
  • ***
  • Posts: 4,438
Re: NSA: Encryption? Hah!
« Reply #44 on: September 16, 2013, 04:31:35 PM »
so what you're saying is that the NSA is just wasting time trying to crack encryption?  And they've been wasting time since they began trying to crack encryption?

I'll send them a link to your comment so they can quit trying because, apparently, they don't agree with you.

Funny thing.   When I was in the military, I saw all kinds output of cracked military grade encryption between 1974 and 1982... But that was billions and billions of years ago.  No doubt the NSA hasn't gotten any better at it since then.

Modern encryption is like the walls of Shawshank prison and the NSA is Andy Dufresne.
Just because good ol' Andy checks to make sure the guards locked the doors each night don't mean you can come in here and tell me Shawshank is built out of rice paper.
I don't care if you were part of the crew that tarred the plate factory roof in the spring of '49, I poured the mother-*expletive deleted*ing concrete and I laid the bricks.
On two occasions, I have been asked [by members of Parliament], "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question.
Charles Babbage

AZRedhawk44

  • friends
  • Senior Member
  • ***
  • Posts: 14,032
Re: NSA: Encryption? Hah!
« Reply #45 on: September 16, 2013, 04:36:19 PM »
What about commercial Certificate Authorities, such as Verisign?

I've never requested or implemented a public signed certificate... but I do have a question about the process in which they are created and signed. 

When a person requests a signed key from a CA, does the CA generate the public/private key pair, or does the user generate the public/private key pair and send JUST the public key to the CA?

If the CA actually creates the keys, I can see how a single mole employee in the right place in a CA can compromise the entire CA system to the NSA.
"But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist."
--Lysander Spooner

I reject your authoritah!

Fitz

  • Face-melter
  • friend
  • Senior Member
  • ***
  • Posts: 6,254
  • Floyd Rose is my homeboy
    • My Book
NSA: Encryption? Hah!
« Reply #46 on: September 16, 2013, 05:08:57 PM »
What about commercial Certificate Authorities, such as Verisign?

I've never requested or implemented a public signed certificate... but I do have a question about the process in which they are created and signed.  

When a person requests a signed key from a CA, does the CA generate the public/private key pair, or does the user generate the public/private key pair and send JUST the public key to the CA?

If the CA actually creates the keys, I can see how a single mole employee in the right place in a CA can compromise the entire CA system to the NSA.

You generate a certificate and a certificate signing request

They verify your identity and ownership ofmthe domain and sign it

Or, for a code signing certificate, just your identity
Fitz

---------------
I have reached a conclusion regarding every member of this forum.
I no longer respect any of you. I hope the following offends you as much as this thread has offended me:
You are all awful people. I mean this *expletive deleted*ing seriously.

-MicroBalrog

CNYCacher

  • friend
  • Senior Member
  • ***
  • Posts: 4,438
Re: NSA: Encryption? Hah!
« Reply #47 on: September 16, 2013, 06:15:11 PM »
If a CA gave up their signing keys to the NSA, the NSA could still not sniff your traffic to secured sites, but they could target an individual person and man-in-the-middle their comms to a specific site by generating their own keypair, and signing it with the CA certs so that it looks legit and the target's browser doesn't balk at the unsigned SSL that usually needs to be used when man-in-the-middle attacking someone's comms.

On a small-scale, they could go around doing this here and there to individual targets and probably never be noticed.  Any larger-scale or permanent MITM would get noticed. Security-minded people would have the story across the internet like wildfire, and a network of key checking services, browser plugins, etc would spring up overnight.
On two occasions, I have been asked [by members of Parliament], "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question.
Charles Babbage

Levant

  • friend
  • Senior Member
  • ***
  • Posts: 561
Re: NSA: Encryption? Hah!
« Reply #48 on: September 16, 2013, 08:44:34 PM »
I think we all misunderstood when we thought you were prompting a nerd challenge. I'm gathering you only want to "insult" people by making inaccurate assertions, phrased to be condescending in addition to short on actual insightful content. Then scurry away when called on the subject.

No, you are wrong now.  I posted a statement that we can't predict the NSA's current capability and implying that we shouldn't underestimate them.   You chose to go point-by-point to prove me wrong - at which you failed.  Your documentation consisted of name dropping and place dropping rather than investigation of the facts.

Clearly you're the one making it a personal issue by commenting on my intentions and insinuating I am only making incorrect assertions.  I"ve backed up my claims.

I'm done with the thread; you can have it and the last word.  Readers of the thread can decide if inaccurate claims that Bruce Schneier says Rijndael is wonderful count more than his documented words about the potential risks with it.  By the way - AES is Rijndael, not a derivative.  When NIST and the NSA put their stamp on Rijndael as the winner of the AES competition, the two became synonymous.

All I said in my first post was that it was the NSA's choice who won - and it was.  And that they have tremendous capabilities.  Most everything else I've said in this thread was to defend against the attacks you made on my statements.

Quote
I'll go into more detail when I am not on a phone. But I'll refute several of Levant's claims now.

- DES was certified around 1977 by NIST, after being strengthened against differential crypto attacks by the NSA. It was in no way geared towards being secure for billions of years, but rather decades. Also, it had to pass ITAR. For what it was, it was and is quite successful. 3DES is not that bad even today.
- Changes in export control allowed the creation of AES, around 2001.
- NIST ran the AES competition, not the NSA. Lifetime is expected to be less than a hundred years.
- NSA certified AES for government usage, up to TS under certain circumstances.
- The Rijndael cipher was selected at the AES2 and AES3 conf, by vote. Security was a high factor, but so was performance and ease of implementation.
- Bruce Schneier endorsed AES, which alone invalidates any tin foil theories. If anyone disagrees, they know nothing about crypto

Really?   Anyone who disagrees with you knows nothing about cryptography?  Does that include Bruce Schneier?

So, when you're losing the documentation argument you now start with the personal attacks.  It says a lot.  

Your turn.  And then the end.

Edit, well crap.  I just noticed that you said AES had to pass ITAR.  More stuff that you spouted about which you do not know.  What does that mean, to pass ITAR?  It's not a test or a form to fill out.  ITAR is International Trade in Arms Regulations.  Encryption is not ARMS.

https://en.wikipedia.org/wiki/International_Traffic_in_Arms_Regulations
http://www.gpo.gov/fdsys/pkg/FR-1996-11-19/pdf/96-29692.pdf

So, instead of trying so hard to prove me wrong, point-by-point, you should have spent more time reading and learning.
« Last Edit: September 16, 2013, 08:57:34 PM by Levant »
NEOKShooter on GRM
Republicans: The other Democratic Party

Boomhauer

  • Former Moderator, fired for embezzlement and abuse of power
  • friends
  • Senior Member
  • ***
  • Posts: 14,527
Re: NSA: Encryption? Hah!
« Reply #49 on: September 16, 2013, 08:53:14 PM »


Quote from: Ben
Holy hell. It's like giving a loaded gun to a chimpanzee...

Quote from: bluestarlizzard
the last thing you need is rabies. You're already angry enough as it is.

OTOH, there wouldn't be a tweeker left in Georgia...

Quote from: Balog
BLOOD FOR THE BLOOD GOD! SKULLS FOR THE SKULL THRONE! AND THROW SOME STEAK ON THE GRILL!