Skip to main content

View Diary: There's Good News and Bad News about the NSA and your Personal Passwords (189 comments)

Comment Preferences

  •  From (16+ / 0-)
    Dr Lenstra and Dr Verheul offer their recommendations for keylengths. In their calculation, a 2048 bit key should keep your secrets safe at least until 2020 against very highly funded and knowledgable adversaries (i.e. you have the NSA working against you). Against lesser adversaries such as mere multinationals your secret should be safe against bruteforce cryptoanalysis much longer, even with 1024 bit keys.
    A 256k bit key would be even more secure, giving you many years of security.

    The limit on key size for the user, however, is that the slower it is, the longer it takes it to encrypt/decrypt information with longer keys, so key size has its own limits.  Those too increase with computer strength.  

    I was bullshitting about this in another thread.  I speculated that one reason the NSA became so crazy and vindictive towards the developers of PGP back in the 90s wasn't because they didn't want pgp to fall into the hands of bad guys.  No, what they didn't want was EVERYBODY to use it, because when that happens, they can't just search for heavily encrypted messages and focus on those.  If everybody looks like a suspect, your problems multiply.

    So, one possible solution to our problem, if we want to make it harder for the NSA to invade our privacy, is for EVERYBODY to encrypt their information in some easy ubiquitous way such that it is impossible to distinguish the unimportant trivial things from the important things.   Make everybody and everything equally suspect.  This forces them to cast a wider net of surveillance, creating a greater CPU bottleneck for them.  And as OUR computers increase in CPU power (as theirs will), so too would the power of our ubiquitous encryption, thus making their CPU bottleneck problem not just constant, but one that would increase as more and more things and people become an active part of the Internet or telcom world.

    If somebody actually tried to work on this or encourage it, I bet they'd get a nasty visit from the NSA, just like the pgp guys did.  It would be easier for people in other countries to work on this than here in the USA.

    •  Lotus Notes has encrypted security built into its (9+ / 0-)

      core and it drove the government so in crazy in the '90's that the State Department declared Lotus Notes software a 'munitions' subject to export control. Effective encryption technology is considered by the government to be a weapon. The business issue presented to us was that we could not legally export Lotus Notes outside of the United States.

      I was Lotus/IBM's representative to the State Department at the time and the range of demands they made regarding identifying the location  and eligibility of every Notes customer to own encryption technology was truly bone chilling. The technical incompetence of many of their earliest requests indicated that they really didn't understand how either encryption or the internet itself really worked.

      We ended up getting permission to export after we agreed to shorten the length of the encryption key in an 'International' version of the product. None of their other demands were acceded to.

      We need to move to an encrypted IPv6 internet as quickly as we can.

      ----- GOP found drowned in Grover Norquist's bathtub.

      When it all goes wrong, hippies and engineers will save us. -- Reggie Watts

      by JimWilson on Sun Jul 28, 2013 at 03:04:09 AM PDT

      [ Parent ]

      •  Please write a diary about everything you just (1+ / 0-)
        Recommended by:

        said.  Put NSA in the tags so I see it when it's up.  

        The NSA is more about protecting itself and its privileges than in protecting us.  Otherwise, they would want to encourage us all to make America's secrets (yours and my secrets) safer from spying by other countries.

        •  The issue with the State Department wasn't US (0+ / 0-)

          citizens owning excellent encryption; they knew that they weren't going to prevent that.  The issue was with black-listed foreign governments such as Iran, Iran, Libya, Cuba, etc. gaining access to the technology.

          The big sticking point from a process point of view is that the State Department wanted us to assure that each customer had the 'right' to purchase the software. They actually requested State Department pre-clearance for international sales of Lotus Notes.  Ha. That particular request didn't stay on the table very long.

          ----- GOP found drowned in Grover Norquist's bathtub.

          When it all goes wrong, hippies and engineers will save us. -- Reggie Watts

          by JimWilson on Mon Jul 29, 2013 at 02:33:19 AM PDT

          [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site