Skip to main content

View Diary: New NSA Revelation: Encryption Unlocked (365 comments)

Comment Preferences

  •  it sounds like backdoors, primarily (38+ / 0-)

    I've read a bunch of the articles looking for that kind of detail.

    The articles are not reporting that the NSA has broken AES, for example.

    Mostly it's backdoors like getting access to messages before encryption, e.g. in Microsoft, Facebooks, etc., and backdoors in implementations, and a few standards (though not apparently big ones like TLS.) And also stealing encryption keys.

    But they're not reporting that the NSA has broken the major cryptographic algorithms.

    (What makes it tricky is that the reporters almost certainly have no idea what they're writing about.)

    •  That's my sense of it as well.. (23+ / 0-)

      It sounds like they have tried to get copies of the HTTPS certificates - possibly from the certificate authorities themselves, which would allow them to decrypt "endpoint" encryption.

      There is the suggestion that they might have inserted backdoors into several commercial encryption products - if word ever leaks out as to which ones, those products are dead.

      But it isn't clear the extent to which they can crack a key by itself.

      •  A list would be nice. (1+ / 0-)
        Recommended by:
        atana

        I hope that the quality of debate will improve,
        but I fear we will remain Democrats.

        Who is twigg?

        by twigg on Thu Sep 05, 2013 at 07:21:09 PM PDT

        [ Parent ]

      •  They've not tried (0+ / 0-)

        They actually have done just that: get SSL keys and certs directly from issuers.

        Bogus article

        •  cert issuers do not have the keys (1+ / 0-)
          Recommended by:
          ferg

          The only key a certificate issuer ever sees from a holder is the same public key that the holder hands out to anyone who asks.

          What they've done is get keys from the holders that run popular services, and possibly gotten the ability from issuers to forge certificates for other holders to perform MITM attacks.  The latter is more detectable and less likely.

          Ignorance is Curable.

          by skids on Thu Sep 05, 2013 at 09:01:18 PM PDT

          [ Parent ]

          •  I'm aware of that. (1+ / 0-)
            Recommended by:
            peggy

            When I said "issuers," I meant the entities that issue both keys and certs. They don't need to do MITM attack because they have the keys already. They'd ask for the cert from a certificate issuer anyway in case they needed MITM for some reason.

            The main point is that by discrediting HTTPS, our government has dropped a bomb on internet business. Still most people don't seem to realize the immense damage being done to the American economy.

            The article is bogus because they didn't "break" or "unlock" any encryption. They just have the keys before the data is encrypted by subverting the system directly.

            •  terminology is important in this area. (0+ / 0-)

              There is no entity that "issue both keys and certs."  Someone who has the private key for a cert does not "issue" the cert they only "present" it.  These words are used rather precisely in IT.

              Ignorance is Curable.

              by skids on Fri Sep 06, 2013 at 08:16:49 AM PDT

              [ Parent ]

              •  You made the word "entity" (0+ / 0-)

                singular. Maybe I was not clear enough. Entities that issue keys and entities that create certificates. I've been a systems admin for the past 13 years, so I'm well aware of how basic https works. I believe we are saying the same thing.

      •  No, any client can ask for (5+ / 0-)
        Recommended by:
        sawgrass727, Hey338Too, lotlizard, kharma, ferg

        any HTTPS server's certificate, which does not contain its secret key.

        Are you thinking of the secret SSL keyfile on the server, which has to be under the greatest possible protection? Part of the story is that the NSA has been hacking into servers and grabbing such keyfiles.

        Ceterem censeo, gerrymandra delenda est

        by Mokurai on Thu Sep 05, 2013 at 07:58:56 PM PDT

        [ Parent ]

        •  Which is different from saying public key (1+ / 0-)
          Recommended by:
          Johnny Nucleo

          encryption is compromised.

          Something like Enigmail should work just fine.  It's not the security of the protocols; it's the security of private keys that would be at issue here.

          Quote of the week: "They call themselves bipartisan because they're able to buy members of both parties," (R. Eskow, Campaign for America's Future.)

          by mbayrob on Thu Sep 05, 2013 at 08:24:14 PM PDT

          [ Parent ]

      •  NSA declares war on Silicon Valley (0+ / 0-)

        "There is the suggestion that they might have inserted backdoors into several commercial encryption products - if word ever leaks out as to which ones, those products are dead."

        For example, making HTTPS an insecure method of transmitting financial information will severely damage the companies selling and supporting it. 'Open Source' said my husband as he walked out the door. 'Open Source' won't help the US firms repair the damage because Microsoft/Apple/Google depend on proprietary information for their products.

        Knowing that any US product has been compromised before it was released will provide a bonanza to offshore companies but will not help the American economy.

        Conservation is green energy

        by peggy on Fri Sep 06, 2013 at 10:04:31 AM PDT

        [ Parent ]

    •  Which raises an interesting question (2+ / 0-)
      Recommended by:
      twigg, kharma

      Did they put a backdoor in, for example, OpenSSL? Or GnuPG? Or the open source versions of PGP?

      That's entirely aside from the possibility that they've found a way to crack modern encryption algorithms.....

      ‎"Masculinity is not something given to you, but something you gain. And you gain it by winning small battles with honor." - Norman Mailer
      My Blog
      My wife's woodblock prints

      by maxomai on Thu Sep 05, 2013 at 06:20:07 PM PDT

      [ Parent ]

      •  My understanding of this (2+ / 0-)
        Recommended by:
        ferg, sawgrass727

        is scant.

        However, there appears to be no such thing as an uncrackable code ... what encryption buys is time. Quite a lot of time in some cases.

        Critical to the time is the strength of the pass-phrase, combined with the complexity of the algorithm.

        So I would doubt that they have unraveled AES or any other complex codes, but they might have "backdoors" into commercial products that use them.

        Those algorithms are so complex that they would tie up even their supercomputers for years ... so they have either weakened them or they are still working to weaken them.

        Maybe someone with better knowledge can tell me where I went wrong here.

        I hope that the quality of debate will improve,
        but I fear we will remain Democrats.

        Who is twigg?

        by twigg on Thu Sep 05, 2013 at 07:26:20 PM PDT

        [ Parent ]

      •  No, they cannot put backdoors of that type (7+ / 0-)

        into relatively simple Free/Open Source Software protocols, where the source code is combed through by experts in the security community on every release. There have been backdoors in much more complex server software, both put in by the original developers, and inserted by malware.

        The NSA is on record as being extremely fearful of SSL and GPG encryption. Snowden says that properly implemented encryption is still secure. It is the old and weak encryption methods that are routinely cracked. The Electronic Frontier Foundation, for example, built a DES cracking machine years ago for about a quarter million dollars in order to prove that the NSA must be cracking DES routinely.

        There are effective methods for protecting private encryption keys that should be used by every company offering any form of security, but are not widely-enough deployed. For example, encryption and decryption using a private key should be done on a system with no direct connection to the Internet, and private keys for servers should never be stored on any system directly connected to the Internet.

        Ceterem censeo, gerrymandra delenda est

        by Mokurai on Thu Sep 05, 2013 at 08:22:23 PM PDT

        [ Parent ]

      •  No, more likely is that they put a backdoor in the (0+ / 0-)

        hardware random number generators that most Intel/AMD/ARM CPUs have.  Since most OSes and encryption software will take advantage of the hardware RNG that is how they would compromise OpenSSL and GnuPG.  Of course, you could get around it by disabling hardware RNG support in the kernel so that /dev/random is not based on that.

        You have watched Faux News, now lose 2d10 SAN.

        by Throw The Bums Out on Fri Sep 06, 2013 at 09:40:47 AM PDT

        [ Parent ]

    •  They haven't broken AES (6+ / 0-)

      If they had, the Federal government wouldn't use that algorithm to encrypt their own secure data. Secret data is AES 192, Top Secret is AES 256. Put simply, when the government can crack those with reasonable resources (time, computing power, etc) then they'll stop using them for their own data.

      The article this diary quotes has insufficient details, and I bet the "broken encryption" is really the government's ability to request SSL keys. The takeaway from this article, like all recent revelations, is to stop doing business with American companies.

      •  There are lots of details... (2+ / 0-)
        Recommended by:
        kharma, ferg

        As someone once commented, breaking a communication by breaking the encryption is often very much the hard way.

        There are many others -- if you can compromise a random number genrator that generates session keys (e.g., by limiting its output in substantial ways), you can greatly reduce the number of keys that need to be searched. If the protocol 'leaks' useful data (e.g., key bits) through side-channels (e.g., power usage, processing time, use of related keys, ...), or other methods (probes of various sorts are popular if the encryptor can be encouraged to attempt encryption or decryption of other items using identical or related keys), then that can compromise an actual product that uses ideal encryption.

        Further, protocols can be broken, and accidentally (or otherwise...) permit rapid searches of the keyspace. This has happened recently with some popular products.

        Finally, corruption of the development process is often cheap and easy. Engineers can be bought or bribed, open-source products "fixed".

        There are thousands of dodges, any or all of which may make it much easier to break a crypto-system than to mathematically break the underlying crypto algorithms.

        •  I think the main (1+ / 0-)
          Recommended by:
          peggy

          "side channel" that the NSA uses is purposeful insecurity built into security system by closed sourced software. It's been known for a long time that Microsoft puts weak points in their software, then tells government where they are.

          Similarly, with cryptography algorithms that have  been "broken," in reality the government has just asked the producer to send them the key for data prior to its encryption. Encryption still works, and can still be relied on. What cannot be relied on is software made by closed-source companies in general, and especially if that company is American, Canadian, British, Australian or Kiwi.

          Germany & Switzerland especially, but also Scandinavia, have rather strong data protection laws. In fact all of the EU is better than the rest of the West. For examples, Facebook cannot do facial recognition there, Google & Bing maps have been massively fined and may be banned entirely in places.

          •  Too optimistic? (0+ / 0-)
            Similarly, with cryptography algorithms that have  been "broken," in reality the government has just asked the producer to send them the key for data prior to its encryption.
            What key? Most systems set up keys for each host, customer, and transaction.  Unless there's a backdoor master key of some sort (odd...) this wouldn't make sense.

            Many protocols, however, allow a choice of algorithm to be negotiated. If an older or broken algorithm can be used, it can leak information about keys and allow 'better'/unbroken encryption to be broken.

            Encryption still works, and can still be relied on. What cannot be relied on is software made by closed-source companies in general, and especially if that company is American, Canadian, British, Australian or Kiwi.
            That's certainly true, but French and German agencies have been known or strongly suspected in such activities as well. The GSM standard, in particular, was widely believed to be compromised at the direction of French intelligence agencies. German (and US) authorities were believed to be behind the subversion of a Swiss encryption product some years before that.

            And I'd be careful even about open-source products. Compromises can be very subtle, and there are certainly entities motivated enough to try.

            •  Unless there's a backdoor master key of some sort (0+ / 0-)

              The fact of the matter is, most of the systems that are comprised are sending the keys to government that are subsequently used by some end-user to encrypt data. They get the key before the data is encrypted. This fact means that software companies in the US are in collusion with government.

              •  I don't think you're right. (0+ / 0-)

                Government doesn't want keys, and I think they largely don't get them.

                Nor do they want completely broken security. What they want is the illusion of security -- enough crypto-'stuff' there that it is not readily breakable, but with enough holes in it that they can look at things they really want to see.

                One of the best ways, as I've mentioned, is breaking the random number generator. Real random number generators are quite hard to build (even for experts), and so many products have used 'roll your own' pseudo-random number generators for many years. With a bad PRNG, if you can see or derive or guess information about the numbers it generates, you can subvert products that use it quite easily.

                This comes because session keys, IVs, some protocol negotiations, &c all use PRNGs for security-sensitive purposes. If a protocol (real or theoretical) leaks some state information about its PRNG such that its internal state can be guessed, even inaccurately, it can cut down the amount of computation required to break encryption enormously.

                That can be near ideal for a clandestine agency: the protocol looks secure, and may even be provably secure (with a true random number generator), but its behavior in practice can be guessed or established with relatively modest efforts, leading to real, practical decipherment for knowledgeable entities willing to work at it, and more-or-less effective encryption for everyone else.

    •  They could break alot of encryption simply by (0+ / 0-)

      compromising the hardware random number generators in Intel/AMD/ARM/MIPS CPUs.  Remember, a flaw in "random" number generation is how the PS3 was cracked wide open.

      You have watched Faux News, now lose 2d10 SAN.

      by Throw The Bums Out on Fri Sep 06, 2013 at 09:38:48 AM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

  • Recommended (140)
  • Community (62)
  • 2016 (44)
  • Environment (40)
  • Elections (38)
  • Culture (36)
  • Bernie Sanders (36)
  • Republicans (34)
  • Hillary Clinton (27)
  • Education (26)
  • Climate Change (24)
  • Trans-Pacific Partnership (24)
  • Labor (24)
  • Media (23)
  • Barack Obama (23)
  • GOP (21)
  • Civil Rights (21)
  • Economy (20)
  • Spam (19)
  • Affordable Care Act (19)
  • Click here for the mobile view of the site