cooper Posted October 15, 2015 Share Posted October 15, 2015 https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ Truly fascinating article on how the NSA manages to break so much crypto. They argue that the most likely reason is that the NSA has what amounts to a rainbow table for the Diffie-Hellman key exchange protocol which works because the primes involved are reused so much. Quote Link to comment Share on other sites More sharing options...
hairbag Posted October 15, 2015 Share Posted October 15, 2015 extensive infrastructure = massive gpu and/or asic cluster with infinite acres of storage built for the sole purpose of invading privacy . Quote Link to comment Share on other sites More sharing options...
hairbag Posted October 17, 2015 Share Posted October 17, 2015 just watched a documentary on nova that said rsa was cracked easily with a quantum computer. perhaps the nsa has one or a few crunching dh keys? Quote Link to comment Share on other sites More sharing options...
cooper Posted October 17, 2015 Author Share Posted October 17, 2015 (edited) Watch this presentation by Tess Schrodinger about the current (at the time, which I think was january 2015) state of quantum computing. Basically, a company called D-Wave (or D-something) claimed to have managed to make 2 q-bits that were stable at room temperature (!!) for over 30 minutes. The previous record was a few seconds... I don't know if quantum computing is particularly useful in the context of DH (I know certain algorithms aren't affected in their effectiveness by quantum computing) but if it is you can be sure the NSA is using it for this. Edited October 17, 2015 by cooper Quote Link to comment Share on other sites More sharing options...
xor-function Posted October 28, 2015 Share Posted October 28, 2015 Most attacks on encryption center on stealing the private key or weakeningthem by sabotaging PRNG functions used by key generators in a target software implementation. This is most easily done by bribing developers so it then becomes a "DOJ feature" not a weakness. A direct computational attack on public-key encryption requires factorization of the public key to acquire the private key. With todays supercomputers, keys over 2048 bits are not possible to acquire through factorization within a practical time frame.Why blow billions of dollars to maybe crack something on experimental tech?When you can buy and or create a software exploit for a few hundred grand (vupen, hacking team etc...) in order to steal the private key? You probably don't even need an exploit just malware (0 day viruses), but that's another thread. Quote Link to comment Share on other sites More sharing options...
cooper Posted October 28, 2015 Author Share Posted October 28, 2015 The point about the article is that instead of refactoring the keys, you attack the process where the session key is agreed upon between the 2 parties and thus reduce your problem space by several orders of magnitude. Instead of needing all the time in the universe to crack a single key they can work on one for a few months and are then set up to decrypt *ALL* secure communication that's emanated from this one site over the past period. The good thing to take away from this is that unless you seriously piss off a politician (a.k.a. robbed the world and didn't provide proper campaign contributions) they won't use this stuff on you. The bad thing is that they can do this in the first place. Quote Link to comment Share on other sites More sharing options...
vailixi Posted October 29, 2015 Share Posted October 29, 2015 (edited) It's really amazing the technology the NSA have. But yeah. Bummer for people who just want to stay private. And for the non-technical people who have no idea what is going on. Sometimes I think to myself what I would do if I had this kind of technology. Maybe eavesdrop on everybody and have a backdoor into the patent office and every technology company and university along with insider information in every single market in the world allowing me to manipulate the global political arena for fun and profit. Crazy to think about. At least they don't have neurological programming commpletely figured out yet. You still have what's in your head. Or do you? That's not a subject for this board though. Edited October 29, 2015 by vailixi Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.