Jump to content

Possible explanation why NSA breaks so much crypto


cooper
 Share

Recommended Posts

https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

Truly fascinating article on how the NSA manages to break so much crypto. They argue that the most likely reason is that the NSA has what amounts to a rainbow table for the Diffie-Hellman key exchange protocol which works because the primes involved are reused so much.

Link to comment
Share on other sites

Watch this presentation by Tess Schrodinger about the current (at the time, which I think was january 2015) state of quantum computing. Basically, a company called D-Wave (or D-something) claimed to have managed to make 2 q-bits that were stable at room temperature (!!) for over 30 minutes. The previous record was a few seconds... I don't know if quantum computing is particularly useful in the context of DH (I know certain algorithms aren't affected in their effectiveness by quantum computing) but if it is you can be sure the NSA is using it for this.

Edited by cooper
Link to comment
Share on other sites

  • 2 weeks later...

Most attacks on encryption center on stealing the private key or weakening
them by sabotaging PRNG functions used by key generators in a target software implementation.

This is most easily done by bribing developers so it then becomes a "DOJ feature" not a weakness.

A direct computational attack on public-key encryption requires factorization of the public key

to acquire the private key. With todays supercomputers, keys over 2048 bits are not possible to

acquire through factorization within a practical time frame.

Why blow billions of dollars to maybe crack something on experimental tech?
When you can buy and or create a software exploit for a few hundred grand (vupen, hacking team etc...) in order to steal the private key?

You probably don't even need an exploit just malware (0 day viruses), but that's another thread.

Link to comment
Share on other sites

The point about the article is that instead of refactoring the keys, you attack the process where the session key is agreed upon between the 2 parties and thus reduce your problem space by several orders of magnitude. Instead of needing all the time in the universe to crack a single key they can work on one for a few months and are then set up to decrypt *ALL* secure communication that's emanated from this one site over the past period.

The good thing to take away from this is that unless you seriously piss off a politician (a.k.a. robbed the world and didn't provide proper campaign contributions) they won't use this stuff on you. The bad thing is that they can do this in the first place.

Link to comment
Share on other sites

It's really amazing the technology the NSA have. But yeah. Bummer for people who just want to stay private. And for the non-technical people who have no idea what is going on. Sometimes I think to myself what I would do if I had this kind of technology. Maybe eavesdrop on everybody and have a backdoor into the patent office and every technology company and university along with insider information in every single market in the world allowing me to manipulate the global political arena for fun and profit. Crazy to think about. At least they don't have neurological programming commpletely figured out yet. You still have what's in your head. Or do you? That's not a subject for this board though.

Edited by vailixi
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...