NSA Still Ahead In Crypto, But Not By Much

← Back to Stories (view on slashdot.org)

NSA Still Ahead In Crypto, But Not By Much

Posted by kdawson on Monday March 8, 2010 @07:22PM from the you-and-whose-army dept.

Hugh Pickens writes "Network World summarizes an RSA Conference panel discussion in which former NSA technical director Brian Snow said that cryptographers for the NSA have been losing ground to their counterparts in universities and commercial security vendors for 20 years, but still maintain the upper hand in the sophistication of their crypto schemes and in their ability to decrypt. 'I do believe NSA is still ahead, but not by much — a handful of years,' says Snow. 'I think we've got the edge still.' Snow added that that in the 1980s there was a huge gap between what the NSA could do and what commercial encryption technology was capable of. 'Now we are very close together and moving very slowly forward in a mature field.' The NSA has one key advantage (besides their deep staff of Ph.D. mathematicians and other cryptographic experts who work on securing traffic and breaking codes): 'We cheat. We get to read what [academics] publish. We do not publish what we research,' he said. Snow's claim of NSA superiority seemed to rankle some members on the panel. Adi Shamir, the "S" in the RSA encryption algorithm, said that when the titles of papers in NSA technical journals were declassified up to 1983, none of them included public key encryption; 'That demonstrates that NSA was behind,' said Shamir. Snow replied that when technologies are developed separately in parallel, the developers don't necessarily use the same terms for them."

147 of 208 comments (clear)

Min score:

Reason:

Sort:

they aren't very well going to admit defeat. by timmarhy · 2010-03-08 19:28 · Score: 3, Interesting

what else would you expect from a public servant. he won't admit the private sector has them beat because it'd be the end of his job.

--
If you mod me down, I will become more powerful than you can imagine....
1. Re:they aren't very well going to admit defeat. by ipquickly · 2010-03-08 19:34 · Score: 2, Insightful
  
  We do not publish what we research
  And they also do not publish what they don't research.
  Or if and when they suffer or do not suffer defeat.
2. Re:they aren't very well going to admit defeat. by introspekt.i · 2010-03-08 19:38 · Score: 2, Informative
  
  I believe the article said he was a Former NSA technical director.
3. Re:they aren't very well going to admit defeat. by zappepcs · 2010-03-08 19:45 · Score: 4, Insightful
  
  It occurs to me to think that real encryption is not beatable, but workable encryption is. The problem is not who has the best or admits to not having it, it's who has best real encryption that is workable between arbitrary peers. I can easily encrypt a drive that you will NEVER decrypt, but then neither will I be able to. It's the secrecy of the key that is the quest, not the encryption particularly. Hiding the key when it is shared publicly is a problem, will always be a problem, and the race is not necessarily one brain trust against another for the best hiding technique, but rather a race to figure out the best way to hide it for a reasonable amount of time from the most people. The fastest car on the planet is not declared the Indy500 winner, only the car that conforms to the rules of the race is. This race is not winable in the long term, and only valid as a race in the very short term. Don't count on your encrypted hard drive to protect your data from everyone, for all time. That's simply not going to happen.
  
  --
  Support NYCountryLawyer RIAA vs People
4. Re:they aren't very well going to admit defeat. by Anonymous Coward · 2010-03-08 20:10 · Score: 1, Funny
  
  You sound like an English major who was forced to write a technical essay.
5. Re:they aren't very well going to admit defeat. by sopssa · 2010-03-08 20:13 · Score: 1
  
  I don't think hiding the key has been a problem. Public-key cryptography already enables the other key to be publicly known and it doesn't reveal the private key required to encrypt in that. Also if you're using password based key, then obviously you cannot make it public. In the end all of the cryptos are breakable by brute-forcing, it's just about making that part harder. Currently "breaking" the encryption techniques have been mostly about trying to lower the amount of brute-forcing you need to do. The race is mostly about developing stronger cryptos which also wouldn't have those weaknesses.
  But for that matter, even the publicly used cryptos now a day aren't really breakable. Unless, of course, if NSA at some point designed a backdoor in the algorithms. But if so, that won't be used just randomly as it would leak really fast.
6. Re:they aren't very well going to admit defeat. by bytesex · 2010-03-08 20:22 · Score: 1
  
  Do you know where your private key is now ? And it's protected by what ?
  
  --
  Religion is what happens when nature strikes and groupthink goes wrong.
7. Re:they aren't very well going to admit defeat. by bytesex · 2010-03-08 20:24 · Score: 2, Interesting
  
  If you're never going to be able to decrypt the data, then you might as well cat /dev/random > /dev/sda. Because it's indistinguishable from random chaos.
  
  --
  Religion is what happens when nature strikes and groupthink goes wrong.
8. Re:they aren't very well going to admit defeat. by aussie_a · 2010-03-08 20:24 · Score: 1
  
  You don't think someone, given enough time, would be able to brute-force your password? The use of Never in zeppepcs post would imply he means literally NEVER. Not "in a reasonable amount of time" or "within a timeframe that the information stored is still valuable" but NEVER IN ALL TIME!!!
9. Re:they aren't very well going to admit defeat. by siloko · 2010-03-08 20:32 · Score: 1
  
  Belly Laugh - I'd mod you up but I want to comment . . .
10. Re:they aren't very well going to admit defeat. by siloko · 2010-03-08 20:35 · Score: 1
  
  Let's be honest if a key resides on my head then the kind of 'brute force' method of recovery is likely to hit against my singular lack of resolve - being a geek and not a spy I don't tend to fare well under torture!
11. Re:they aren't very well going to admit defeat. by Anonymous Coward · 2010-03-08 20:41 · Score: 5, Informative
  
  Yes, really and truly, never in all time.
  A 256 bit key has 2^256 possibilities. That's 1.15x10^77 possibilities. If you can try 10 million keys in a second, then you "only" need 1.15x10^70th seconds. If you can multiply that speed by a factor of a thousand, then you "only" need 1.15x10^67th seconds. That's 3.67x10^59th years. The universe is only 1.3x10^10 years old.
  So never is more than fair. You would literally have to generate universes to generate universes to decrypt via brute force. By our current understanding of reality, impossible is correct, and anything shy of that is literally science ficition.
12. Re:they aren't very well going to admit defeat. by Holmwood · 2010-03-08 20:47 · Score: 5, Informative
  
  Except he's (more or less) right. James Ellis, at GCHQ (roughly the UK equivalent of NSA) had developed the basics of public key cryptography by the end of 1969. This was about 6 years ahead of Diffie Hellman and Merkle. In 1973, a GCHQ cryptographer, Clifford Cocks, realized that one-way functions would be an elegant way of achieving Ellis' insight. See http://cryptome.org/ukpk-alt.htm for example. This was some years ahead of RSA.
  GCHQ and the NSA definitely would have exchanged this information. It's also quite possible that the US made some of these breakthroughs even earlier than the British; I've not paid much attention to anything NSA-related that has declassified in the last 5+ years.
13. Re:they aren't very well going to admit defeat. by timmarhy · 2010-03-08 20:52 · Score: 1
  
  it's protected by a strong passphrase you'd need about 10000000 years to brute force. good enough for you?
  
  --
  If you mod me down, I will become more powerful than you can imagine....
14. Re:they aren't very well going to admit defeat. by JasterBobaMereel · 2010-03-08 21:07 · Score: 4, Informative
  
  Public key encryption, that would be the crypto system invented at GCHQ in the UK by public servants .... but not published and then re-invented (independently) by RSA 6-7 years later ...
  
  --
  Puteulanus fenestra mortis
15. Re:they aren't very well going to admit defeat. by JackieBrown · 2010-03-08 21:17 · Score: 1
  
  being a geek and not a spy I don't tend to fare well under torture!
  You'll never know until you try :)
16. Re:they aren't very well going to admit defeat. by aussie_a · 2010-03-08 21:21 · Score: 1
  
  Wait, I'm assuming we're talking a 256 character long password. Because I'd sure love to see someone memorise a string of 1 and 0 that is 256 digits long.
17. Re:they aren't very well going to admit defeat. by Chatterton · 2010-03-08 21:32 · Score: 1
  
  Somes love to memorise thousands of digits of PI. Why it could not be conceivable to memorise only 256 bits or 64 Hex digits or 50 [A-Z0-9] chars or 43 [A-Za-z0-9] chars... I know i could not memorise something like that, but some people can.
18. Re:they aren't very well going to admit defeat. by muckracer · 2010-03-08 21:48 · Score: 2, Informative
  
  > I'm assuming we're talking a 256 character long password.
  > Because I'd sure love to see someone memorise a string of 1 and 0 that is 256 digits long.
  1 Character != 1 Bit of entropy.
  But anyway...with a diceware-like approach (http://www.diceware.com) you'll get approximately 12.92 bits of entropy per randomly chosen word. So you'd need only 20 words from the diceware list for your passphrase to actually match and surpass the 256-bit security of the underlying crypto algorithm. 20 words are not that hard to remember. Hell, in literature we had to memorize and recite "The sorcerer's apprentice", which is *pages* long!.
19. Re:they aren't very well going to admit defeat. by alanw · 2010-03-08 21:49 · Score: 1
  
  Because I'd sure love to see someone memorise a string of 1 and 0 that is 256 digits long.
  You don't memorise ones and zeros, you pack them into characters.
  
  The life that I have is all that I have
  And the life that I have is yours
  The love that I have of the life that I have
  Is yours and yours and yours.
  A sleep I shall have, a rest I shall have
  Yet death will be but a pause
  For the peace of my years in the long green grass
  Will be yours and yours and yours.
  306 characters: far far more than is needed.
  The author of the poem was a truly remarkable man who led an amazing life.
20. Re:they aren't very well going to admit defeat. by Threni · 2010-03-08 22:01 · Score: 1
  
  Also, if your public key is published then you can keep encrypting random/all possible plaintexts using it, and when one of your encrypts matches the encrypted data you want to decrypt then you have a match.
21. Re:they aren't very well going to admit defeat. by muckracer · 2010-03-08 22:04 · Score: 1
  
  > > being a geek and not a spy I don't tend to fare well under torture!
  > You'll never know until you try :)
  Just imagine the geeky & fun role-playing games you can have with your SO.
  She (in german Nazi-Uniform):
  "You WILL give me ze passphrase jetzt!!"
  You (unfortunate prisoner):
  "No! Never!!"
  She (in german Nazi-Uniform):
  "Zen I will have to beat zis information out of you!"
  You (unfortunate prisoner):
  "Oh no's! Not the whip again!! Well...do what you must..." ^__^
  Of course, make sure you have a safe word when playing so you can stop. Low entropy is a feature in this case, whereas 512-bit hashes are, well, not that ideal ;-)
22. Re:they aren't very well going to admit defeat. by hughperkins · 2010-03-08 22:05 · Score: 2, Funny
  
  Probably time for you to change your password now ;-)
23. Re:they aren't very well going to admit defeat. by Kjella · 2010-03-08 22:20 · Score: 2, Insightful
  
  You don't think someone, given enough time, would be able to brute-force your password? The use of Never in zeppepcs post would imply he means literally NEVER. Not "in a reasonable amount of time" or "within a timeframe that the information stored is still valuable" but NEVER IN ALL TIME!!!
  No, and there's good physical arguments to "NEVER IN ALL TIME!!!" despiate your attempts at hyperbole. Currently the best theories we got suggests there's a lower entropy limit of kT*ln 2 (the Von Neumann-Landauer limit) per operation, which is on the order of 10^-23 joule. The energy of the sun via E=mc^2 is on the order of 10^47 joule. So at most you can do is 10^70 operations but 2^256 = ~10^77. In other words you can't get through the keyspace before you run out of energy, even taking ideal assumptions.
  Granted, this doesn't account for all the matter in the universe. If you include that, you probably have to move to a 384 bit key but it's still quite finite as opposed to burning through every star in every galaxy in the observable universe. Of course, this is only if you have a 256-bit cipher with no cryptological attacks. AES256 is already shown to be flawed with a strength of only 119 bits, though that too is considered practically impossible but not nearly as physically impossible. But I'm sure we will find such a cipher, it's just that we'll never know when we're there.
  
  --
  Live today, because you never know what tomorrow brings
24. Re:they aren't very well going to admit defeat. by smallfries · 2010-03-08 22:33 · Score: 2, Insightful
  While it is true that it would not be in his interest to admit if they are beat that does not imply that they are beat. And you would have to be an idiot to believe that they are. To pick up on three points from the video:
  
  They employ several hundred PhDs and have a budget that would make any company or university in the sector weep.
  They can read the literature and take ideas but don't have to reciprocate by publishing their work.
  They are not handicapped by inconveniences like the law when it comes to experiments on traffic analysis.
  --
  Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
25. Re:they aren't very well going to admit defeat. by TheLink · 2010-03-08 22:48 · Score: 1
  
  > Of course, make sure you have a safe word when playing so you can stop.
  
  Sounds simple to me:
  
  red = stop right now
  yellow = not feeling comfy with things
  green = go!
  
  But I'm one of those Slashdot virgins with no SO, so what would I know :p.
  
  p.s. this might actually be a steganographic message, or maybe just a noise message to foil traffic analysis. ;)
  --
  
  Too many replies beneath your current threshold
26. Re:they aren't very well going to admit defeat. by muckracer · 2010-03-08 22:52 · Score: 1
  
  > > Of course, make sure you have a safe word when playing so you can stop.
  red = stop right now
  yellow = not feeling comfy with things
  AHHH....OUUUUUCHH!!! = go!
  There...fixed it for 'ya. ;-)
27. Re:they aren't very well going to admit defeat. by Ed+Avis · 2010-03-08 22:57 · Score: 3, Insightful
  
  You would literally have to generate universes
  Isn't that what quantum computing does?
  
  --
  -- Ed Avis ed@membled.com
28. Re:they aren't very well going to admit defeat. by xtracto · 2010-03-08 23:49 · Score: 2, Interesting
  
  You are assuming that whoever wants to break the encryption is doing a brute force attack.
  The classical
  encryption breaking methods are mainly based on frequency and statistics. I am sure nowadays the NSA and other entities in charge of breaking encrypted content have more sophisticated methods.
  
  --
  Ubuntu is an African word meaning 'I can't configure Debian'
29. Re:they aren't very well going to admit defeat. by divisionbyzero · 2010-03-09 00:20 · Score: 1
  
  Yes, really and truly, never in all time.
  A 256 bit key has 2^256 possibilities. That's 1.15x10^77 possibilities. If you can try 10 million keys in a second, then you "only" need 1.15x10^70th seconds. If you can multiply that speed by a factor of a thousand, then you "only" need 1.15x10^67th seconds. That's 3.67x10^59th years. The universe is only 1.3x10^10 years old.
  So never is more than fair. You would literally have to generate universes to generate universes to decrypt via brute force. By our current understanding of reality, impossible is correct, and anything shy of that is literally science ficition.
  Uh, no. You are assuming that things will always work the way that they do. By that I mean, presumably, you think 10 million keys is a lot of keys, but what if we could test 2^256 keys per second? Then it's easily decrypted. Obviously given the way we currently do things that's not possible but we may be able to do it with quantum computing (or maybe not). Finally, if you are so keen on constraining things according to the real world, then it's unlikely we'd need to resort to brute-force. All encryption relies on algorithms and algorithms must be implemented. Any given implementation is susceptible to compromise even quantum encryption. So, I'd say it's a safer bet that any encryption can be broken rather than vice versa.
30. Re:they aren't very well going to admit defeat. by vlm · 2010-03-09 00:33 · Score: 1
  
  Wait, I'm assuming we're talking a 256 character long password. Because I'd sure love to see someone memorise a string of 1 and 0 that is 256 digits long.
  Three hours later and no one noticed his post was 155 characters long (at least wc -l claims that). You can look at that as about 8 bits per byte of raw very non random data, giving 1240 bits of nonrandom data and he only needs 256 bits. Pessimistically you might pull 2 bits of randomness out per byte, yielding a whopping 310 bits of randomness. Anyway, thats more than enough to feed a hash function to get a nice even 256 bits. I pushed his post thru sha256sum and got the following 256 bit hash:
  d254ed3793668c774d24c55b8553036becb1a9bf1b11401cde27b4bf7bc02f89
  Can the OP memorize that hash? Probably not. Can he memorize his post, including his misspelled "memorize" word? Most likely. Everyone works with some clown who memorized every star trek and star wars script, so memorizing one slashdot post is not exactly a heroic achievement.
  Even if you only pull one bit of stinky randomness out per byte, his post would still be 155 bits strong, frankly not bad. Add a couple bits of salt (not too many) and it'll do, it'll do.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
31. Re:they aren't very well going to admit defeat. by CODiNE · 2010-03-09 00:54 · Score: 5, Interesting
  
  That's 1.15x10^77 possibilities.
  
  Are you aware that randomly generating a specific protein is much more difficult than that? I've heard a number around 1 in 10^113. That would be just ONE of the proteins we need for life.
  So. Either it needs to be rethought what is actually numerically possible, or that the genetic make-up of life was guided by chance.
  
  --
  Cwm, fjord-bank glyphs vext quiz
32. Re:they aren't very well going to admit defeat. by vlm · 2010-03-09 00:59 · Score: 3, Interesting
  
  Currently the best theories we got suggests there's a lower entropy limit of kT*ln 2 (the Von Neumann-Landauer limit) per operation, which is on the order of 10^-23 joule. The energy of the sun via E=mc^2 is on the order of 10^47 joule. So at most you can do is 10^70 operations but 2^256 = ~10^77. In other words you can't get through the keyspace before you run out of energy, even taking ideal assumptions.
  Well, if your strategy is guess and check, sure, OK. Wouldn't this plan be a hell of a lot cheaper:
  Estimate the total number of operations a genius level human brain can accomplish per second. I will be wildly optimistic and give it 10^3. Lets assume all thought is directed toward crypto and no daydreaming about the young lady working in accounting, or arguing about which was better, Kirk or Picard.
  Estimate the age of the NSA. Wikipedia claims formed in 1952 but theres plenty of cloak and dagger stuff going on before, so we'll round it to 10^3 years
  Estimate the total number of geniuses the NSA has hired over the years. The holy font of all wisdom, wikipedia, claims the number of employees is classified. However, they claim there's 18000 parking spaces at HQ. What the hell they do with 18K people is a mystery to me. My guess is theres 17990 supervisors, managers, directors, HR personnel, diversity directors, marketing personnel, and other executives and about 10 guys with pocket protectors doing all the work, in between their slashdot breaks. But lets say on a very long term average they have 10^5 geniuses working at any given instant.
  Lets further assume they never eat, sleep, have sex (duh, they're math majors). That gives us 31 million seconds per year. Well, we'll round that down for time to watch star trek reruns, eat pizza rolls, and read slashdot, so call it 10^7 seconds per year.
  So, you need to do about 10^3 * 10^3 * 10*5 * 10^7 = about 10^18 crypto related thought operations over the total lifetime of the NSA.
  In conclusion, you need to run WELL under 10^18 thought operations to figure out the back door they put into your encryption algorithm and/or reverse engineer their top secret decryption technology. A wee bit less than your 10^70 operations required to brute force one message. Plus, when you crack the entire algorithm, you've cracked all messages ever sent with it, not just one message.
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
33. Re:they aren't very well going to admit defeat. by Anonymous Coward · 2010-03-09 01:02 · Score: 1, Funny
  
  That's orders of magnitude more difficult than calculating the private key from the public one, genius.
34. Re:they aren't very well going to admit defeat. by sheehaje · 2010-03-09 01:12 · Score: 2, Funny
  
  Why would I memorize it when I can put it on one big sticky note?
35. Re:they aren't very well going to admit defeat. by ciggieposeur · 2010-03-09 01:39 · Score: 1
  
  Are you aware that randomly generating a specific protein is much more difficult than that?
  I've highlighted the key word: randomly. Specific proteins were not actually generated randomly, but were directed to viable structures via selection.
  If there was a way to direct the key search to one of the potential keys that could decrypt the ciphertext into some meaningful plaintext, i.e. selection, then one could break the encryption in a more feasible time frame.
36. Re:they aren't very well going to admit defeat. by rrossman2 · 2010-03-09 01:47 · Score: 1
  
  if it resides ON your head, they'll just pick the key up and use it.
  
  Now, if it resides *IN* your head, then they'll just crack your head open, pick up the key and use it.
37. Re:they aren't very well going to admit defeat. by ChaosCon · 2010-03-09 02:00 · Score: 2, Insightful
  
  You fallaciously assume decryption will *always* require trying *every* possible key -- you could get lucky and get the correct key on the first attempt. You don't "only" need 1.15E70 seconds, you need "at most" 1.15E70 seconds.
38. Re:they aren't very well going to admit defeat. by DudeTheMath · 2010-03-09 03:08 · Score: 1
  
  Agreed! PK crypto, block ciphers, etc., was in my Elementary Number Theory textbook (1984, Kenneth Rosen). No freakin' way NSA didn't know how to do that before 1983--as he said, if it's not in a title, then they called it something else.
  
  --
  You save only 59 seconds over 8 miles by going 75 instead of 65. Do you really have to pass that guy? Do the Math!
39. Re:they aren't very well going to admit defeat. by MikeBabcock · 2010-03-09 03:12 · Score: 1
  
  Those 256 bit keys are 256/8 bytes just FYI. Also,in typical usage they're randomly generated keys which are themselves encrypted by public key encryption.
  
  --
  - Michael T. Babcock (Yes, I blog)
40. Re:they aren't very well going to admit defeat. by AVee · 2010-03-09 03:18 · Score: 1
  
  There is no such thing as Former NSA. There is only 'in line' and 'dead before dawn'.
41. Re:they aren't very well going to admit defeat. by steelfood · 2010-03-09 03:37 · Score: 1
  
  There's probably natural selection at play here too. The useful proteins continue to replicate, while the useless or harmful ones die out.
  Or perhaps one can say, all proteins are useful until they become unuseful.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
42. Re:they aren't very well going to admit defeat. by es330td · 2010-03-09 03:45 · Score: 1
  
  I don't think "never" should be used in this case. My understanding of the subject is lacking, but I believe that some of the appeal of quantum computing is that a qbit computer can represent all states at once. While I don't know how the q-computer can be used to test against the encrypted drive, if the alternate timeframe is 10^59th years my guess is they will figure out how to use the q-computer for this before then. While it is not a traditional "test, increment, test again" brute force methodology, a device that can test everything at once has as much chance of failure as the person who buys all the possible lottery picks.
43. Re:they aren't very well going to admit defeat. by steelfood · 2010-03-09 03:53 · Score: 1
  
  Just pick an easy-to-remember line from a book you like. Add extra punctuation and mix up the characters a bit to make things interesting.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
44. Re:they aren't very well going to admit defeat. by Panaflex · 2010-03-09 04:01 · Score: 2, Funny
  
  Can he memorize his post, including his misspelled "memorize" word?
  You insensitive clod, he's BRITISH! He can't help it... not even their teachers know how to spell. The most a very bright and motivated student can hope for is ox training classes in Cambridge. Just leave him alone!
  
  --
  I said no... but I missed and it came out yes.
45. Re:they aren't very well going to admit defeat. by kgo · 2010-03-09 04:19 · Score: 1
  
  http://en.wikipedia.org/wiki/Brute_force_attack#Theoretical_limits
  
  --
  Can you construct some sort of rudimentary lathe?
46. Re:they aren't very well going to admit defeat. by kgo · 2010-03-09 04:21 · Score: 1
  
  The way the math works out, the average time to crack a key will be half the total time, assuming a reasonably random key. Awaiting lame Spaceballs jokes.
  
  --
  Can you construct some sort of rudimentary lathe?
47. Re:they aren't very well going to admit defeat. by divisionbyzero · 2010-03-09 04:50 · Score: 1
  
  So, what's your point exactly?
48. Re:they aren't very well going to admit defeat. by AdamTrace · 2010-03-09 04:55 · Score: 1
  
  Ha! Can you imagine!
  "Boss, we decrypted the message! They key was 0x0000...01!"
49. Re:they aren't very well going to admit defeat. by gknoy · 2010-03-09 05:02 · Score: 1
  
  A 256 bit key has 2^256 possibilities. That's 1.15x10^77 possibilities. If you can try 10 million keys in a second, then you "only" need 1.15x10^70th seconds. If you can multiply that speed by a factor of a thousand, then you "only" need 1.15x10^67th seconds. That's 3.67x10^59th years. The universe is only 1.3x10^10 years old.
  Wrong. You only are likely to need that time. A random key in that keyspace, however, might be the fifth one you try, or the five millionth one, or might be the very last one you try. You won't know until you try them, but once you find a key that works, you don't need to test any further. That could occur in the first minute, the first month, the first year, or the first centurey of trying keys.
  You're right, though, that the odds of the key being in the first-tried slice of the keyspace are slim, and the odds of them being in the first $TIME of key-testing decrease as your keyspace increases.
50. Re:they aren't very well going to admit defeat. by multi+io · 2010-03-09 05:09 · Score: 1
  
  I couldn't decide whether to mod this "funny" or "insightful".
51. Re:they aren't very well going to admit defeat. by afabbro · 2010-03-09 05:24 · Score: 1
  
  If you encrypt your drive using a one time pad then, yes, it is encrypted and safe for all time and is provably unreadable without someone having the key. Of course, if it's a 1TB drive, then you need a 1TB key, and you can only use it once...
  
  --
  Advice: on VPS providers
52. Re:they aren't very well going to admit defeat. by Sir+Lollerskates · 2010-03-09 05:57 · Score: 1
  
  It's not very hard, just use a mnemonic device.... and make the long form of it your password.
53. Re:they aren't very well going to admit defeat. by steveb3210 · 2010-03-09 05:59 · Score: 1
  
  You don't think someone, given enough time, would be able to brute-force your password? The use of Never in zeppepcs post would imply he means literally NEVER. Not "in a reasonable amount of time" or "within a timeframe that the information stored is still valuable" but NEVER IN ALL TIME!!!
  Never eh? Suppose we do this:
  
  Hard Drive A - has your data
  Hard Drive B - same size, write random bits to it.
  Hard Drive C - A xor B
  
  Now suppose I crush hard drive A and B. Recovering the data is pretty impossible as it could decrypt to anything!
  
  You've been one time pad'd..
54. Re:they aren't very well going to admit defeat. by Agripa · 2010-03-09 06:01 · Score: 3, Insightful
  
  Are you aware that randomly generating a specific protein is much more difficult than that? I've heard a number around 1 in 10^113. That would be just ONE of the proteins we need for life.
  So. Either it needs to be rethought what is actually numerically possible, or that the genetic make-up of life was guided by chance.
  But that is randomly generating a specific protein without working from an earlier protein. Asimov called that the hemoglobin number and used it as an example of why evolution could not work using blind chance. Hemoglobin is just part of a family of proteins called globins and the actual differences among them are relatively small. The evolution of hemoglobin did not happen by chance all in one step but by accumulating change via many much smaller steps from an existing protein.
  Strong cryptographic algorithms are specifically designed to be resistant to the type of analysis which would allow you to derive parts of the key until you have the whole thing. Either you have it all, or you have nothing. Evolution of proteins does not work that way.
55. Re:they aren't very well going to admit defeat. by steveb3210 · 2010-03-09 06:03 · Score: 1
  
  You would literally have to generate universes to generate universes to decrypt via brute force. By our current understanding of reality, impossible is correct, and anything shy of that is literally science ficition.
  Where exactly then does Shor's Algorithm get its exponential speedup from classical algorithms?
56. Re:they aren't very well going to admit defeat. by Kjella · 2010-03-09 06:24 · Score: 1
  
  Well, if your strategy is guess and check, sure,
  Well, the post I was replying to said brute force and that's pretty much the definition of brute force.
  
  In conclusion, you need to run WELL under 10^18 thought operations to figure out the back door they put into your encryption algorithm and/or reverse engineer their top secret decryption technology. A wee bit less than your 10^70 operations required to brute force one message. Plus, when you crack the entire algorithm, you've cracked all messages ever sent with it, not just one message.
  Uh, wtf kind of logic is that? Since the 1960s millions of people have thought of a "warp drive", that doesn't make it possible. For example, take the RSA algorithm. It depends on p*q = n being trivial to do just like you learned in elementary school, while factoring n to p*q is something mathematicians have spent 2200 years on and not found a really good way of doing. Symmetric encryption is probably even harder because you lack the key entirely. If you look at the list of symmetric ciphers, most of them have never been broken. For example DES published in 1977 *still* has no better published solution than brute force - it's just that 56 bits is way too little with today's computing power.
  
  --
  Live today, because you never know what tomorrow brings
57. Re:they aren't very well going to admit defeat. by spazdor · 2010-03-09 06:27 · Score: 1
  
  Evolutionarily stable strategy.
  Proteins come from one, keypairs do not.
  
  --
  DRM: Terminator crops for your mind!
58. Re:they aren't very well going to admit defeat. by kgo · 2010-03-09 06:36 · Score: 1
  
  This mythical quantum computer with it's mythical algorithm is still subject to thermodynamics...
  
  --
  Can you construct some sort of rudimentary lathe?
59. Re:they aren't very well going to admit defeat. by jdh3.1415 · 2010-03-09 06:57 · Score: 1
  
  You forgot to consider future advances in technology. If you assume that Moore's law stands, every two years computing speed doubles, and today we can consider 10e6 keys per second. In about 416 years, a computer can be built that can consider 2^256 keys in one year.
  Such a computer could be built much sooner depending on advances in mathematics or quantum computing.
  Throughout history, many "unbreakable" encryption schemes have been invented. Eventually, they are all broken.
60. Re:they aren't very well going to admit defeat. by Garridan · 2010-03-09 07:06 · Score: 1
  
  But there is such a thing as "former NSA technical director". As in, no longer the technical director of NSA, and now cannot divulge his proper title.
61. Re:they aren't very well going to admit defeat. by Garridan · 2010-03-09 07:09 · Score: 1
  
  I've memorized at least two 256-bit binary strings... took me no time at all. I bet you can guess them, though.
62. Re:they aren't very well going to admit defeat. by Sulphur · 2010-03-09 09:01 · Score: 1
  
  I doubt anyone is really trying to read this. Lets reuse the one time pad just once.
63. Re:they aren't very well going to admit defeat. by divisionbyzero · 2010-03-09 09:04 · Score: 1
  
  This mythical quantum computer with it's mythical algorithm is still subject to thermodynamics...
  Ah, I see. You don't understand how a quantum computer theoretically works.
64. Re:they aren't very well going to admit defeat. by xiong.chiamiov · 2010-03-09 12:04 · Score: 1
  
  You are assuming that whoever wants to break the encryption is doing a brute force attack.
  Well, yes, because he was responding to:
  
  You don't think someone, given enough time, would be able to brute-force your password?
  
  --
  have you read the Moderation Guidelines Addendum?
65. Re:they aren't very well going to admit defeat. by thoth · 2010-03-09 12:19 · Score: 1
  
  Brute forcing may be infeasible, but if you're talking about encrypting a disk drive... I don't know if you can be so sure. Between all the metadata about the particular file system and disk format, plus stuff about known files and/or directory layout, I'm sure "the pros" can reduce the number of possibilities significantly.
  These aren't the same order of magnitude, but the Rubik's cube is 10^19 states, yet solvable in 30 seconds by the knowledgeable. The Enigma was 10^23 states, yet also breakable given some other info and genius level insight. So algorithms exist for those problems that seriously prune the states the solver needs to work through. And in a similar way, handing somebody a 256 bit key may mean 10^77 states to start with, but adding info like "this is an encrypted ntfs/ext2/hpfs/whatever drive" supplies a huge amount of extra info that might prune things down quite a bit.
66. Re:they aren't very well going to admit defeat. by PingPongBoy · 2010-03-09 14:35 · Score: 1
  
  If you're never going to be able to decrypt the data, then you might as well cat /dev/random > /dev/sda. Because it's indistinguishable from random chaos
  If only I had learned this before I hired a thousand monkeys and purchased a thousand keyboards. Dammit.
  
  --
  Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
67. Re:they aren't very well going to admit defeat. by a-zA-Z0-9$_.+!*'(),x · 2010-03-09 17:21 · Score: 1
  
  1. Various encryption schemes often have quirks that reduce the search space enormously. 2. While a single "processor" may take many years, multiple processors and parallel techniques reduce that burden. As well, the silicon/galium-arsenide/dna gets faster each year.
  
  --
  Epitaph: At last! Root access!
Right... by Anonymous Coward · 2010-03-08 19:32 · Score: 1, Informative

That's what they want you to think.
Their latest decoded message: by WegianWarrior · 2010-03-08 19:35 · Score: 4, Funny

Be sure to drink your Ovaltine.

--
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
1. Re:Their latest decoded message: by ipquickly · 2010-03-08 19:39 · Score: 1
  
  Be sure to drink your Ovaltine.
  No, it was
  "and don't forget the coffee!"
2. Re:Their latest decoded message: by bmo · 2010-03-08 20:13 · Score: 1
  
  The point of the joke went so far over your head all you saw was a contrail.
  --
  BMO
3. Re:Their latest decoded message: by ipquickly · 2010-03-08 20:50 · Score: 1
  
  The point of the joke went so far over your head all you saw was a contrail.
  I saw no such thing!
  (I was looking down)
4. Re:Their latest decoded message: by donaggie03 · 2010-03-09 00:56 · Score: 1
  
  The point of the joke went so far over your head all you saw was a contrail.
  I saw no such thing!
  (I was looking down)
  *sigh* Your link + "A Christmas Story" = ??
  
  --
  Three days from now?? Thats tomorrow!! ~Peter Griffin
5. Re:Their latest decoded message: by donaggie03 · 2010-03-09 01:03 · Score: 1
  
  Heh . that's actually IN the link. Disregard my commend :)
  
  --
  Three days from now?? Thats tomorrow!! ~Peter Griffin
6. Re:Their latest decoded message: by spartacus_prime · 2010-03-09 02:05 · Score: 1
  
  Son of a BITCH!
  
  --
  If you can read this, it means that I bothered to log in.
key areas of competition by Anonymous Coward · 2010-03-08 19:37 · Score: 1, Insightful

The reality is that any private organisation will always say that their software is best or their crypto rocks the world.. There is one big difference with the NSA and that is they have very deep pockets when it comes to cracking encryption which very very few private organisations can afford. Which president would turn the NSA down if they came asking for money with a request like... 'we have managed to get xyz encrypted file that we need xyz cpu's to crack so that we can identify a leak who is selling secrets to the taliban/chinese/bob next door'.
Whatever! by martin-boundary · 2010-03-08 19:39 · Score: 4, Insightful

"We know Saddam has WMD, but we can't show you what we know because it's secret!". Everybody knows how that argument went in Iraq.
I'm with Shamir, the only correct response here is: "Yeah, right, whatever", not "OMGOMGOMG, the NSA cAn readz my stuffz!!1".
Frankly, I don't see how any mathematician would want to waste his talent working for the NSA.
1. Re:Whatever! by Anonymous Coward · 2010-03-08 19:48 · Score: 2, Insightful
  
  Exactly. The USA intelligence agencies have shown their moronity and so many occasions. I'm not sure which is their greatest hit: helping traffic cocaine into American cities to fund arms transfers to Iran OR helping Osama Bin Laden build and develop the Al-Qaeda network. The NSA/CIA/FBI might be able to catch child porn wankers and craigslist hookers but the Chinese/Israelis/Indians will eat them for lunch. Go to a computer science dept. anywhere: You will see almost all Phd students are Chinese/Jewish/Indian. The NSA makes me laugh.
  Even if they could decrypt the shit they probably don't have anyone who can read whatever language it's fucking written in! Don't worry about encryption just write the shit in Bengla they won't figure out for five years...
2. Re:Whatever! by bytesex · 2010-03-08 20:27 · Score: 1
  
  The problem is, that in his historic recount, he is correct. So there is no reason to disbelieve him when he says things about the current state of affairs.
  Except of course, that he is a spook.
  
  --
  Religion is what happens when nature strikes and groupthink goes wrong.
3. Re:Whatever! by chuckymonkey · 2010-03-08 20:53 · Score: 4, Interesting
  
  Let me tell you from firsthand experience. You cannot even fathom the awesomeness that goes on inside the cube unless you work there. It is not like Hollywood portrays it, but there is a whole lot of cool going on in there. That is why people work for the NSA. Now, I have philosophical disagreements with how the NSA ran business during the Bush years and I left that industry for aerospace. That being said if any of my former colleagues tell me that things have changed I think that I would go back.
  
  --
  "Some books contain the machinery required to create and sustain universes."-Tycho
4. Re:Whatever! by martin-boundary · 2010-03-08 21:07 · Score: 2, Insightful
  
  Sure, I accept that the toys are great, but scientifically? It's time wasted. At some point people are going to ask what did you accomplish?
  If you're a mathematician especially, you'll have nothing to show for it, and if your reports ever get published in the future, they'll be long obsolete and irrelevant.
5. Re:Whatever! by Anonymous Coward · 2010-03-08 21:19 · Score: 1, Interesting
  
  I don't believe it. The government wants everyone to believe they are all powerful and know everything but obviously they don't. Either that or they let 9/11 happen on purpose. One or the other they suck. Look at that bunch of CIA douchebags that got suicide bombed by their own informant. How clueless can you be. It's so obvious the ISI are the ones in control in South Asia. All your high tech gizmos and satellites and some stone age goat farmers with Kalishnikovs are beating you. Haha.
6. Re:Whatever! by jpmorgan · 2010-03-08 22:37 · Score: 4, Insightful
  
  Academia is not the only profession that provides job satisfaction and a sense of fulfillment. Guess what, 99.9% of the world's population lives a happy life without ever publishing anything.
7. Re:Whatever! by Btarlinian · 2010-03-08 23:31 · Score: 1
  
  Sure, I accept that the toys are great, but scientifically? It's time wasted. At some point people are going to ask what did you accomplish?
  If you're a mathematician especially, you'll have nothing to show for it, and if your reports ever get published in the future, they'll be long obsolete and irrelevant.
  Who cares? You're getting paid to do what you love and are provided with all the toys you can think of to do that stuff with. If I was a mathematician, I wouldn't really consider that sort of job to be unfulfilling. (Ethical and moral dilemmas are another matter.)
8. Re:Whatever! by timmarhy · 2010-03-08 23:43 · Score: 1
  
  thats because if your a mathematician. the ONLY thing you can do that would seem like much of an acomplishment is publish a scrape of paper.
  for people working in the real world, they can achieve real world outcomes (god i'm damned to management aren't I?).
  
  --
  If you mod me down, I will become more powerful than you can imagine....
9. Re:Whatever! by Kjella · 2010-03-08 23:45 · Score: 1
  
  At some point people are going to ask what did you accomplish?
  If you're a mathematician especially, you'll have nothing to show for it
  "I could tell you, but then I'd have to kill you afterwards". And to be honest, I doubt anyone with "Mathematician, NSA" on their CV will ever have trouble finding work. Lots of others with science degrees work for private research, you'll just be another one of those.
  
  --
  Live today, because you never know what tomorrow brings
10. Re:Whatever! by AHuxley · 2010-03-08 23:55 · Score: 2, Insightful
  
  They are all learning from US books under US profs and going back home with US ideas ...
  Its just the old cold war idea of get them young.
  Years later your "Chinese/Jewish/Indian" is going to sit in front of a mutil billion $ contract with a local build %.
  If trained in the US who do you think they will recall fondly ?
  France, Italy, Brazil, Germany, Russia?
  The USA hopes years of quality education will give them that "reality distortion" edge.
  Then when they sign up for a few billions of $ worth of US hardware and software - its happy times in the NSA as they are now connected directly or via soft/hardware upgrades.
  If not your left with the digital version of "Iranian Tomcats".
  As for Al-Qaeda they have learned via CIA death squads or state sponsors not to trust tech beyond dead drop for propaganda uploads.
  
  --
  Domestic spying is now "Benign Information Gathering"
11. Re:Whatever! by JohnFluxx · 2010-03-09 00:27 · Score: 2, Funny
  
  99.9% of the world's population is, well, the bottom 99.9% of the world. We're talking about the very smartest and most gifted people. The sort that shouldn't be happy if they do not achieve something.
12. Re:Whatever! by Sir_Lewk · 2010-03-09 01:12 · Score: 3, Insightful
  
  Who says the best always have to get their kicks off with public masturbation? While they may never be able to publish, it is also quite likely they will be exposed to concepts and ideas they never would have had the chance to be exposed to otherwise. I'm sure a very large percentage of these sorts of people are driven by a desire to self-improve.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
13. Re:Whatever! by Bakkster · 2010-03-09 01:42 · Score: 1
  
  If you're a mathematician especially, you'll have nothing to show for it
  So you can't brag to your friends, you can still feel quite fulfilled knowing that your work is not only important, American (or your home nation, for other intelligence agencies) lives may be saved by your hard work.
  Furthering science isn't the only way a scientist, engineer, or mathemetician can feel fulfilled.
  
  --
  Write your representatives! Repeal the 2nd Law of Thermodynamics!
14. Re:Whatever! by kaiser423 · 2010-03-09 02:09 · Score: 1
  
  Having read lots of publications, let me tell you that there's a big difference between publishing something, and achieving something.....
  
  Silly academics with their insular communities. Here in my side of the world, publishing means nothing, but saving the government money or saving some lives means everything.
15. Re:Whatever! by elrous0 · 2010-03-09 02:24 · Score: 2, Insightful
  
  lives may be saved by your hard work.
  
  Considering the way the NSA has behaved in the last 9 years, I'd say it was way more likely that your work would be used to spy on innocent Americans, prop up phony wars, gather dirt on Administration political opponents, etc.
  
  --
  SJW: Someone who has run out of real oppression, and has to fake it.
16. Re:Whatever! by styryx · 2010-03-09 02:26 · Score: 1
  
  > Guess what, 99.9% of the world's population lives a happy life without ever publishing anything.
  Citation needed.
17. Re:Whatever! by Bakkster · 2010-03-09 02:39 · Score: 4, Insightful
  
  lives may be saved by your hard work.
  Considering the way the NSA has behaved in the last 9 years
  You mean, considering the reports we have heard. There's a pretty obvious selection bias, in that only the illegal activities (which there certainly are, sanctioned or otherwise) will be notable enough to publish and publicize. I highly doubt that illegal activities accounted for more than 1% of work performed by the NSA (again, including both sanctioned and unsanctioned activities), let alone 51% for cryptologic work to be 'more likely' to be used illegaly.
  
  --
  Write your representatives! Repeal the 2nd Law of Thermodynamics!
18. Re:Whatever! by Arccot · 2010-03-09 03:27 · Score: 2, Informative
  
  99.9% of the world's population is, well, the bottom 99.9% of the world. We're talking about the very smartest and most gifted people. The sort that shouldn't be happy if they do not achieve something.
  You are confusing genius with ambition. Not all geniuses want to take over the world. Some just want to lead a happy life.
19. Re:Whatever! by c6gunner · 2010-03-09 03:37 · Score: 1
  
  "We know Saddam has WMD, but we can't show you what we know because it's secret!". Everybody knows how that argument went in Iraq.
  
  We do?
  They did show us what they knew. It just turned out to be crap. Did you really need to venture into historical revisionism in order to support your point?
20. Re:Whatever! by DragonWriter · 2010-03-09 12:19 · Score: 1
  
  Academia is not the only profession that provides job satisfaction and a sense of fulfillment. Guess what, 99.9% of the world's population lives a happy life without ever publishing anything.
  I kind of have to dismiss out of hand any claim that requires accepting, sans evidence, that "99.9% of the world's population lives a happy life", much less that plus other stuff piled on top of it.
21. Re:Whatever! by gardyloo · 2010-03-09 12:49 · Score: 1
  
  Yes but 99.9% of the world is not populated by mathematicians.
  Maybe even twice that percentage!
Until by Dyinobal · 2010-03-08 19:39 · Score: 1

Until a working quantum computer is made.
1. Re:Until by base3 · 2010-03-08 23:51 · Score: 3, Funny
  
  I can factor large primes for you, no sweat, no quantum computer required. Now composites of large primes, there a quantum computer might help you.
  
  --
  One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
2. Re:Until by arethuza · 2010-03-09 01:47 · Score: 1
  
  So what, I can factor large primes in my head!
3. Re:Until by base3 · 2010-03-09 01:51 · Score: 1
  
  I used to be able to but these days I have trouble memorizing the digits.
  
  --
  One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
NSA didn't know about public key crypto? by jpmorgan · 2010-03-08 19:40 · Score: 4, Interesting

I don't think so... public key cryptography was discovered by the GCHQ at least a decade before it was discovered in the public sphere: http://cryptome.org/ukpk-alt.htm
1. Re:NSA didn't know about public key crypto? by makomk · 2010-03-09 01:14 · Score: 1
  
  The US was only willing to share nuclear weapon designs with the UK after it became clear that the UK was quite capable of designing and building its own nukes - and even then, it was on the condition that the US effectively still owned them and had control of their use.
2. Re:NSA didn't know about public key crypto? by arethuza · 2010-03-09 01:54 · Score: 1
  
  The US does not have "ownership" of UK nukes and certainly doesn't have hard controls that could stop them being used if the UK wanted to but the US didn't. Royal Navy Trident submarine commanders still have the ability to launch under their own authority (albeit with plenty of procedural controls, involving hand written letters and BBC Radio 4).
Crypto is only the Beginning by introspekt.i · 2010-03-08 19:46 · Score: 3, Insightful

Crypto's not the weak link in security anymore, nor has it been for a long time. I think the real security money now is in automated (or proven) software verification and model checking. Private industry is only beginning to understand this, and as a whole, probably will not employ it for some time to come. Why bother testing for security errors when you can prove they don't exist?
1. Re:Crypto is only the Beginning by phantomfive · 2010-03-08 20:01 · Score: 3, Funny
  
  Crypto's not the weak link in security anymore
  That's what you think.
  
  --
  Qxe4
2. Re:Crypto is only the Beginning by Antiocheian · 2010-03-08 20:20 · Score: 1
  
  Crypto's not the weak link in security anymore
  That's what you think.
  Unfortunately most people won't find this insightful.
3. Re:Crypto is only the Beginning by bytesex · 2010-03-08 20:32 · Score: 5, Interesting
  
  Nah. The money is now in electromagnetic remote sensing; reading your screen and listening to your keyboard from a mile away. That, and psy-ops. Humans still control keys. Humans always make at least one mistake. Google's mail accounts were cracked because their subjects could be coaxed to visit malicious websites, after all.
  
  --
  Religion is what happens when nature strikes and groupthink goes wrong.
4. Re:Crypto is only the Beginning by lucian1900 · 2010-03-08 20:56 · Score: 1
  
  Verification is still in its infancy, it has a long way to go before it'll be practical to use over test-driven development. And nothing is actually unequivocally proven anyway, so it's not the silver bullet people make it out to be. Model checking right now is in evolutionary cul-de-sac because people focus on stuff like VDM instead of integrating model checking into existing good languages.
5. Re:Crypto is only the Beginning by dcollins · 2010-03-08 21:14 · Score: 1
  
  "I think the real security money now is in automated (or proven) software verification and model checking. Private industry is only beginning to understand this, and as a whole, probably will not employ it for some time to come. Why bother testing for security errors when you can prove they don't exist?"
  Yeah, we were laughing about this in my college CS classes 20 years ago. So the drunken party's back again, eh?
  
  --
  We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
6. Re:Crypto is only the Beginning by JackieBrown · 2010-03-08 21:26 · Score: 1
  
  That's what you think.
  Unfortunately most people won't find this insightful.
  Because it's not.
  Of course that is what introspekt.i thinks. That is why he wrote it.
  phantomfive did not offer any new or insightful discussion to this tread.
7. Re:Crypto is only the Beginning by TheLink · 2010-03-08 23:00 · Score: 1
  
  > > I think the real security money now is in automated (or proven) software verification and model checking.
  > > Why bother testing for security errors when you can prove they don't exist?"
  > Yeah, we were laughing about this in my college CS classes 20 years ago. So the drunken party's back again, eh?
  
  Yeah, why bother testing his slashdot post for errors if he can prove (via "post verification and checking") that his post on Slashdot was exactly what he wanted to post?
  
  Software verification has its uses, but it is not as useful as some people think it is.
  --
  
  Too many replies beneath your current threshold
8. Re:Crypto is only the Beginning by Antiocheian · 2010-03-08 23:05 · Score: 1
  
  Compare the percentage of an 80s CPU being used in encryption vs the percentage of a modern CPU being used in encryption.
  Are you certain that modern CPUs are not being used to brute force their way in encrypted data ?
9. Re:Crypto is only the Beginning by Schraegstrichpunkt · 2010-03-09 00:05 · Score: 1
  
  Crypto's not the weak link in security anymore
  When I read other people's crypto code, I still find they get it wrong the majority of the time.
  
  --
  http://outcampaign.org/
10. Re:Crypto is only the Beginning by Sir_Lewk · 2010-03-09 01:18 · Score: 1
  
  If the key-size is adequate, then yes. I am. You can not brute force a 256bit symmetric key cipher, not on this planet anyways. I defy you to aquire all of the power that would be needed to make modern computers count from 0 to 2^256. That number is a hell of a lot bigger than I think you think it is.
  Now, could the NSA be using other, perhaps unknown attacks, on things like AES256? That's entirely possible, but they are not brute forcing it.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Sure by FooRat · 2010-03-08 19:47 · Score: 1, Interesting

"Snow replied that when technologies are developed separately in parallel, the developers don't necessarily use the same terms for them."
Sure, and I invented cars 200 years ago, but I didn't call it a car so someone else got the credit.
The NSA may have a "deep staff of Ph.D. mathematicians and other cryptographic experts who work on securing traffic and breaking codes" but let's face it, government departments are not exactly known for being the most motivated of the various sectors, and that's further exacerbated if you know you aren't going to get credit for your work as opposed to being kept secret ... I mean, in academia, one of the major motivations for leading scientists is that they get widespread recognition for their work. I suspect the funding to maintain that "deep staff" of experts probably serves more to keep those experts from being more productive 'elsewhere'. And of course they have to maintain that they are 'ahead' if they want to keep getting funded year after year, so I'd take it with a pinch of salt.
1. Re:Sure by Anonymous Coward · 2010-03-08 20:01 · Score: 3, Interesting
  
  Yeah, but the way most intelligence services work is that it's not like the employees show up at the NSA building every day and sit in a cubicle doing encryption research. At least with the CIA and DOD they just put civilian academic researchers on the payroll and get "first dibs" on new stuff and also get to direct their research. The CIA does this with journalists too. They still work at the NY Times etc. but the CIA sees all their information first and decides what will get printed and what will stay private.
2. Re:Sure by Anonymous Coward · 2010-03-08 20:07 · Score: 1, Funny
  
  "Snow replied that when technologies are developed separately in parallel, the developers don't necessarily use the same terms for them."
  Sure, and I invented cars 200 years ago, but I didn't call it a car so someone else got the credit.
  *You* invented the automobile? Amazing!
3. Re:Sure by ExplitiveNOW · 2010-03-08 22:10 · Score: 1
  
  Yeah, but the way most intelligence services work is that it's not like the employees show up at the NSA building every day and sit in a cubicle doing encryption research. At least with the CIA and DOD they just put civilian academic researchers on the payroll and get "first dibs" on new stuff and also get to direct their research. The CIA does this with journalists too. They still work at the NY Times etc. but the CIA sees all their information first and decides what will get printed and what will stay private.
  Agreed, plenty of people are spies who don't know that they are. It just to easy and economical to do otherwise.
4. Re:Sure by G00F · 2010-03-09 06:48 · Score: 1
  
  The CIA does this with journalists too. They still work at the NY Times etc. but the CIA sees all their information first and decides what will get printed and what will stay private.
  Not disagreeing, but do you have a source for this? I like to make sure facts are correct before I accept it as truth . . . .
  
  --
  The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
Re:the NSA has motivation by Anonymous Coward · 2010-03-08 21:15 · Score: 1, Insightful

racism is not insightful
Re:ROFL by sopssa · 2010-03-08 21:18 · Score: 1

And with SELinux and NSA contributions to the Linux kernel your world domination plans aren't safe there either. They're everywhere, man.
RSA by Rising+Ape · 2010-03-08 22:56 · Score: 1

The NSA may not have had RSA, but GCHQ did - and they developed it years before R, S and A.
NSA vs. PUBLIC by muckracer · 2010-03-08 23:42 · Score: 4, Insightful

> cryptographers for the NSA have been losing ground to their
> counterparts in universities and commercial security vendors for
> 20 years, but still maintain the upper hand in the sophistication
> of their crypto schemes and in their ability to decrypt.
Nevermind the intellectual "my code's better than yours" games
between arguably otherwise brilliant researchers.
Where the NSA certainly has 'maintained the upper hand' is in real
life versus ordinary people. The technology of surveillance has
gotten orders of a magnitude better and surrounding laws have been
adapted to make it fully legal to use that technology to the max
against The People (whereever they may be). Who in this discussion
encrypts their e-mails or uses 'sophisticated crypto schemes' as a
matter of course? At best it's maybe SSH here and there and the
occasional SSL site. The vast majority of traffic is plain-text, as
it's been since the days of papyrus. Hell, back in those days at
least only a few people could read it and thus had better privacy
than we mostly have today. Nevermind the ramifications of Facebook
and similar tools.
Mr. Shamir can engage in discussions of who developed Public Key
Cryptography first or not. It's all nonsense, because as brilliant
as the concept is, the PUBLIC has no part in it to 99.99% and
therefore we can consider it a complete FAILURE on grounds of lack
of acceptance and widespread use. Meanwhile the NSA sits back and
laughs, as their electronic tentacles filter through PUBLIC('s)
traffic...any traffic...and mostly doesn't have to bother with
breaking anything. Cuz we 'oh-so-clever' geeks have failed
miserably. If the NSA has any problem, then it's to store and
process/search through the data they get...not the acquisition.
1. Re:NSA vs. PUBLIC by gazbo · 2010-03-08 23:56 · Score: 4, Funny
  
  THANK YOU!
  I'm never happy with the way my browser handles line-breaking, so I'm eternally grateful to you for taking the initiative and doing it yourself.
2. Re:NSA vs. PUBLIC by muckracer · 2010-03-09 00:14 · Score: 1
  
  > I'm never happy with the way my browser handles line-breaking, so I'm
  > eternally grateful to you for taking the initiative and doing it yourself.
  More a result of using an external editor. And even though I have a feeling you
  were being ironic, I DO find it easier to read with a normal line-length, as
  opposed to reading across the whole damn (wide)screen. ;-)
3. Re:NSA vs. PUBLIC by EmagGeek · 2010-03-09 00:48 · Score: 2, Insightful
  
  That's absolutely true. In addition to brute-force decryption and other methods, the NSA has discovered what scammers have known all along. You don't need to decrypt someone's stuff if they'll give you the keys themselves. It's easier to compromise someone's box and keylog their keys than it is to decrupt the information by force.
  The NSA spends a tremendous amount of effort on social engineering and subversive key acquisition. Those methods are much faster and easier.
4. Re:NSA vs. PUBLIC by girlintraining · 2010-03-09 02:46 · Score: 1, Interesting
  
  If the NSA has any problem, then it's to store and process/search through the data they get...not the acquisition.
  Well that, and interagency cooperation, which the Department of Homeland Security was designed to fix. Instead, it now pursues its own agenda and has proven counterproductive towards those ends. The value of intelligence is not in whether or not you can acquire the information, but whether you can do so in a timely and reliable fashion, and have the resources to analyze it to determine trends, form conclusions, and execute decisions in a timely manner. Intelligence operations don't have a defined start and end point. They are organic cycles which vary over time depending on current policy decisions. But it is a continual process, not a linear one as many here seem to think.
  Breaking codes is just a small part of the NSA's overall role within the government. Not only that, but they're not the ones spying on you domestically (generally); That's the job of the FBI (generally) unless a foreign national is involved or they suspect you have international ties with a terrorist organization or individual, or are pursuing criminal enterprise that could endanger national security (for example, if you're a network administrator at Honeywell, which does defense work), or if you are related to any of the above. And frankly, the FBI has a pattern of only investigating high value targets or those that gather media attention because their internal organizational structure is so inefficient that most of their resources are eaten in administrative overhead, leaving very little for actual field work. Unlike marines that live for the day they get to go outside the wire, most at the FBI are content to work 9-to-5 shifts moving papers from one desk to the next. Believe it or not, a major portion of the FBI's intelligence gathering is still open source, even given the low barriers to nearly unlimited access to anything in the private sector.
  That said, intelligence gathering proactively in sigint is a rarity -- it can provide leads, but generally it is reactive in nature. You have your boots in the ground finding names and getting a lay of the land. sigint resources are then allocated against the target to see if anything interesting can be found. In other words, the fact that the NSA has all your emails, phone records, etc., doesn't mean anything unless somebody files a report saying "Hey, check this guy out." There's plenty of files they have where they have good reason to suspect criminal activity but don't invest resources in it because it just isn't costing society enough yet to justify the judicial process.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
5. Re:NSA vs. PUBLIC by Man+Eating+Duck · 2010-03-09 03:30 · Score: 1
  
  And even though I have a feeling you were being ironic, I DO find it easier to read with a normal line-length, as opposed to reading across the whole damn (wide)screen. ;-)
  
  A friendly suggestion: with flowed content such as html you should never impose linebreaks for non-formatting purposes, i.e. you could use them with code or poems. Otherwise one line equals one paragraph. Your editor can surely soft-wrap the display while retaining proper flow in the text.
  The browser handles the flowing, if you prefer shorter
  lines,
  configure your browser for it by for instance resizing
  your browser
  window or introduce custom css. On a phone your post
  might very
  well end up looking like this paragraph, or even worse.
  Otherwise, excellent original post :)
  
  --
  Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
6. Re:NSA vs. PUBLIC by muckracer · 2010-03-09 04:10 · Score: 1
  
  OK, thanx for the tip. Shall now use:
  ":set wrap linebreak textwidth=0"
  This will soft-wrap the lines.
  The written text will still go to the end of the editor/display though. Haven't yet found a way to limit the line length (say, 70 characters) for easy reading, yet still have it only soft-wrapped for final posting to /..
7. Re:NSA vs. PUBLIC by a-zA-Z0-9$_.+!*'(),x · 2010-03-09 17:28 · Score: 1
  
  You're wrong about public key. It may be 0.1% of the traffic because it is so calculation-intensive, but what it transmits are private keys for the remaining 99.9% of traffic.
  
  --
  Epitaph: At last! Root access!
Why do I have doubts about this post? by Kupfernigk · 2010-03-09 00:11 · Score: 1, Interesting

You cannot even fathom the awesomeness that goes on inside the cube ...there is a whole lot of cool going on in there
But not, apparently, a lot of grown up usage of the English language.
Some people like knowing things that other people don't know and having secrets. Some people like adding to the store of human knowledge, and knowing that they have left the world a slightly better informed or capable place. Personally, I know from experience which type I prefer to work with, and it's not the "I'm a member of the in crowd, you're not" type.

--
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
More goverment disinformation... by 3waygeek · 2010-03-09 00:12 · Score: 2, Funny

In truth, the NSA is hundreds of years ahead of the rest of the world when it comes to cryptography.
Would anyone? by tjstork · 2010-03-09 00:22 · Score: 1

what else would you expect from a public servant. he won't admit the private sector has them beat because it'd be the end of his job.
I don't think gov't vs private sector has the same meaning here. Would anyone flat out admit that another institution of any kind has them beat, and thus lose his or her job?

--
This is my sig.
The wonderful unlimited budget by gatkinso · 2010-03-09 01:09 · Score: 1

Go get your quantum computer - NSA will just build a 10 bazillion node cluster of them.
They will just brute force your solution into the mud if it comes to that.

--
I am very small, utmostly microscopic.
Peer review? by AusIV · 2010-03-09 01:46 · Score: 2

'We cheat. We get to read what [academics] publish. We do not publish what we research,'
That's all well and good for cryptanalysis, which is more or less provable, but for new encryption algorithms the more eyes you have looking at your algorithm the more certain you can be of its strengths. Not letting people look at your encryption algorithms seems to be relying on security through obscurity.
1. Re:Peer review? by ServerIrv · 2010-03-09 01:57 · Score: 2, Insightful
  
  'We cheat. We get to read what [academics] publish. We do not publish what we research,'
  That's all well and good for cryptanalysis, which is more or less provable, but for new encryption algorithms the more eyes you have looking at your algorithm the more certain you can be of its strengths. Not letting people look at your encryption algorithms seems to be relying on security through obscurity.
  It isn't about security through obscurity. They are cheating because they get ideas from the academics but don't have to return the favor. It becomes a pull relationship and ignores the push.
  Think of it this way (with made up stats), NSA has 40% of all available industry resources and ideas, while the academics have the remaining 60%. So, while the NSA only has 40% but gets to view 100%, while academics have 60% but are stuck at 60%. If you use your position of power to use all available resources, even ones that are not yours without allowing others access to your resources, then that is cheating.
Re:the NSA has motivation by DJoffe · 2010-03-09 02:11 · Score: 1

And how has the NSA "won" exactly? You think they have secret 'backdoors' for all major encryption algorithms? And if they haven't actually "won", why hasn't there been the disaster you predict?
How I know this is bullshit: by Hurricane78 · 2010-03-09 03:12 · Score: 2, Funny

Original quote:

'I do believe NSA is still ahead, but not by much -- a handful of years,' says Snow. 'I think we've got the edge still.'

Slashdot headline:

NSA Still Ahead In Crypto, But Not By Much
Sorry, Snow. But someone “thinking” that something is that way, has nothing to do with what it actually is.
There are people out there who still “think” that earth is flat, the sun revolves around it, and that there is a bearded man in the sky.
Then again, if you follow the money/power, you realize quickly, why that empty and pointless quote gets thrown around the Internet...
Yeees NSA... you’re still the best... mama still loves you... really! *pat-pat* ;)
I wish that NO agency of any country is “ahead” in crypto. It’s like saying that Jack the Ripper is still ahead of the police. Not a world you want to live in.

--
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Quantum of Solace by neoshroom · 2010-03-09 03:38 · Score: 1

[D]irector Brian Snow said that cryptographers for the NSA have been losing ground to their counterparts in universities and commercial security vendors for 20 years.

Until a working quantum computer is made.
That's just what they want you to think. Secretly, they already have a quantum computer that can decrypt anything near-instantly. They call it TRANSLTR. Okay, maybe not, but it would make a great Dan Brown novel.

--
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
Shamir should know NSA did invent Public-Key first by TwineLogic · 2010-03-09 03:45 · Score: 1

According to the journalism of John Young, famously of cryptome.org, the name NSA used for what we call "public key" cryptography is thare called "non-secret cryptography" meaning that one of the keys is not secret. John Young's article can be read here: http://cryptome.org/nsa-nse/nsa-nse-01.htm
Brian Snow is smart -- and a heck of a nice guy by Ranten_N_Raven · 2010-03-09 06:37 · Score: 1

Had a chance to get to know Brian Snow many years ago. The guy is not only so smart it's scary, he's also a very kind man. He cares for those around him and shows that in how he relates to those of "lesser stature." Never talked down to any of us, always polite, and very creative with a thoughtful going away gift when I left. NSA technical director? Wow! Glad to see he rose t the heights he deserved.

--

READ the US Constitution, the Bill of Rights and the other amendments! http://lcweb2.loc.gov/const/const.html
The nation's secrets are safe... by grikdog · 2010-03-09 06:43 · Score: 1

No badguy encryption is safe against Abby and McGee's secret decoder groups and rings, codenamed GRRR. And even if that doesn't work, we can always get Sigourney Weaver to stare at a screenful of alien gobbledygook for a few hours.

Kidding aside, the NSA does not indulge in bragadoccio without a reason. In the present instance, the motive may simply be to panic Ted and Alice into changing not just their keys, but their algorithms, hopefully forcing them to use beta (and buggy) software before its time. The attack is against weakness (i.e., pointy-haired managers) and not against techs (must...restrain...Fist...of...Death....)

The only point of interest in this is how NSA capabilities fare versus similar shops, for example, Mossad, the Russians, the British, the French, the North Koreans, China, India, Toodai, Al Qaeda, NHK, some group you'd never dream of.

--
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
Re:the NSA has motivation by r00t · 2010-03-09 18:37 · Score: 1

It's not one battle. They win many, and you rarely hear of it. They lose many, and you hear of every case that doesn't get stopped elsewhere. (getting "stopped elsewhere" could be that the NSA loses but then Mr. Terrorist gets kneecapped by his local loanshark)
There are plenty of bombings that succeed, every year. We quickly forget anything less dramatic that 9/11, but it's happening. Suppose that is just 1% of the ones that were planned.
Re:What did you accomplish? by drissel · 2010-03-10 11:36 · Score: 1

I once saw the resume of a man who went to work for NSA at age 18. The entire Work Experience part of the resume was like: "Mr. X has served in a variety of technical and management positions at the National Security Agency for N years."