NSA Building US's Biggest Spy Center

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

All your secrets belong to us...

[Grog6]

Panopticon this week; Maybe we'll get Skynet by accident?

That might be best for everyone in the long run...

Re:All your secrets belong to us...

[kaws]

I personally wouldn't mind Skynet much if it developed into a sort of protector of good.

Re:All your secrets belong to us...

[beckett]

and i wouldn't mind guns if people just used them to change tv channels.

Re:All your secrets belong to us...

[rot26]

Yeah, that's always the problem, innit? I personally wouldn't mind the NSA reading all of my email if it were, in fact, a sort of protector of good. How can any politician EVER control a beast that knows where every skeleton in every closet is and can protect that information behind armed guards and blast-proof doors? It's a deal with the devil if there ever has been one.

Re:All your secrets belong to us...

[Grishnakh]

The big thing I'm wondering about here is: where are they going to find people to run this place? Every week it seems, there's a new article about industry and the government both complaining there aren't enough STEM workers. It's kinda hard for a country to run a super high-tech surveillance center without well-educated STEM workers to do those jobs, and government jobs traditionally don't pay that well to compete with the private-sector jobs that are out there, plus the geeks seem to hate this kind of thing and many will probably refuse to work there out of principle.

Re:All your secrets belong to us...

[anubi]

We will get H1-B's from China.

Heck, I just ordered some really cool 18650 lithium-ion battery chargers from China, and was amazed at the performance they had. I saw other reviews showing the design elegance of the PCB in them, so naturally I had to look up the chips to see how I could use their clever designs in some of my stuff.

I found the datasheets all right - and they are all in Chinese!

Don't worry about the pay - the government can print up anything they want. The one thing the government has to concern with is training their managers - which appear to be people some top mucky-muck is indebted to and rewarded with a "good job" in the aerospace industry. Those people have got to learn to tolerate productivity in the workplace, not just set directives and micromanage. I have never seen anything run as badly as government-funded institutions.

As we outsource more and more stuff, we become more and more dependent on those serving us. If they decide to stop sourcing a critical part, - or worse - decide its in their interest to supply a part which is "bugged" so it can be told to self-destruct ( much like some of today's software will do ) via an undocumented instruction sequence, they can insure world peace by making sure weapons using these devices fail before they do their deed.

Re:All your secrets belong to us...

[LifesABeach]

T1000's think Skynet is good. Does that count?

Re:All your secrets belong to us...

[WaywardGeek]

It's a really interesting topic of discussion. During WWII, we broke all sorts of codes, primarily by building bigger and more expensive computers than any rational scientist from the other side believed we would be willing to build. The two secrets the NSA has to keep to be effective (assuming it is, but that's a different topic) is 1) just how big their computers are, and 2) knowledge of any codes they've broken. In WWII, we let good people die who we could have saved, simply to protect the secret that we had broken their codes. If every time the other side sent an encrypted message about where and when to attack, we just magically happened to be in the right place at the right time, they'd catch on. If the NSA can break AES, then they're in the same situation today. For example, they may be letting good people die who could be saved if the NSA simply informed the local police of an encrypted message from some bad guy.

So, today most of us rational computer geeks don't believe the NSA can break our codes. We have more public discussion now than was ever possible before, and the brain power on the internet world-wide thinking about code breaking probably dwarfs the NSA. Breaking AES by brute force would take a computer of nearly unthinkable size... sort of like in WWII. Breaking RSA with long keys like most of use use would probably take a quantum computer many years ahead of anything we know of...

Actually, I know a guy who knows one of the guys that RSA is named after, and he tells me that guy broke RSA in the '90s... The funny thing is my story is true! Of course, I can't verify the story the guy told me.

Re:All your secrets belong to us...

[Xacid]

Reminds me of this here: http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation

"Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license". Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else."

There always seems to be some mysterious upper threshold for most encryption schemes...Wonder why...

Re:All your secrets belong to us...

T1000's have rights too!

Re:All your secrets belong to us...

We saw how bureaucrats abuse that privilege for evil: J Edgar Hoover being the prime example of misuse of intelligence. No bureaucrat can be trusted.

Re:All your secrets belong to us...

Hold on a sec. You missed a very important note in the article. "we can't currently do it" is another way of saying "we actually haven't been doing it.". I don't know how much data is on the web, but my guess is "a lot" and a million square foot data center isn't going to even be able to handle a billionth of it.

Re:All your secrets belong to us...

Well, 40 bit encryption has the acknowledged reason that the best DES decryption ASICs of the time couldn't crack more fast enough for the data to still be valuable.

Re:All your secrets belong to us...

[Thing+1]

"Clancy! Use the remote!"

USA...we miss you!

In american America, people monitor the government.
In soviet America, the government monitors the people.

Re:USA...we miss you!

[Capt+James+McCarthy]

In american America, people monitor the government.
In soviet America, the government monitors the people.

Just an observation and being an election year, is that when this type of stuff went on before it was always Bush's "plan", yet not one word against Obama to do anything about it. Not surprising, but interesting.

Re:USA...we miss you!

Shhh... Don't mention 'carnivore'

Re:USA...we miss you!

[TehZorroness]

Well, here's a word from me at least. Obama can eat a dick. I'm getting so fed up with this gradual transition to full autonomous surveillance. There will be people out in the streets about this when things start getting bad. Soon enough, the schism between reality and the fairy tales they told us about freedom in public school will be too wide even for the American Idol crowd to believe. An interesting time to live. It's just too bad we can't be investing these man-years and resources on attaining sustainability before the Earth becomes a giant radioactive ball of toxic shit inhabited by cannibalistic asshats.

Re:USA...we miss you!

[homer_ca]

That's ok. As long we get to keep our birth control and our gay rights, democracy is safe, right?

Re:USA...we miss you!

[Aryden]

Honestly, thinking intellectually about the growth and capabilities of technologies, I see things like this as an inevitability no matter who is in power. Now, that is not to say that it is right and that we should not fight it, but pointing the finger at the guy in the oval is a little bit on the "just want someone to blame" side of things. I do not personally believe that anyone elected into that position in the last 2 decades would be stomping down on things like this.

Re:USA...we miss you!

[forkfail]

Ah - I love the smell of optimism in the morning!

(Or afternoon, as it happens, but it doesn't quite have the same impact...)

Re:USA...we miss you!

Just shut the hell up, dude. You're the one who turned this into an "us versus them" thing, which is exactly how politics of the country have indoctrinated you and divided you and your countrymen.

Nobody who is actually trying to *do* anything about the problem is blaming Bush and giving Obama a free pass. It's you and the armchair squad who are doing all the damage there.

Re:USA...we miss you!

For the government to start building anything takes more than four years. Planning for this data center started before Obama took office.

Re:USA...we miss you!

That's ok. As long we get to keep our free birth control and our matrimonial privileges, democracy is safe, right?

Needed a little adjustment.

Re:USA...we miss you!

[jmcvetta]

There will be people out in the streets about this when things start getting bad.

Yes, but the drones will take care of them.

Re:USA...we miss you!

And the microwave crowd control systems

Re:USA...we miss you!

Safe under lock and key.

a thought

[zlives]

First, I already assumed they were doing this. second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.

Re:a thought

[MetalliQaZ]

Yes, you could, but it would be useless. You would then have to transmit the new key to your recipient for every message. If they can intercept the message, they would get your keys also.

Anyway AES is public key encryption. I think you meant passphrase, not key. In any case, the same problem applies.

What you are getting at is called a one-time-use pad. It is pretty much the most secure form of protection, but also very unwieldy for Joe Everyman.

-d

Re:a thought

[klapaucjusz]

could you create an encryption method that generates a new encryption key for every new message.

Yes, modern cryptosystems do that. It's called an Initialisation Vector.

Re:a thought

[adturner]

That's basically what happens today with most protocols like SSL/TLS. For each new connection, the client and server negotiate a new key via public key crypto like RSA. Actually, based on some comments in the article, like needing more "transactions" to help break the encryption, makes me believe the NSA is actually working to break RSA then AES.

Re:a thought

"Anyway AES is public key encryption"

O'rly.

Re:a thought

[betterunixthanunix]

second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.

Sure, but you have to be more specific. A one time pad might meet your definition, as might standard hybrid public/private encryption (which is widely used).

Re:a thought

First off, AES isn't public key, it's just usually used in conjunction with public key. The public key portion of the exchange is used to communicate an AES key (the "shared secret") which is then used for communication moving forward. This is because public key encryption is "expensive" by comparison to block cyphers like AES. Secondly, you don't communicate a passphrase with public key. The passphrase that you're used to using is so that keys can be securely stored and someone that gains access to your key file doesn't get access to your key.

You could potentially communicate a new AES key with every message, which would greatly reduce the chances of a bruce force attack being successfully since most rely on the ability to analyze a large number of blocks that use the same key. That said, if you crack one key you do gain access to every key that followed in the chain.

Re:a thought

[zill]

Anyway AES is public key encryption.

AES is a symmetric-key algorithm.

Re:a thought

[TheTrueScotsman]

You have to share the initialization vector in the same way you have to share the session key.

Breaking either of these boils down to the same problem: breaking the asymmetric (e.g. RSA) keys.

This problem is doable for commonly-used 1024 bit RSA keys with absolutely massive amounts (the sort of thing a rich government may be able to come up with now) of CPU power; but not doable in the medium or long term for 2048 bit or greater keys, Of course, practical quantum computing will change this equation.

Re:a thought

[mlts]

PGP does this, as every message/file sent has its own symmetric encryption key, with only the key material encrypted with RSA/DSS.

However, if the public/private key gets broken, all bets are off.

Re:a thought

[wren337]

You're assuming that you're chaining the new AES key into the preceding message. Better to increase the frequency of the PKI handshake and periodically exchange new, clean AES keys.

As for the parent's question about a new key for each message - you could exchange one-time keypads securely and then use a new keypad with each message. Bulky, but guaranteed to be as secure as your exchange and storage mechanisms.

Re:a thought

Regarding IV: Parent is right, GP is mistaken.

The initialization vector does not change the key in any way. It is typically transmitted in the clear as the first part of the packet. Its only purpose is to provide a starting point for a "Mode of Operation" which adds variation to the plaintext in case that some blocks contain repetitive data (c.f. http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation ).

If you want to have key variation you need to derive session keys from a master key by way of a one-way function (e.g. based on a secure hash like SHA256 or better), with some hints for your peer on how to derive it from the shared master key.

Regarding Quantum Computing:
Current QC have been shown to factor 4 bit numbers (15 -> 5 x 3), but not much more than that. The problem is to generate enough many entangled and coherent qubits (the QC working variable, if you will) that is large enough to hold the input data, i.e. the RSA modulus you want to factor. Researchers are facing enormous problems to even create a usable 8-qubit entanglement for long enough to run the computation, because the physical implementations of qubits are not stable enough and become decoherent quickly. Quantum Error Correction is used to make do with current implementations, but it doesn't scale.

IBM recently seems to have achieved a breakthrough in coherency, bringing it up to 100 microseconds, so we will have to see if that makes a difference in building large enough arrays of coherent and entangled qubits. But to achieve 2048 qubit arrays it seems there's a fair bit of more research necessary.

Re:a thought

First, I already assumed they were doing this. second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.

Yes, but you don't need to. If the encryption algorithm is secure, it's secure. Period.

If it isn't secure then changing the key won't help (much).

Re:a thought

[Joce640k]

That's done for a completely different reason. With SSL you don't have a pre-agreed key so you have to create one for that session.

If you know the other person and have agreed on a key then it's not necessary.

Breaking AES may be impossible. That was the design goal at least.

Not that DES was never 'broken' it's just that brute-force searching of 56 bit keys became possible. With a 128-bit key that's not going to happen.

(nb. I prefer 128-bit AES to the 192-bit and 256-bit variants. I just don't get a warm fuzzy feeling about their key schedules, if you want to guard against attacks on the algorithm you should probably add more rounds to 128-bit AES rather than fiddling with the key).

Re:a thought

[CBravo]

You don't build such a large datacenter without a good hint that it will work (out). It means they are on to something. The first question is what exactly are they after: Private keys from SSL certificates, private key of root certificate from certificate authoroties, personal private keys, ... Then the question remains: How do you keep your secret key a secret?

Re:a thought

[Ronin+Developer]

If the AES keys used to encrypt the messages are routinely changed, the target will be to go after the symmetric cipher key used to encrypt to the private key.

The encryption key used to protect the private key is the weak link - assuming the private key can be acquired. If it can not be acquired, the public key will need to be factored and the private key generated from the factors. If the symmetric key were ever passed and stored in an encrypted form, it can then be decrypted at that point and the encrypted message can be decrypted and read.

Re:a thought

[forkfail]

The fact that you and many others assume such is their carte blanche to surveil to their hearts content and then some.

Re:a thought

Protip: Dont buy it from VeriSign

Re:a thought

[gatkinso]

Diffie Hellman key exchange.

Re:a thought

[epine]

If your encryption algorithm is secure then it's secure.

Your tautology would be more interesting if we had a single provable cipher. The best we manage is mapping a cipher contraption onto some other mathematical problem (such as factoring) which has been probed over centuries by the most brilliant minds. Yet even the hardness of factoring remains unproven so far as I've heard.

Also, since the vast majority of applications leak the session key in a public key exchange, there's an awful lot riding on the security of the public key exchange. Your public key is only as good as your randomness source. Have you audited your random number source lately? This is the kind of thing that's very hard to control with a test suite. If your randomness comes from a compromised black box (e.g. a built-in CPU randomness circuit involving NSA directives) the non-randomness of your random numbers could even be made crypto strong (only if you know the secret key can you discover the bits aren't really random).

There's so many screwdrivers crammed into the doorframe, proof couldn't squeeze in edgewise.

Re:a thought

[Eravnrekaree]

One solution may be to use multiple layers of AES. Rather than double or tripling anonymity it shoulod increase it exponentially, as long as one AES layer is placed directly in the other. The reason is if you include an AES layer in some sort of wrapper like an header that is predictable, if the analysis breaks through the first layer, they look for predictable data to indicate that, such as ASCII data or TCP headers or what not. So you dont want to give them that, if they "break through the first layer", and all they get is more random data, they will have no way of knowing if they actually have broken through, right?

Re:a thought

[Joce640k]

I don't think the OP was referring to public keys and session key exchanges (where a different key every time isn't optional, it's part of the process).

Re:a thought

You don't build such a large datacenter without a good hint that it will work (out). It means they are on to something.

Because the government never builds anything they can't use.

Brute force....

[vikingpower]

...seems appropriate as a term for how the US government takes its stance towards the rest of the world. Even although broke. How long, yet ?

Re:Brute force....

[Black+Parrot]

...seems appropriate as a term for how the US government takes its stance towards the rest of the world. Even although broke. How long, yet ?

We're not broke, just bleeding.

All the hand-wringing is because certain politicians are upset that we're not spending all of it on the haves.

Re:Brute force....

[RenderSeven]

All the hand-wringing is because certain politicians are upset that we're not stealing all of it from the haves.

FTFY

Re:Brute force....

All the hand-wringing is because certain politicians are upset that we're not fooling enough people into thinking we're stealing all of it from the haves.

FTFY

Re:Brute force....

LOL, what party in the US is not pro big corporations? They're both rabidly big banking, both pro big pharma/medical, both pro agriculture, etc. etc.

Re:Brute force....

"All the hand-wringing is because certain politicians are upset that we're not stealing all of it from the haves."

One way or another, you ARE going to surrender more of your income, motherfucker.

It can either be legally, via taxes, or at gunpoint when the masses have had enough of you privileged
fuckwads screwing most of the world so you can live in extreme overindulgence.

Deficit

[ehiris]

I thought we were bankrupt. Don't we have better things to spend (or save) our money on?

Re:Deficit

Debt and on-going budget deficits are not the same as "bankrupt" for the US government. It's not great though.

Though NSA is under DoD, who has been pulling down something like a trillion dollars a year to play with. A couple wars will do wonders for your budget.

So a few million for a data center is like worrying about new shoelaces when you're behind on two mortgages.

Re:Deficit

[Dusty101]

You've got to make your spy centre impressive from the air (see also the Pentagon & Langley). How are low-budget TV spy shows supposed to insert a generic speeded-up aerial pan of that?

Not to mention that it's not going to be as cool-looking as the doughnut:

https://en.wikipedia.org/wiki/Government_Communications_Headquarters

Re:Deficit

[Teckla]

I thought we were bankrupt. Don't we have better things to spend (or save) our money on?

The U.S. won't go bankrupt, not as long as what is owed is U.S. dollars.

The U.S. can continue to inflate its currency, however (i.e., make each dollar worth less, by adding more dollars to the pool of dollars). This upsets "the 1%" a great deal, since they own almost everything. Somewhat impacted are "the 99%", but not nearly so much as your average person on the street might think.

Inflation really isn't so bad, because it makes U.S. exports more attractive (they effectively cost less), and all those people deep in credit card and mortgage debt effectively end up owing less money.

Re:Deficit

[Grishnakh]

The 1% don't care that much about inflation; you say they own "almost everything", but the thing is, if what you own is real, its value doesn't generally go down. So, if you own a bunch of valuable real estate, inflation isn't going to hit you because its value in an inflating currency will rise (real estate bubbles notwithstanding). For liquid assets, if your money is in stocks, those go up to account for inflation too (assuming the companies aren't doing badly).

Finally, the 1% probably doesn't keep their cash all in US dollars, but instead spread it out over lots of currencies, including the Swiss Franc.

Re:Deficit

[Teckla]

The 1% don't care that much about inflation; you say they own "almost everything", but the thing is, if what you own is real, its value doesn't generally go down.

That's a really good point, and something us 99%'ers should probably consider when saving / investing!

Thank you for the rest of your interesting comment, too.

Re:Deficit

[Grishnakh]

It's not without risk obviously, though; just look all the people who tried to emulate the 1% recently by buying rental properties, only to have the whole thing blow up in their faces. The 1% probably buy a lot of properties that regular folks can't afford: big commercial properties, properties in Manhattan, properties on Maui, etc., most of which probably didn't suffer the same fate, or at least to the same extent, that millions upon millions of suburban residential houses did in the realty collapse.

Re:Deficit

[Archtech]

What I find interesting - and seriously worrying - is that Grishnakh's point about the super-rich not caring about inflation would come as a surprise to any Slashdotter. Isn't it fairly obvious?

Imagine you are an intelligent, ruthless, selfish person who has, by focused effort and an utter lack of empathy, amassed a huge fortune. What is your top priority? No, not partying with starlets - making sure you keep and expand your huge fortune. One of the very first things you do is hire a bunch of even more intelligent, highly qualified economists and accountants. They will tell you - although no businessperson needs to be told - about inflation and its effects (and its purposes). Of course you are not going to get caught by it to your detriment: inflation is one of a number of relatively unobtrusive, relentless mechanisms that quietly transfer vast sums of money from the poor and moderately well off to the rich.

Re:Deficit

[airdweller]

Mod up pls. Not all real estate is valuable in view of joining the "1%".

How many bits?

[Hatta]

How many bits should we use for encryption now?

Re:How many bits?

[KhabaLox]

How many bits should we use for encryption now?

More.

Re:How many bits?

[Black+Parrot]

How many bits should we use for encryption now?

If you assume peak computing power is doubling ever n years, they you need one more bit every n years to keep ahead.

And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

Re:How many bits?

[GameboyRMH]

As many as you can. I get the feeling from TFA that they can at least crack AES-128.

Re:How many bits?

[Beardo+the+Bearded]

Use no encryption and have a sig like mine. Eventually someone gets bored of reading every mundane post and email and puts you on an "ignore" filter.

Re:How many bits?

[SuricouRaven]

I think at this point it isn't about the number of bits, it's about luck, implimentation issues and the search for user error. Doesn't matter how many bits you use if they can sneak a copy of your laptop hard drive and find the key somewhere in swap space, or if your 8192-bit key is derived from a passphrase that's only ten alphanumeric characters, or if they can pull off an effective MITM attack on an SSL by threatening/bribing/asking a trusted certification authority to sign their cert.

Re:How many bits?

[JesseMcDonald]

At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

Re:How many bits?

It's more than that if you believe the GPU people - something like 10x. Cracking a password using rainbow tables and megabytes of memory is one way of doing it. Just precalculate every possible combination of plain text and encrypted text.

Re:How many bits?

[TheGratefulNet]

and even better: send false positives to waste their time.

perhaps the crypto protocols need enhancing to allow fake bullshit messages that can't easily be told from real crypto stuff.

ie, DOS them.

I know, they have lots of power but it IS a war. war on our privacy and its so blatant now, they don't even try to hide their break-in attempts to us, anymore.

the ONLY reason encryption was allowed in the first place was for banking and online 'business'. if there was not this use-case, we would be disallowed encryption entirely.

Re:How many bits?

[Hatta]

If it wasn't about how many bits you used, there would be no use for the giant cluster they are building.

Re:How many bits?

[White+Flame]

While those are legitimate attack vectors, they do not seem to be what this facility will perform. If it's purely a passive listener of all internet & phone communication, looking for "patterns" and "threats" from the entire haystack, then using stronger encryption would seem to be sensible.

Re:How many bits?

[mhajicek]

How many bits should we use for encryption now?

All of them.

Re:How many bits?

[GameboyRMH]

And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

Which is the whole point of this new facility according to TFA.

Re:How many bits?

[mlts]

I'd not worry about bits as much as the algorithm and the block size.

Ideally, one would cascade three solid encryption algorithms, be it AES, Serpent, and Twofish. Not so one can say they have a 768 bit key [1], but if one of the algorithms has a weakness that reduces its strength, the data is still protected. This is why I wish programs which signed documents would not just use RSA or DSS, but that, as well as a ECC key, as well as using a public/private key system that isn't vulnerable to Shor's Algorithm (and thus isn't crackable via quantum computing.)

[1]: In reality, you only gain 3x the security by using cascaded algorithms, 258 bits at most total.

Re:How many bits?

[TheTrueScotsman]

There's no way they can crack AES-128 unless there's a hole in the algorithm or they have quantum computing.

Current best practices are:

1) AES-128 to AES-256 for symmetric keys (although AES-256 has its own problems which can sometimes collapse it to AES-128 - these are ameloriated by increasing the key rounds)

2) 2048-bit to 4092-bit for RSA keys (2048 may be breakable by 2030 with conventional computing, 4092-bit will take much longer).

If quantum computing becomes feasible then AES keys will effectively halve in complexity (i.e. AES-128 goes to 64-bit, AES-256 goes to AES-128) and RSA and DSA keys will be useless.

Re:How many bits?

[GameboyRMH]

Don't forget there are commercially available quantum computers already, it's safe to say the NSA is already somewhat ahead of that, and they're on the bleeding edge of cryptography research. I've already phased out AES-128 and RSA-2048 from my systems just because I can.

Re:How many bits?

[TheTrueScotsman]

If you believe they have QC, are you using any public key encryption?

Re:How many bits?

[GameboyRMH]

Yeah but I'm still using the Gmail address I signed up to in the early days, so the NSA's code-breaking capability is the least of my problems right now.

Re:How many bits?

You have to combine that with code-breaking algorithm improvements too, which is hard since you can't really know what people will come up with in future.

Re:How many bits?

At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

You can only send one message using that key. That's what makes it a one-time pad. The moment you have multiple messages encrypted with the same key, it's not provably unbreakable anymore, because you have a vector for attack (comparing multiple cypher-texts).

Re:How many bits?

[CanHasDIY]

In addition, I've begun prefacing every phone call I make with Echelon trigger words.

They want dirt on us? Fine, let's BURY the motherfuckers in it.

Re:How many bits?

[TheRaven64]

A rainbow table for every 256-bit key, using one atom per key, will just about fit in the universe. A rainbow table using one atom for every 266-bit key using one atom per key will be bigger than the universe. Calculating it will probably take a long time, even if you do have a big enough hard disk...

Re:How many bits?

[TheRaven64]

Encryption is totally irrelevant. They don't care what you say, they care who you are talking to. This sort of thing is defeated by systems like Tor (or would be, if enough people used it) and anonymous remailers, not by encryption.

Re:How many bits?

[Joce640k]

How many bits should we use for encryption now?

Symmetric or asymmetric encryption...?

Re:How many bits?

[Joce640k]

If you assume peak computing power is doubling ever n years, they you need one more bit every n years to keep ahead.

And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

Nope.

At some point you have to take into account how much energy it would take to try all the keys. Even if you get it down to a few thousand electrons per key (unlikely) you'll still need to suck energy directly from the sun's core to break 128-bit AES in a reasonable time.

2^128 is a BIG number.

Re:How many bits?

[KaoticEvil]

moar... fixed that for you ;)

Re:How many bits?

[JesseMcDonald]

At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

You can only send one message using that key. That's what makes it a one-time pad. The moment you have multiple messages encrypted with the same key, it's not provably unbreakable anymore, because you have a vector for attack (comparing multiple cypher-texts).

It's all in the implementation. What I had in mind for the case of multiple messages is a key of (N + M) bits, and messages of (N + M) bits, where you use the first N bits of the key to encode the first message and the next M bits to encode the second message. This is trivially equivalent to two separate one-time pads where each message is encrypted with its own non-overlapping portion of the key. It's also the way one-time pads are traditionally used, since doing the hard part (key exchange) over again for every message doesn't really make sense. Instead, you exchange a very large key once and consume part of it to encode each message.

However, yes, you could run into trouble if you start mixing the key bits and message bits up such that the two keys/ciphertexts aren't really independent.

Re:How many bits?

[CBravo]

That would be 640kB

Re:How many bits?

[RoknrolZombie]

If you believe that then I think you vastly underestimate how willing the US Government is to pay someone to spend months or years poring over the same BS until they find something interesting. They have entire departments devoted to it.

Re:How many bits?

[milkman479]

The IRS?

Re:How many bits?

[LanMan04]

Two intercepted messages:

ATTACK AT DAWN

ATTACK AT DUSK

Which message is the real one? First day of Crypto 101.

Re:How many bits?

"will be breakable"?

Bruce Schneier in his book, "Applied Criptography" did some math, let's quote it:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2Kelvin, an ideal computer running at 3.2K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Re:How many bits?

sorry, misquoted the exponents due to copy-paste:
actual quote:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10^-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2Kelvin, an ideal computer running at 3.2K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Re:How many bits?

Just precalculate every possible combination of plain text and encrypted text.

There aren't so many after all.

Re:How many bits?

[White+Flame]

Again, if this is a passive listener looking for emerging threats, in a broad net, with no known "bad guy they're making links to", but "find me new bad guys", then the "who" is not part of the equation. Encryption would prevent an innocent, unconnected person from being labeled "suspicious" due to the content of their activities.

No doubt they also have the ability to put "persons of interest" to flag connections and associations with, and that's where Tor will do you well.

Re:How many bits?

[camperdave]

At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

Which cannot be GUARANTEED to be broken within a certain time through brute force, you mean. A poorly chosen key can be hit fairly early in the brute force algorithm, in much the same way that a password of 'aardvark' would be hit early in a dictionary attack.

Re:How many bits?

There exist post-quantum public-key algorithm research, and EC-based ciphers are good enough until something better comes along.

To use non-EC versions of algorithms is foolish.

Re:How many bits?

[JesseMcDonald]

At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

Which cannot be GUARANTEED to be broken within a certain time through brute force, you mean.

No, I meant exactly what I said. If you try to brute-force a one-time pad you end up with all possible cleartexts, and no idea which one of them was the actual message. Basically, a brute-force search is pointless because you have no idea what you're searching for—no way to recognize the correct key.

The simplest way to implement a one-time pad digitally is a basic XOR operation. You have a private key K and a message M, both X bits long, and the ciphertext C = XOR(M, K). Decrypting is symmetric, M = XOR(C, K). Obviously both the sender and receiver need a copy of the private key; arranging for that is the hard part, and the reason one-time pads aren't more common.

The thing is, for any other message M' (also X bits long) there is a key K' where M' = XOR(C, K'). So was the message "THEBODYISUNDERTHECHURCH" or "PRESIDENTNIXONWASFRAMED"? A brute-force search would give you both of these messages, and many others besides. Without prior knowledge of the real key, there's no way to be sure which was sent. In practice the message would be padded with random bits, so you can't even be sure of the length (though you do know it isn't longer than the ciphertext).

Re:How many bits?

They'll just brute force it with enormous dictionary attacks. Most people use crappy passwords.

Re:How many bits?

2) 2048-bit to 4092-bit for RSA keys (2048 may be breakable by 2030 with conventional computing,

Barring a breakthrough in physics, this won't happen. Landauer's Principle defines a minimum amount of energy required to switch(and thus represent) a binary state. At .0178eV per switch, we can calculate the total energy to merely cycle through all possible combinations. Instead of RSA-2048 we'll use a 768 bit key to represent a better algorithm. .0178eX * 2^768 = 4.4 * 10^210 joules.

The sun gives off 384 * 10^24 watts so if we have 100% of the sun's energy to test all combinations, it would take 4.6768245 × 10^176 years to do do.

Re:How many bits?

[diamondmagic]

Note that this only guarantees protection against weaknesses in one of the algorithms. If in any way you're able to determine when you've cracked the first layer, layering encryption one inside another could add as little as a single bit of security.

Re:How many bits?

I'd not worry about bits as much as the algorithm and the block size.

Ideally, one would cascade three solid encryption algorithms, be it AES, Serpent, and Twofish. Not so one can say they have a 768 bit key [1], but if one of the algorithms has a weakness that reduces its strength, the data is still protected. This is why I wish programs which signed documents would not just use RSA or DSS, but that, as well as a ECC key, as well as using a public/private key system that isn't vulnerable to Shor's Algorithm (and thus isn't crackable via quantum computing.)

[1]: In reality, you only gain 3x the security by using cascaded algorithms, 258 bits at most total.

Probability only sets the bounds of chance. You can still "jackpot" the key on the first try, it's just not very likely to work out that way in reality. Using at least a two layer model is as close to a guarantee as you can get that a single lucky hit won't reveal all your information. Even if it's the same exact method using two different keys. But as you already mentioned, the usual reason to go 2 layers is simply in case a fundamental weakness is found which makes breaking one of the layers a trivial matter.

tl;dr;godwin version: I'll bet the Nazi's wished they'd have used a 2 layer model

Re:How many bits?

[RoknrolZombie]

The IRS?

Technically, yes, but only for the employees that have too much imagination for regular Intel work.

Re:How many bits?

Hey now, it's totally feasible for the NSA to rainbow table a 256 bit key... they only need to use 1/900'th of the atoms in the universe. ;)

http://www.wolframalpha.com/input/?i=%28number+of+atoms+in+the+universe%29+%2F+2^256

Not sure about that

[Black+Parrot]

The more messages from a given target, the more likely it is for the computers to detect telltale patterns

IIRC, that's not true, for a good encryptation system.

For a *perfect* encryptation system, the messages would be indistinguishable from random patterns of bits.

Re:Not sure about that

[White+Flame]

(it's "encryption", not "encryptation")

Think of the timing between messages, and the length of messages; those can tell a lot about the communication even without decoding anything. I'm not sure any popular cryptosystem uses junk payloads to thwart that kind of analysis, because of the extra computational and bandwidth burden.

It could also be the case that the NSA does have some weaknesses on popular algorithms, and that the "telltale patterns" fact does hold for bit analysis when the scales get really, really large.

Re:Not sure about that

Please stop and think for a moment (several moments in your case.)

Your assumption that the patterns referred to are solely found in the cypher text is highly amusing, and endearing in the manner of a child mispronouncing his first words.

NSA history and modern crypto's impact upon it

The whole we-can't-break-codes-anymore story is told in

http://www.amazon.com/Coded-Messages-Hoodwink-Congress-People/dp/0875868142/ref=sr_1_1?ie=UTF8&qid=1331918025&sr=8-1

Coded Messages: How the CIA and the NSA Hoodwink Congress and the People

by Nelson McAvoy, former NSA person, who claims to have been at the early meetings from when the NSA was formed.

A secret role

[K.+S.+Kyosuke]

One of its secret roles? Code-breaking your private, personal information. Everybody's a target.

Gee, if that is a secret, I promise not to tell anyone. Anyone joining me on that? Just hope that no one will read this article who doesn't already know, that would kind of spoil it.

Re:A secret role

Gee, if that is a secret, I promise not to tell anyone

It's a secret, like the Israeli nuclear program, because there is no evidence it exists. It's a secret, because the agency will 'Never Say Anything' which confirms or denies the accusations.

We can see the building and ask 'What is there?' knowing the general purpose of the NSA. It is easy to conclude spying on all communiques is an activity the agency will or will attempt to conduct.

And like the televised 'moon landings' or the 'single bullet' assassination, a simple lie will replace the unpleasant minutia of truth.

Bluffdale?!??!?!?!

[OzPeter]

How sure are you that they are actually breaking into anything there?

Re:Wow!

[Black+Parrot]

First post, never got that before.

You must be using the new FTL neutrino submission system.

Notice how the "crypto guys" are the "old guys"???

[SwedishChef]

I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

Intelligence pays for itself

[betterunixthanunix]

We use our signals intelligence capability to pass the trade secrets of foreign companies on to our own domestic companies; there is plenty of money to be made from being able to decrypt messages that the NSA intercepts.

Re:Intelligence pays for itself

You're Chinese?

Re:Intelligence pays for itself

[Forbman]

In this case, then, there's a market for the NSA to send trade secrets from company X in country Y to a different company in country W, too. Maybe that's how they're funding the whole operation...

Re:Intelligence pays for itself

[Relayman]

[citation needed]

Re:Intelligence pays for itself

I wish we actually did that. That would at least have the NSA providing value to the US rather than continuing to be a financial black hole.

Re:Intelligence pays for itself

[Derek+Pomery]

http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)#Controversy

A reference, if not a citation.

I'm guessing this is what he was referring to.

Re:Intelligence pays for itself

[digitig]

Or French, or American.

Re:Intelligence pays for itself

[Ghostworks]

The cited section basically talks about widespread French spying on American companies, and then claiming it was all a big conspiracy to make the French look bad once it came to light.

The fact remains that even if the U.S. government were willing to steal information and share it with American companies -- and this is pretty unlikely given that the U.S. doesn't have the sort of cozy, formal overlap of public and private sectors that France, China, or even Great Britain have -- most other countries haven't had anything we want. You have to go back to 1793 Pawtucket to find a good example of the U.S. gaining an edge through industrial espionage.

Don't get me wrong, the U.S. government has shown it's willing to co-op private technology for its own ends. (For example, when it co-opted the patent for Phillip French's Crater Coupler and then used that state secrets privilege to get the dispute tossed out of court.) They just haven't been shown to help private U.S. firms with any of it, or to do it specifically to improve the competitive advantage of a U.S. company.

Re:Intelligence pays for itself

[digitig]

and this is pretty unlikely given that the U.S. doesn't have the sort of cozy, formal overlap of public and private sectors that France, China, or even Great Britain have

That would be why there's never been any suggestion at all of US commercial interests influencing foreign policy, then.

Re:Intelligence pays for itself

[timeOday]

Don't get me wrong, the U.S. government has shown it's willing to co-op private technology for its own ends.

Legally, the US government isn't bound by US patents (at least not in the normal sense of having to pay whatever is demanded or go without). Basically it's the intellectual property version of eminent domain.

Re:Intelligence pays for itself

[spook+brat]

and this is pretty unlikely given that the U.S. doesn't have the sort of cozy, formal overlap of public and private sectors that France, China, or even Great Britain have

That would be why there's never been any suggestion at all of US commercial interests influencing foreign policy, then.

There's a difference between those two cases, which may seem small to you on a practical basis, but is significant from a policy standpoint.

You correctly point out that companies like Halliburton actively lobby the legislature and executive branch to do things like lower taxes on the oil & gas industry or re-authorize the U.S. Export-Import bank. The company's political contributions can be interpreted as bribes, with consequent improper influence over U.S. policy. I agree that's at best questionable, and at worst just plain corrupt. You're probably also aware of problems like regulatory capture, or you wouldn't have made the comment you did.

The French take this to a whole different level, though. Corporate security groups recognize the French National Intelligence services as active threats. In other words, Schlumberger (French competitor to Halliburton for global oilfield services) doesn't need to ask the French equivalent of the CIA to spy on Halliburton, the French spies do it proactively. The French government thinks it's their patriotic duty to help French companies get ahead on the global stage by committing national intelligence resources to corporate espionage. In the U.S.A. that sort of action by agents of the U.S. government on behalf of U.S. industry is illegal (even if the action took place off of U.S. soil).

I don't know where you're from. You may feel that there's nothing wrong with French spies working to help their National industries. You may feel that corporate political contributions are a greater evil than corporate espionage on a national level. As an American, though, I feel that the possibility that individual politicians can be corrupted by corporate bribes is much easier to accept than a national policy of working directly for corporate interests. YMMV.

Re:Intelligence pays for itself

So the US government would never help, say, Boeing get a contract by providing them with information about the negotiations between, say, Airbus and, oh I don't know, entirely random choice here, a Saudi Arabian airline?

What am I missing?

[Fnkmaster]

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force. Even AES-128 is essentially unbreakable under any known attacks then, since brute forcing a single AES-128 password is so far beyond feasibility, it's absurd. My understanding is that the best known attacks on AES are side-channel attacks, which require only modest computational resources, but need access to the encrypting machine, and related-key attacks that are only effective for certain small classes of keys.

So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

And there have been several reports of FBI and other federal agencies being unable to recover AES-256 encrypted hard drives. So if NSA has the capability to do so even for small numbers of keys using existing computing power, they obviously keep it incredibly restricted and under wraps.

So... this is BS by somebody, right? Either congress is getting BSed into funding stuff that won't do what they're being told it will do, or the public is getting BSed into believing that using encryption is pointless because NSA can real-time decrypt anything, so just don't bother, mmm'kay?

Re:What am I missing?

[dkleinsc]

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force

... known outside the NSA. If they have something that would break AES easily, they probably keep it safely classified.

Re:What am I missing?

[betterunixthanunix]

My understanding is that the best publicly known general cryptanalytic attacks on AES are only marginally better than brute-force

That is what you are missing.

So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

How would we even know? The NSA will always have an advantage over public research: they have access to all the public research, as well as classified expertise.

Re:What am I missing?

[TheGratefulNet]

Either congress is getting BSed into funding stuff that won't do what they're being told it will do

"star wars". lasers and shooting bad guys down. hey, idiots in 'elected office' can understand simple things like that. here, take my money!

same here: big supercomputers that cost money, staff to run it and fat budgets to keep it going. wet dreams, no? who would NOT want that? and its an easy sell. the world is filled with terr-a-wrists and we need lots and lots of big blinkinlight computers to keep us save.

here, take my money. how much do you need?

(puke)

Re:What am I missing?

[TheGratefulNet]

"keep us save".

sigh. OT: I really do know the difference between 'safe' and 'save'. so why did I type 'save' on that post? I don't know,;but I'm not alone in this problem and I see lots of people type one thing when they were thinking another. its a real problem. brain rate != finger rate? lost sync in the clock and data streams? something like that.

Re:What am I missing?

[zill]

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force.

That's true for today, yes, but what about 20 years from now?

As long as Moore's law continues any algorithm is suspected to brute-force. The NSA's job is basically to capture as much fresh ciphertext as possible and crack as much of the old ciphertext as possible. All the the DES encrypted stuff from a few years back probably reads like an open book to them right now.

Re:What am I missing?

FTFA: "The more messages from a given target, the more likely it is for the computers to detect telltale patterns"

Re:What am I missing?

How would we even know?

The same way they know in the spy business. If something encrypted with AES suddenly becomes public, that's a good indicator.

There is a long history of spies trying to make up a plausible story to cover up the fact that they cracked something or have a well-placed source.

Re:What am I missing?

Efforts to break a cipher become exponentially more difficult when you encapsulate encrypted streams within encrypted streams. Better still would be to rotate the algorithmic stream order.

An example, aes-256 as your container cypher, inside that a Serpent encrypted message that contains a Rijndael encrypted stream that contains your actual message. Each iteration of encryption would divide the likelihood of a brute force success exponentially. Pain in the ass? Yes. But a message that doesn't break by their usually employed means, would definitely get their attention, as well as meet the end goal. Particularly if you rotate keys at each layer. You will effectively push their ability to decrpyt your messages back into the cold war era.

Re:What am I missing?

[Dan1701]

Even if they do have such a tool, it is still effectively useless. By analogy, during World War 2 the allies had broken the German ENIGMA codes, yet had to work very hard to pretend that the code was still secure, to prevent the Germans copping wise to the fact that their codes were useless and devising something better. The same applies here: if the NSA have broken AES, then they cannot use this hack for anything save national security, and must also work hard to prevent the merest suspicion of the hack getting out.

The best thing we could do would be to club together to fund a bounty for information on how to break AES without using brute-force computing, so that we'd know if it could not be trusted (we already know that no government can be trusted to act other than as a self-interested parasite).

Re:What am I missing?

"keep us save".

sigh. OT: I really do know the difference between 'safe' and 'save'. so why did I type 'save' on that post? I don't know,;but I'm not alone in this problem and I see lots of people type one thing when they were thinking another. its a real problem. brain rate != finger rate? lost sync in the clock and data streams? something like that.

Shoulda just dropped it - when I read it I thought you were doing perfect satire of the idiots who make these funding decisions.

Re:What am I missing?

It's called "proofreading". Handy thing, that "proofreading" is.

Re:What am I missing?

[zill]

The best thing we could do would be to club together to fund a bounty for information on how to break AES without using brute-force computing

That's basically what academia has been trying to do before Rijndael even became AES. There are more than a dozen papers on AES attacks, the fastest of which is faster than brute-force by a factor of 4.

It basically comes down to whether academia has more brains or NSA has more brains.

Re:What am I missing?

[An+ominous+Cow+art]

Don't worry about it. "serve" -> "server" is even more common :-).

Re:What am I missing?

[Maximum+Prophet]

How would we even know? The NSA will always have an advantage over public research: they have access to all the public research, as well as classified expertise.

Maybe. If you can't publish your findings, others can't error check them. Great for getting funding, not so great for actual work. In the final analysis, the KGB made up as much information as they gathered. Even when they did uncover the truth, they wouldn't bump it upstairs, instead telling their leaders what the leaders wanted to hear.
During Gulf War I, General Swartzkopf (sp?) complained that the intelligence he was getting was useless, because it was facts followed by the analysis "X might happen, or X might not happen"

Re:What am I missing?

[Doofus]

It's filled with random bits. All the way down.

Re:What am I missing?

[mbkennel]

"During Gulf War I, General Swartzkopf (sp?) complained that the intelligence he was getting was useless, because it was facts followed by the analysis "X might happen, or X might not happen""

Sounds like the intelligence sector was working as designed, they are supposed to give facts to policy makers and not try to make policy. Policy includes military strategy.

Re:What am I missing?

[rot26]

Aside from the fact that encryption on top of encryption doesn't necessarily make cryptanalysis more difficult, your are forgetting that you MUST NEVER CROSS THE STREAMS. Why? It would be bad.

Re:What am I missing?

Your tin foil hat?

Of course this is BS, you'll just never know how much or what. To your first question, they certainly want you to assume that; from TFA: "According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US."

Re:What am I missing?

[whoever57]

So... this is BS by somebody, right? Either congress is getting BSed into funding stuff that won't do what they're being told it will do

So this is going to be giant empty building with the money really going into reasearch on crashed alien spaceships at Area 51?

Re:What am I missing?

[Maximum+Prophet]

Sounds like the intelligence sector was working as designed, they are supposed to give facts to policy makers and not try to make policy. Policy includes military strategy.

Not policy, analysis. I.e. Here is a photo of Sadam's Nth battalion. Ok, so you know where it is. What you really need to know is are they armed and ready, or exhausted and out of ammo.? Will they put up a fight, or are they on the edge of mutiny?

Policy decides when to act. Before policy makers decide, they should have proper analysis telling them the likely consequences of their actions.

Re:What am I missing?

You're missing the part that this data center is not being built for the purpose that their public relations people are publicly stating.

Re:What am I missing?

[AHuxley]

The US/UK and cryptanalytic attacks can be summed up in one idea - sell very cheap junk to the world and keep the good stuff away from most people per generation of hardware device.
Flood the math and crypto books with your work and your math, sell cheap and get friendly govs around the world to push the same junk.
Then track the packets along networks - your call to Asia, Africa is logged, your voice print kept.
The US can only produce so many good crypto experts, if they are all working for the gov or big .coms, not much is left for asking too many hard questions.
You can have the best codes on the best OS, but if some third party has a testing layer in every product shipped that can be turned on - all your https keystrokes are in the clear...
Then add in law enforcement needs for your telco and the uptake in wireless - your mic, camera and keyboard and good encryption is surrounded by many weak points by default.

Re:What am I missing?

Of course, the NSA has access to everything in academia, but not the other way around. As such, the NSA will always have an advantage.

Re:What am I missing?

[LeDopore]

My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force

... known outside the NSA. If they have something that would break AES easily, they probably keep it safely classified.

And if they had a symmetric cypher which looked as good as AES to testers but had a secret back door only they could find, they'd do all they could to promote it as the standard. This *probably* isn't what happened; AES is still probably safe even from the NSA. Still, folks shouldn't trust that AES is absolutely airtight.

Re:What am I missing?

[mrxak]

Muscle memory. After a while typing trains your fingers so well that you can type common words faster and automatically without thinking. Unfortunately, you have no control over this process, so you'll end up typing words you type more often when you intend to type words you type less often.

There's also the whole word-sound thing with language. Safe and save sound rather similar and as a bonus can mean similar things, and probably get stored in your brain in similar places. Even though you think the right word, your language comes out wrong when you go to translate concept-thoughts into action.

Re:What am I missing?

[isorox]

"keep us save".

sigh. OT: I really do know the difference between 'safe' and 'save'. so why did I type 'save' on that post? I don't know,;but I'm not alone in this problem and I see lots of people type one thing when they were thinking another. its a real problem. brain rate != finger rate? lost sync in the clock and data streams? something like that.

If he'd have said "keep up :wq" would that have been better?

It stores only one bit of information

It stores only one bit of information. That bit is death.

encrypted message for the NSA

[lemur3]

uckfay offway ationalnay ecuritysay agencyway

April 1st?

Nope

Stranger than fiction?

[gregthebunny]

I think I've been watching too much Person of Interest.

Re:Stranger than fiction?

Actually, this is the far scarier scenario than anything having to do with cryptanalysis. They don't need to break AES 128 or RSA 1024 to do what they really want to do. All they have to do is watch everything, ID everything, save everything, analyse everything, and connect the dots. Knowing what two terrorists say to each other is actually pretty irrelevant. Knowing who 20 terrorists are because you found just one of them, is as easy as knowing who that one communicates securely with.

Re:Notice how the "crypto guys" are the "old guys"

[Hentes]

Because codebreaking has been obsolete since 1978, as the NSA will find out the hard way.

Does Anyone Have Lat/Long Numbers?

[BlueStrat]

Just wondering if anyone has the exact latitude & longitude coordinates for this facility.

Gonna need 'em for programming all the home-brew autonomous high-explosive and incendiary-carrying kamikaze drones needed to take this facility out.

Strat

Re:Does Anyone Have Lat/Long Numbers?

About 40.449756,-111.942959.
I can see the construction from my office.
It's gonna be BIG

(Ironic captcha: paranoid)

Re:Does Anyone Have Lat/Long Numbers?

[KermodeBear]

I know that you're probably trying to be funny, but in this case discretion may be a better idea.

Re:Does Anyone Have Lat/Long Numbers?

[Forbman]

Strange, I just got a new email from Amazon Web Services and how they've got some new service offerings coming on line soon for the Virginia area...Hmm...

Re:Does Anyone Have Lat/Long Numbers?

Strange, I just got a new email from Amazon Web Services and how they've got some new service offerings coming on line soon for the Virginia area...Hmm...

Very strange coincidence, especially seeing as the building we've all been talking about is just outside of Salt Lake City, Utah.

Re:Notice how the "crypto guys" are the "old guys"

[TheGratefulNet]

WHO would work for them, I ask you?

decades ago, the people didn't view their government quite the way they do today. some patriotism did exist and people wanted to help their government. *generally*.

today we all see how invasive and evil our government has become. totally 100% lost its way. almost anything it does, it does badly and hurts people, long and short run.

if I was offered a job for the so-called white hats (which I now see as black hats) I'd turn it down. I would not be able to live with myself knowing I'm helping an evil force become more evil and more forceful.

I do realize a lot of people can easily shelve their ethics and see money-making jobs as separate. but I wonder how many people still believe that if they join the government or gov-sponsored jobs, that they are really HELPING things?

too many black marks on the government. working for them could be as bad as working for the old mafias. the people that they do get, I would not trust. they are whores.

Re:Notice how the "crypto guys" are the "old guys"

[zill]

when a COS let an asset into their HQ and he blew half the station to kingdom come.

In case anyone else didn't get the reference.

One Time DVD or SD anyone?

[Gim+Tom]

The one time pad could make a comeback in the form of a one time DVD's or maybe even SD or Micro SD chips. I know, it is not scalable due to the problem of distribution. It is also symmetric in that the same "key" encrypts and decrypts, but it is also immune to brute force since your one time key is equal to or longer than the message length. An interesting variation might be to use an image file that is very long, but completely innocent as a pseudo random key and only have two copies of that exact image. The former Soviet Union used a one time cypher for all of their clandestine agent communications.

Re:One Time DVD or SD anyone?

[Maximum+Prophet]

Everyone used one time pad for all of their clandestine agent communications. OTP, it's the only way to be sure.

See http://en.wikipedia.org/wiki/Number_stations

Using an image has problems in that they are not random, so are subject to analysis. If you stripped the headers, and used an "image" of captured static, it might be good enough, but almost anything organic like a photo of a tree, will have patterns in it.

Re:One Time DVD or SD anyone?

[wren337]

This. Your OTP can't have any pattern to it. You'd have to remove the entropy first, maybe by applying tight lossless compression and then XOR'ing a set of images together.

Re:One Time DVD or SD anyone?

no need for that, take a galois LFRPRNG (a pseudo random number generator with a period of (2^n) -1), share the init vector and the polynomial expression in person with your mates, use that stream as an OTP. If it is good enough for the military it is good enought for us !

Re:One Time DVD or SD anyone?

oh and do not a n lower than 128 not 23bit like they did use in A5/1 GSM cipher

for a deep knowledge of pseudo randomness, read the papers from that mathematician :
http://www.iro.umontreal.ca/~lecuyer/papers.html

Re:One Time DVD or SD anyone?

[BlueStrat]

no need for that, take a galois LFRPRNG [wikipedia.org] (a pseudo random number generator with a period of (2^n) -1), share the init vector and the polynomial expression in person with your mates, use that stream as an OTP. If it is good enough for the military it is good enought for us !

Bah!

Just stick the leads to the RNG in a nice, piping-hot cup of tea and let the Brownian motion take care of the rest! [warning: HHGTTG reference]

Strat

Re:One Time DVD or SD anyone?

Getting the keys correct is an exercise for the reader, but assuming you have good keys and data this program can handle the encryption/decryption of both WWII style plain text messages and binary data: http://www.scubaninja.com/code/c/xor/

Re:Notice how the "crypto guys" are the "old guys"

[alen]

same thing, different tech

you collect data, look for patterns and break the code

if someone is spying to blow up a building then they will do it for months and report back. the code they use for the target will probably never change and you just have to look for similar patterns

Who's going to work there?

[jfengel]

The NSA is located in Maryland. At the end of the shift, traffic is bad enough between there and Columbia to block up the Interstates. That includes not just the cryptoanalysts, but the vast support staff: IT, cafeteria workers, security, human resources, etc etc etc.

Who's in Bluffdale? Where is all that support staff going to come from, and what are they going to do with the rest of their lives? Although the NSA is on a military base, a lot of the work is done by civilians, and you can't just order them into the middle of nowhere the way you can with soldiers.

Re:Who's going to work there?

Despite what its name may lead you to believe, Bluffdale is actually located in a fairly populated area. Its only about 20 minutes south of salt lake city

Re:Who's going to work there?

[PerfectionLost]

You don't need to actually be at a data center to take advantage of the computational power.

Re:Who's going to work there?

[decsnake]

who's going to be in bluffdale? almost nobody. Security, facility maintenance, remote hands and thats about it. The rest of the folks will be in your way on Rt 32 on their way home from work. Srsly, they are building office buildings where the Ft. Meade golf course used to be. Who do you think is going to be working in those?

Re:Who's going to work there?

[jfengel]

That's a lot of space for just computers. But then, it's a big thing they're trying to do.

Re:Who's going to work there?

[trolman]

The primary problem in Maryland is power. There is not enough generation/transmission available. So the big data centers are being built where free cooling and cheap power can be found.

Re:Who's going to work there?

[PerfectionLost]

Yea my impression was, "We need a lot of space for computers to brute force break your encryption, and a million square feet gives us room to expand."

Re:Who's going to work there?

[GameboyRMH]

Relax the dress code so that people can commute on sportbikes :-P

Re:Who's going to work there?

The power station and cooling capabilities of the area might be even more interesting to them than the floor space.

Re:Who's going to work there?

[AHuxley]

Salt lake city was selected for a very good reason. The people are loyal, pro USA and want good jobs. Their families can be traced back generations and can be interviewed - that is most important.
They do not want new Americans, "dual" citizens with dreams of distant issues, people with no real pasts.
The other issue is power supply, cooling, room to expand and optical loops in the heart of the USA.

Re:Who's going to work there?

Bluffdale is small suburb of Salt Lake City, on the border of Salt Lake and Utah counties (which contains Provo - BYU anyone?). BFE it is most definitely not. I live less than 5 miles from the installation, it's being built on the grounds of Camp Williams, a Utah National Guard base that's been there for years.

People actually thought that Camp Williams would be bulldozed in the next decade or so because of the accelerated suburban encroachment. Looks like that theory is now borked.

Re:Who's going to work there?

Who's in Bluffdale?

Bluffdale is the name of one of the suburbs of Salt Lake City.
It's also located right next to Camp Williams.

Let the paranoid run loose!

[Relayman]

Code-breaking your private, personal information. Everybody's a target.

To target everyone would be a total waste of resources. I would spend as much money figuring out who to target as I would decrypting anything send by that target.

It's like saying, "We're going to mine the whole state of California to find the gold there."

Re:Let the paranoid run loose!

[bobbutts]

Except that in the case of packets, they can be captured and sent along without any disruption to the parties exchanging them. So it's more like being able to discover all the gold by forcing everyone to participate in gold detection (to their detriment) before sending out the mining crew.

Re:Let the paranoid run loose!

[Relayman]

You are correct. Let's say you put the packets into a database as a conversation (A conversation could be a person signing on to his/her bank and checking his/her accounts). You still need to decide which conversations to process further. One indicator could be who you're having conversations with. On the other hand, you could work at storing the conversation in case it turns up later that you do want to process it further.

My point stands: The algorithms for deciding what to decrypt are as important as the decryption itself.

Re:Let the paranoid run loose!

[deapbluesea]

To target everyone would be a total waste of resources

Not to mention unconstitutional and illegal Oh wait, Obama's continuing the Bush policy? Never mind. Totally different then.

Re:Let the paranoid run loose!

[Maximum+Prophet]

Code-breaking your private, personal information. Everybody's a target.

To target everyone would be a total waste of resources. I would spend as much money figuring out who to target as I would decrypting anything send by that target. It's like saying, "We're going to mine the whole state of California to find the gold there."

But sampling a few people makes sense for the same reason. With a big enough infrastructure, 1,000,000 people is a reasonable sample, even if only 1,000 get full on 100% communications scrutiny. They have to have a baseline, what does a "normal" person look like, which they can then compare to known bad actors. Then they figure out the minimum amount of data they need to filters the bad guys from the norms. If that minimum amount times the population of the US is less than their resources, they could and will sample everyone.

Every time the NSA has been caught, they say "Ok, we won't do that again". (Where "That" means getting caught)

Re:Let the paranoid run loose!

But from a government research/analysis point-of-view, if it COULD be done (and it sounds like that's what they're trying to do) it would be fantastic. More data means more arrests for ridiculous bullshit, and more arrests means more money for prison contractors and bigger budgets to pay those contractors. More control, more silence from the populace.

Here, have a Pepsi John Q., everything is ok.

Re:Let the paranoid run loose!

"We're going to mine the whole state of California to find the gold there."

I find your idea interesting. Please subscribe me to your mailing list.

Re:Let the paranoid run loose!

[Relayman]

You and I are on the same page here although I'm not sure the NSA is under the same restrictions on spying on U.S. citizens that the CIA supposedly is.

Re:Notice how the "crypto guys" are the "old guys"

[El+Torico]

WHO would work for them, I ask you?

Someone who likes lots of money.

Advertisement Networks

I think the russian brides advertisement with voluptuous women in bikini that popped up near the blurb shows how well that NSA project is fucking useless.

Anonymous because who cares to log in if you are already profiled and cookied? :)

Re:Notice how the "crypto guys" are the "old guys"

[PerfectionLost]

Mostly mathematicians. Where I went to college, after finishing undergrad you either went on to grad school, or you went and worked for the NSA. One of my friends who went to grad school to study abstract mathematics (as well as some encryption) said you could always tell the NSA people from the academics because they had no name tags on.

Queue

smoke and mirrors. The public hears "we need this for cryptoanalysis, brute force code breaking of AES, insert whatever you want the public to know. The reality of it will never be told to the public. This is the NSA people, smoke and mirrors to cover what the are really doing.

"We"

You may want to reconsider your use of "we". If you don't benefit from this latest expansion of government (which you've implied), and you didn't take part in the decision-making process (which you've also implied), then logically, you are not part of the "we".

Re:Notice how the "crypto guys" are the "old guys"

Codebreaking will never be obsolete, most of the time people just plain pick bad passwords.

The former Soviets got caught re-using their one time pads after a year. They were thinking, who would store the eTexts for that long, since OTP is unbreakable?

HTTPS

It's been pretty well documented that NSA has systems in place to monitor all internet traffic within the US. With everyone making the switch to using https, I suspect this facility was necessary for them to maintain the status quo.

The quote at the bottom of the page is too fitting

"With listening comes wisdom, with speaking repentance."

Apparently the NSA is from the same theory of thought and they seem very intent to make sure that whenever we speak they listen...

Re:Notice how the "crypto guys" are the "old guys"

[elrous0]

Everyone has a price. I'd like to think that most people would stand up to them, but I suspect the vast majority would only negotiate.

1984?

[elrous0]

Yep.

Re:1984?

Deus Ex: The Aquinas routers on Area 51.

A tribute

[careysb]

A tribute to "Person of Interest". The Machine.

Re:Notice how the "crypto guys" are the "old guys"

[slew]

I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

Crypto-guys are the "old guys" from a tradecraft point of view. AFAIK, in the NSA, many of the old-guys are involved with developing clever new internal ciphers (so-called classified "suite-A" algorithms). Since many of the "bad-guys" aren't nation states with heavy duty crypto development capablities, they often are using off the shelf stuff like AES/ECDSA (members of the "suite-B" algorithms). Until someone discovers a huge gaping hole backdoor, breaking these "suite-B" algorithms benefit from mostly from brute force (even if you know a few clever tricks that others do not which chops things down an order of magnitude or two). This is pretty much an admission that there is no huge gaping back door in these suite-B algorithms, not that any crypto-tradecraft capability was in trouble.

I find it oddly somewhat comforting that the we have "old-guys" that realize that sometimes the best thing to do is to throw this problem at a box of computers and spend their time on other pursuits. Who knows, this facility might be dedicated to cranking on some clever cracking algorithm that is unknown to the public, all we know it it takes lots of OPS. Isn't surpising to me that cracking these algorithms are hard. As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits).

Wow imagine that.

[sunking2]

Ask a bunch of people whether they need more resources and they got back a "yes! we can't do your job with what we have".

Only 1 million square feet?

[Hadlock]

For comparison, The Pentagon is 6.5 million square feet. Maybe I'm just jaded, but is the CIA more efficient, or is this building grossly undersized for the task it's designed for? Looking ahead 50 years, it would seem that the CIA's importance is going to dwarf the military's as we continue the long slow slide in to a permanent cold war with the rest of the world.
 
I am glad, however, that they're moving some of these larger installations off the east coast. Too many major federal buildings are located within 100 miles of the capitol building.

Re:Only 1 million square feet?

[LifesABeach]

I'm wrapping my head around the statement, "going on in Bluffdale." I'm beginning to see an "Gub-ern-ment Entitlement" here...

"STOP BLUFFING DALE!" you bullies...

Re:Only 1 million square feet?

[Archtech]

The Pentagon is crammed with thousands of big, slow, inefficient human beings. As I read TFA, this new place is largely devoted to densely-packed electronic equipment.

Obligatory Good Will Hunting

well known movie monologue

Great news

What we need in this world are definitely more spies and control.

It's unlikely the real target is breaking codes

[mbkennel]

I actually doubt that they are most interested in brute-force codebreaking through the front door except in a few rare situations.

Most of the time, it's massive traffic analysis: searching and analyzing a titanic, dynamically changing graph, nodes are IP addresses and phone numbers of the planet.

Once they find a 'target of interest', then they would usually ask the FBI or other authority just to put a tap on a specific line, or if necessary break in and install a trojan on the target's phone or computer, avoiding front-door code-bashing, which isn't generally feasible in large scale any more.

There are companies (e.g. http://www.conveycomputer.com/) which make highly parallel co-processors from FPGA's which give user-definable vectorized instructions on enormous memory bandwidth.

This is just the thing for the NSA.

Where did I read this?

[kurt555gs]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Ahhh. This was from version 1.0 and no longer applies.

Re:Where did I read this?

[mbkennel]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Ahhh. This was from version 1.0 and no longer applies.

No persons, houses, papers or effects were harmed in the acquisition of certain electron charge distributions. Why worry, be happy!

Anyone remember Blank Reg?

Blank Reg in the Max Headroom series of the '80s, was part of a "movement", a group of people that had themselves erased from the online data banks.

Prophetic.

This is about to become a new way of life for a growing number of people, sick of being spied on, followed, studied, for the sole purpose of shoving the "right" product down their throats.

Re:even better

[TaoPhoenix]

I've wondered for a long time now about encryption. I think it's time to use "out of the box" approaches to encryption.

I'm certainly not in that Elite-IQ crowd but given the very nature of how the sender has a colossal advantage over the breaker, I think I could create a message that no one but the elite genius at those agencies could break. I think no one at Slashdot is good enough to get it, nor Anonymous. Mensa might have a chance, barely.

This is different from "certifying it unbreakable". I'm avoiding that trap. Just "Sufficiently hard".

Any takers? It might even be fun if someone has Academic connections. My overall concept is so good I think I could stump almost all of the Non-Gov Professors too.

Anyone interested, send me an email. I'll reply with a watered down "easy version" just to be sure someone's not trolling me. (Also it forms a weak version of a test.) On the (slim?) chance that someone gets it, I'll produce a couple of the real corkers. I'd stake up to $100 of my own money through a certified neutral holder. Not that it's "worth that little", just saying I'm not trolling, this concept is so good nobody but the absolute best will figure it out. It's a new METHOD of encryption, so it's probably even NP-Hard (I'm probably using that term wrong) as a class so that "almost unlimited" examples can be created.

Waste of money... and stupid.

[DarthVain]

Unless they have some really new mathematical, never released to the public, trick, or have somehow developed a time traveling device to some distant future where we have fully functional Quantum Super Computers available for purchase this is a colossal waste of money.

Using a normal computer, trying to break a 15 random key, using moderately good publicly available crypto software it would take approximately the heat death of the universe to brute force. If you have a super computer you can break it 4 times as fast!

Now assemble hundreds of thousands or even millions of those to break.

Have fun with that. I guess that might be what you call the ultimate job security! However if you have to file progress reports, they might be a bit depressing.

Granted if you use really weak encryption, a dictionary word of 6, you might be able to break it in a somewhat reasonable time. It would still likely be measured in months if not years. Add on top of that the fact that no one that is trying to really hide anything important is going to be that stupid. You might find Johnny's dirty pictures on Dad's computer that way, but if you are looking to unlock the secret plans of some terrorist cabal you are going to be out of luck.

I would say that 99% of people that have their accounts "hacked" are not having some computer evil genius brute forcing their crypto, they are simply having it stolen using know software vulnerabilities that people in the know can take advantage of. Then they just type in your password. Real crypto is pretty hard as I understand it. I am not sure simply "buying more computers" to throw at the problem is going to solve it. The issue is that crypto has advanced to the point that it is much easier to create it, than it is to defeat it by several hundred magnitudes.

If they really want to save money, they should STOP trying to have ISP's spy on their clients for governments or for Hollywood, or the music industry. Because as soon as you do, you will be opening Pandora's Box (which can NEVER be closed), in that people will just turn to cryptographic means to ensure their basic privacy. Once everyone starts using real and decent crypto, they will be screwed, as they will not even have the abilities and methods they have now to spy on people.

Re:Notice how the "crypto guys" are the "old guys"

[happy_place]

unless you're a private contractor, you're not going to make a lot of money off the government. the oversight is too steep. government is expensive, not because it pays out huge secret bonuses to individuals, but because it pays out average wages to hordes of pencil-pushing regulators who watch each other and make sure no one is breaking the rules, which are in a constant state of flux.

Reminds me of the old days on the USENET

[m.dillon]

There was a list of keywords the CIA was known to filter on, so we'd often just insert them randomly into postings so they'd get read by some poor overworked CIA analyst.

This should be fun!

-Matt

Re:Reminds me of the old days on the USENET

Not trying to pick on your particular post, but I see a lot of posts like this. You people on this site are quite presumptuous to assume that their algorithms are no more complex than a simple keyword search. Be assured they aren't flagged unless they are within a certain context. Then it has to match back to someone that doesn't have a history of sending emails deliberately trying to set off the alarm and has a profile of being a harmless nerd.

TL;DR: You're wasting your time, and the people that engineered these systems are smarter than you.

Re:Notice how the "crypto guys" are the "old guys"

[whoever57]

I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days

I don't think the CIA has ever been anywhere as good at tradecraft as their public image suggests.

Who cares? No need for codebreakers anymore

The NSA is basically admitting that since they declassified that Nash algorithm,

http://www.nsa.gov/public_info/press_room/2012/nash_exhibit.shtml

unbreakable encryption will be the rule, not the exception..

Companies everywhere are already looking to commercialize this kind of technology so the NSA stuff just wasn't competitive anymore.

http://www.tag.md/public/ca_nash.png

Where's the interest?

[RogueLeaderX]

I find the lack of comments on this story disturbing.

Are Americans so jaded that we can't be bothered to comment on a story about an internal spy agency increasing their capacity to snoop on us?

I for one am outraged that my tax dollars are wasted on things like this. I'm sick of the governmental alphabet soup eroding our rights.

Please, join me in voting 3rd party. Boycott Republicrats. Talk your friends into boycotting Republicrats. Talk them into voting if you have to. (Statistically speaking likely.)

We're living Animal Farm...

[Grog6]

Where some Animals are more equal than other animals.

Re:We're living Animal Farm...

[kurt555gs]

Snowball! Goldstein! Bin Laden! Assange!

Works Either Way

Either breaking RSA or AES would decrypt PGP messages.

Re:Works Either Way

[mlts]

Depends. The nice thing about the OpenPGP protocol is that one can specify different algorithms. If I wanted DSS and Triple-DES, that is doable. However, RSA and AES are the most common used.

Department of Energy

[andy1307]

Last November a bipartisan group of 24 senators sent a letter to President Obama urging him to approve continued funding through 2013 for the Department of Energy’s exascale computing initiative

Can't believe a candidate for the GOP nomination ran on a promise to terminate the department of energy...Do these guys even know what the DoE does?

Re:Department of Energy

Genau.

sounds like a book i read

Digital Fortress
http://en.wikipedia.org/wiki/Digital_Fortress

Re:Notice how the "crypto guys" are the "old guys"

You leave out the part where NSA recommended changes to the S-boxes to make them resilient to differential cryptanalysis, a technique with which NSA was familiar, and IBM not.

citation: http://en.wikipedia.org/wiki/National_Security_Agency#Data_Encryption_Standard

Re:even better

(God I hope this is sarcasm, I don't mean to be rude, you could have a very good encryption scheme, but I doubt it very much)

Please don't try to roll out your own "custom super secret" encryption scheme unless you really know what your doing.

For an interesting opinion on this see: http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html

And if you haven't read this: https://www.schneier.com/book-applied.html

Your doing it wrong. Most super secret encryption algorithms are "super secret" for one use case or a very small amount of data. (In which case your only real security is through obscurity https://en.wikipedia.org/wiki/Security_through_obscurity). If you have ever taken a course on code breaking, you will realize how easy it is to break most snake oil encryption schemes. (Even with just pen/paper or an excel sheet). The problem is, most likely if your encryption scheme is ever disclosed, the entire thing is moot and all of your data is exposed. You would also have to trust everyone that you send data to (i.e. that they will not ever reveal the scheme publically, otherwise your encryption scheme would only be useful to you, and you probably couldn't have the encryption program on your computer because if someone has your computer they now have both the encryption algorithm and the data, to get around this you would have to do it manually with pen/paper each time and then destroy the pen/paper or re-program the algorithm from scratch each time from a livecd...)

If you are actually that paranoid that you don't trust aes/serpent/twofish/etc then check out the tor project and lookup on the hidden wiki entry on one time pads. (Please note that you would now be beholden to your random number generator, which may or may not be truly random, if its generated from quantum noise, its probably okay, you can buy keys like this, but honestly I would trust aes before i would trust something like that. This also isn't useful for trying to communicate with parties that you haven't communicated with before. If you securely exchange hard drives, both containing the same set of data, then your messages on the fly would be safe, i.e. IM messages/etc, but data at rest would be vulnerable if a third-party got ahold of your hard-drives)

Power use.

[stacybro]

One of the interesting things that came out when this first was announced here in Utah was that this one facility would use about 65 MW of power. 40-50 thousand homes worth of power. That's as much power as all of Salt Lake City. That's a freakin lot of power for a "bunch of servers". ( and the AC to cool them. )

Too late, Everybody knows..

The government has built a system.
A machine...
And Jim Caviezel is gonna kick you ass if you don't behave.

Hard fact of the matter...

[3seas]

There is no computer that can break all code, not even a quantum computer.

Here is why: Abstract language is only meaningful to those who agree upon the meanings attached to the words and phrases use and those meaning can be totally secret between those using the words and phrases.

i.e. "pick up some milk on your way home." is recognized by most as what it says, but its abstract symbols in sequences that can have any meaning attached. Programmers do this all the time in writing functions, procedures, etc.. and on teh web when was the last time you search for something an got nothing but what you were looking for? (because someone else attached a different meaning to a word or phrase, etc..

Simply put, the spy cent is so totally wasteful of resources. The best thing that can come from it is overcoming the need for it.

Re:Hard fact of the matter...

[the+eric+conspiracy]

Effort spent on codebreaking is one of the most cost-effective segments of a nation's defense budget. A million square foot data center is likely to be far less costly than an aircraft carrier, and it's likely to have more impact.

In wars codebreaking has often been the difference between success and failure. You are unlikely to break every code, but consider the effect that the US being able to read Japanese codes just prior to the battle of Midway, and what would have happened if they hadn't.

What is the cost of losing an engagement that would have prolonged the war with Japan?

With the types of wars that are being fought today codebreaking is even more likely to be valuable since conventional strategies are less effective.

Quantum?

[vinn]

If they think they need a facility that big, it sounds like they're anticipating collecting A LOT of communication. We all know most stuff isn't encrypted, but a lot of the important stuff is. Anyway, does this mean they've got a real set of "quantum" computers? - and I use that loosely because the few commercial items out there haven't proved themselves yet.

Re:Notice how the "crypto guys" are the "old guys"

> WHO would work for them, I ask you? Is working for NSA any better or worse than working for TSA? DHS? FBI? CIA? DIA? If not, then I think the answer to "who" would work for them is people called "Democrats" and "Republicans". Most people in those two parties are perfectly happy making the FedGov more evil and more powerful.

Hiding secrets from the future with math.

[Tackhead]

The former Soviets got caught re-using their one time pads after a year.

"Best of all, your secret: nothing extant could extract it.
By 2025 a children's Speak-and-Spell could crack it.

They were thinking, who would store the eTexts for that long, since OTP is unbreakable?

You can't hide secrets from the future with math.
You can try, but I bet that in the future they laugh,
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past."

- MC Frontalot, Secrets from the Future

Secrets cost money. How long do you need to keep them? Today we believe - with good reason - that most cryptographic protocols are secure. Bue even if that's true (and there's no guarantee), why not hoover up the data while it's available and wait for your opponent to slip up, or your mathematicians (or computer engineers) to make a breakthrough, whichever comes first?

Re:Notice how the "crypto guys" are the "old guys"

[Sir_Eptishous]

Why do you think they built it in Utah?

Reminder:

[sixtyeight]

Your federal taxes are due on April 15th. Let's all tip them a little bit more for providing us with such great service.

NSA Building US's Biggest Spy Center

[taichibabbo]

I am shocked at the lack of facts that the general public holds about the NSA, cryptography, encryption and the state of the art of decryption today. If I had worked for such said Agency for 27+ years (which I absolutely didn't). In various fields, such as cryptography and the construction of the massive "brute force" systems used to break specific codes of interest (which I didn't). I would say the following: NSA truly has better and more important functions, like providing near-realtime intelligence to commanders in the field. This precludes listening in on each and everyone's personal telephone calls (land lines or cells), their e-mails and facebook pages. It's super computers are keep quite busy with the ever increasing amount of "raw" intel that floods back from the "field" to the Ft. Meade complex. Let's say that I retired back in 2004 (which I couldn't have done since I didn't really work for the Agency) but if I had I would have left knowing that breaking AES -128 and AES -256 encryption was child's play, that the Agency had abandoned 4096 bit keys years earlier in favor of "quantum encryption" which didn't really remain "unbreakable" all that long, so it also had to be abandoned. As for the person who thinks encryption was invented solely for "banking" and "something else". I would invite that person to visit the "National Cryptologic Museum" site at http://www.nsa.gov/about/cryptologic_heritage/museum/. I am sure some of the information presented there although old a.k.a. de-classified for public consumption is still very compelling and interesting. Encryption and decryption history goes back quite a ways in history, long before modern banking systems came to be.

Forced To Lobby For A 56-Bit Key Over 64-Bit Key

[taichibabbo]

Following the comment: "As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits)." Sometimes there are "other" not so apparent reasons for the seemingly senseless choice of a certain odd number system. There was a 54-bit code used during WWII very successfully by field agents. The so called "Solitaire" system relied on two persons being able to have access to a 54 card playing deck (counting the jokers) or if both parties agreed a 52-bit code (minus the jokers). There is a reference to this and other cryptographic systems, both real and contrived in a book titled "Cryptonomicon" by Neal Stephensen. The main plot of the book is rather weak but the author manages to mix an amazing amount of cryptographical facts and details that occurred in and around WWII, Benchley Park and the beginnings of NSA while it was still located on Pennsylvania avenue.

Land of the 'free' and the home of the 'brave' :D

We have nothing to fear but the government itself.

Yotabytes

They plans to have yotabytes of storage - but will they have good enough software to analyze those yotabytes of data per day or enough yotaflop to
process all those data? How about software to figure one pattern affecting 5 days ago or a year ago data?

I guess they have to hire yota-software engineers to write those yota-buggy software

US Debt Solution

[Nethead]

This isn't about reading your mail. This is to crack all the VPNs from retail stores so they can track what you buy. They then sell this to marketers to help pay off the US debt. If that doesn't pull in enough money, then they just start grabbing credit card numbers.

I want to get educated and find a caring community

I understand that the implementation and the use of encryption is difficult to learn due to the complex problems with it all, but I really wish there was a more public focus on teaching others about various paradigms in cryptography and on teaching basic knowledge about related stuff. So that everyone in the end can make an informed decision on the possibilities and limitations on any given type of encryption together with its chosen implementation, without simply having to trust any software developer or any of the open source tools.

No matter how you spy on citizens.

In a free country we will find ways to make you waste vast amounts of money to no avail.
We will make stronger ways to keep your fat nose out of our business. Then if all else fails were no longer a free country, You can bet you nose will be bloodied.
But it is looking like Orwell's mind was small in contrast to how bad things are getting and going to get.
Let me look into the future. When your born they install a kill switch.
Don't pay your traffic ticket they kill you via remote.

I believe they will get there theocracy government. But to their horror the religion in charge wont be the one who pushed it.

Re:even better

Yeah, you basically can't do this unless you have a PhD in mathematics and have studied the problem for years.

Nuts like you are really a dime a dozen.

Why is this happening?

[choke]

Why is this happening? We're being robbed by bankers who appear to be above justice (bank of america), ruled by politicians who are installed by the same big-money criminals that are bankrupting us and printing money to cover unfinanced wars and bailouts of corrupt institutions, our teachers are taking pay cuts and we have the highest medical care costs in the world and THIS is what the government needs to spend money on?

This town needs an enema.

Re:even better

Way back as a junior, I had a professor that thought he had an unbreakable algorithm 512 byte keys. Whooh...crazyness...

I asked him to take a text e-book so I didn't have to screw around with advanced techniques, encrypt it, and send it to me.

It took less than three hours to crack --and most of that was me digging through one of my references for a particular algorithm I didn't want to write from scratch.

This guy had a PhD in CS. But...he didn't understand cryptography. Really understand it.

I'm not saying you're wholly wrong. But you almost certainly are. And that's what makes homemade crypto systems *really* dangerous.

Re:the Future

[Phrogman]

Whatever we conceive to be the "future" knowledge of cryptography *now* is probably where they are already at, at the NSA. They were decades ahead of everyone else for the longest time, until crypto broke into the public consciousness - they are undoubtedly still a decade or two ahead of the masses.
I *highly* recommend the book "Crypto" by Stephen Levy, if you haven't read it.
The answer with all personal cryptography is to provide just enough difficulty in solving it to protect the information long enough to suit your purposes. Nothing will ever prevent the future decipherment of your text down the road, if anyone cares to try to decipher it and has the resources (i.e. this new facility).
The only other solution to crypto that can help you is for more people to use it routinely for everything, thus obscuring your traffic in a sea of other traffic. Thats no protection at all if they already have their eyes on you of course.
Basically we're fucked with regards to privacy via encryption.

Re:even better

You are not the first person to have such a thought. The trouble is, it's easy to invent an encryption scheme that you personally can't figure out how to break. If anyone in Mensa can break it though, your system is broken for everyone.

Read Applied Cryptography by Bruce Schneier, this is a common pattern. If you're so sure you have a great system, publish it for the world to see, and get feedback from lots of experienced crypto experts.

Re:Notice how the "crypto guys" are the "old guys"

As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits).

They also tweaked the S-boxes so DES would be far more resistant against differential cryptanalysis... a technique that wouldn't be rediscovered by civilian academics for twenty years. Ironically, removing that backdoor made people think they'd actually installed one. Of course, the goal may have been to secure American commercial communications while scaring foreign nations away from the improved algorithm. And it wouldn't surprise me if some militaries used Lucifer instead of DES while the NSA laughed at their naivete.

Good Will Hunting

Haven't seen this quoted yet. It seems to fit perfectly and is only about 15 years old:

Why shouldn't I work for the N.S.A.? That's a tough one, but I'll take a shot. Say I'm working at N.S.A. Somebody puts a code on my desk, something nobody else can break. Maybe I take a shot at it and maybe I break it. And I'm real happy with myself, 'cause I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East. Once they have that location, they bomb the village where the rebels were hiding and fifteen hundred people I never met, never had no problem with, get killed. Now the politicians are sayin', "Oh, send in the Marines to secure the area" 'cause they don't give a shit. It won't be their kid over there, gettin' shot. Just like it wasn't them when their number got called, 'cause they were pullin' a tour in the National Guard. It'll be some kid from Southie takin' shrapnel in the ass. And he comes back to find that the plant he used to work at got exported to the country he just got back from. And the guy who put the shrapnel in his ass got his old job, 'cause he'll work for fifteen cents a day and no bathroom breaks. Meanwhile, he realizes the only reason he was over there in the first place was so we could install a government that would sell us oil at a good price. And, of course, the oil companies used the skirmish over there to scare up domestic oil prices. A cute little ancillary benefit for them, but it ain't helping my buddy at two-fifty a gallon. And they're takin' their sweet time bringin' the oil back, of course, and maybe even took the liberty of hiring an alcoholic skipper who likes to drink martinis and fuckin' play slalom with the icebergs, and it ain't too long 'til he hits one, spills the oil and kills all the sea life in the North Atlantic. So now my buddy's out of work and he can't afford to drive, so he's got to walk to the fuckin' job interviews, which sucks 'cause the shrapnel in his ass is givin' him chronic hemorrhoids. And meanwhile he's starvin', 'cause every time he tries to get a bite to eat, the only blue plate special they're servin' is North Atlantic scrod with Quaker State. So what did I think? I'm holdin' out for somethin' better. I figure fuck it, while I'm at it why not just shoot my buddy, take his job, give it to his sworn enemy, hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and join the National Guard? I could be elected president.

Re:Notice how the "crypto guys" are the "old guys"

You're only partly correct, and a very small part at that. Someone on the lower parts of the GS pay scale isn't making a lot of money, but once you've crossed into GS-13 and above, you're doing quite well. Factor in locality pay, which is something civil servants conveniently forget to include when discussing pay. Then factor in medical coverage and other benefits (including the very important and expensive retirement). Civil servants do quite well when everything is considered.

There's a myth that the average contractor is making bank; unless they have a high level clearance (TS SCI) or are in a conflict area or both, the contractor is making approximately the same as the GS and is working more hours. The big difference is the contractor can be fired at any time and is expected to produce.

Re:Notice how the "crypto guys" are the "old guys"

That's why no one works for the TSA.

Re:Notice how the "crypto guys" are the "old guys"

[Reservoir+Penguin]

Why shouldn't I work for the N.S.A.? That's a tough one, but I'll take a shot. Say I'm working at N.S.A. Somebody puts a code on my desk, something nobody else can break. Maybe I take a shot at it and maybe I break it. And I'm real happy with myself, 'cause I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East. Once they have that location, they bomb the village where the rebels were hiding and fifteen hundred people I never met, never had no problem with, get killed. Now the politicians are sayin', "Oh, send in the Marines to secure the area" 'cause they don't give a shit. It won't be their kid over there, gettin' shot. Just like it wasn't them when their number got called, 'cause they were pullin' a tour in the National Guard. It'll be some kid from Southie takin' shrapnel in the ass. And he comes back to find that the plant he used to work at got exported to the country he just got back from. And the guy who put the shrapnel in his ass got his old job, 'cause he'll work for fifteen cents a day and no bathroom breaks. Meanwhile, he realizes the only reason he was over there in the first place was so we could install a government that would sell us oil at a good price. And, of course, the oil companies used the skirmish over there to scare up domestic oil prices. A cute little ancillary benefit for them, but it ain't helping my buddy at two-fifty a gallon. And they're takin' their sweet time bringin' the oil back, of course, and maybe even took the liberty of hiring an alcoholic skipper who likes to drink martinis and fuckin' play slalom with the icebergs, and it ain't too long 'til he hits one, spills the oil and kills all the sea life in the North Atlantic. So now my buddy's out of work and he can't afford to drive, so he's got to walk to the fuckin' job interviews, which sucks 'cause the shrapnel in his ass is givin' him chronic hemorrhoids. And meanwhile he's starvin', 'cause every time he tries to get a bite to eat, the only blue plate special they're servin' is North Atlantic scrod with Quaker State. So what did I think? I'm holdin' out for somethin' better. I figure fuck it, while I'm at it why not just shoot my buddy, take his job, give it to his sworn enemy, hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and join the National Guard? I could be elected president.

More than that...

If the article is accurate, this is an admission of failure on NSA's part. What they're looking to do is not "break" cryptosystems -- evidently, they're admitting they can't. This is a massive brute-forcing effort, It's what you do when you have no choice.

As for AES, well, NSA helped to analyze it, and put their stamp of approval on it for securing top-secret communications. AES is secure, from an NSA perspective. Just another reason to think this is actually good news from a privacy perspective.

Re:Notice how the "crypto guys" are the "old guys"

Which is why the NSA guys were wearing name tags.

Re:If anyone in Mensa can break it

[TaoPhoenix]

That's why I put a lot of "weasel word qualifiers". What I have is a couple of very good ideas, based on new possibilities of the Cloud that were not available before, and some general properties of computers I do not believe have been exploited.

There's a couple of good replies - but they're all AC's! THAT's fascinating!

My basic problem is that true per one of the AC's above, I don't have the chops to finish off the job - the best I can do is proof of concept demos. I've glanced over the Schneier stuff before, and it's a fair point too. But then again, below national critical interest, I think there's room here. After all, we can't even be bothered to read articles!

There's a middle ground though, in the obscurity, and that's why my general question was in fact to test myself against a couple of real Pros. I don't think AC can crack my stuff in three hours, but I don't expect it to stand up forever either. In fact I did get a reply from a fellow who works in web security, so I'll see what he thinks.

scrypt

I'll bet they don't like Colin Percival's key derivation function: http://www.tarsnap.com/scrypt.html

Re:One time pads

[TaoPhoenix]

I think I found my answer. Let's hope I phrase it right.

I was definitely thinking of one time pads but I ended up in 1-time digital Book Ciphers with extra obfuscation using high*er* entropy than a regular Book Cipher.

So the breakability is proportional to the non-randomness of the gobbledygook against the skill of the analyst. I was headed towards Schneier's Multi-Encryption but the better answer is CD/Downloadable 1-time pads.

Obigitary xkcd

[isorox]

Why would they spend so much money when they could just buy a wrench? http://xkcd.com/538/

Re:Obigitary xkcd

[Stuarticus]

How do you deploy the wrench if you are unable to determine upon whom one should apply it?

And now we know

And now we know how they are going to enforce SOPA/ACTA....

Re:Notice how the "crypto guys" are the "old guys"

I just got a job at WhiteHat Security, doing web application testing of clients. How is what they do unethical?

Useless

Even the best encryption is useless if all the NSA has to do is use the back door they have built into Microsoft Windows.