Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Building US's Biggest Spy Center

Posted by Soulskill on from the you-can-trust-us dept.

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

33 of 279 comments (clear)

  1. All your secrets belong to us... by Grog6 · · Score: 3, Funny

    Panopticon this week; Maybe we'll get Skynet by accident?

    That might be best for everyone in the long run...

    --
    Truth isn't Truth - Guliani
    1. Re:All your secrets belong to us... by rot26 · · Score: 5, Insightful

      Yeah, that's always the problem, innit? I personally wouldn't mind the NSA reading all of my email if it were, in fact, a sort of protector of good. How can any politician EVER control a beast that knows where every skeleton in every closet is and can protect that information behind armed guards and blast-proof doors? It's a deal with the devil if there ever has been one.

      --



      To ensure perfect aim, shoot first and call whatever you hit the target
  2. USA...we miss you! by Anonymous Coward · · Score: 5, Insightful

    In american America, people monitor the government.
    In soviet America, the government monitors the people.

    1. Re:USA...we miss you! by TehZorroness · · Score: 5, Insightful

      Well, here's a word from me at least. Obama can eat a dick. I'm getting so fed up with this gradual transition to full autonomous surveillance. There will be people out in the streets about this when things start getting bad. Soon enough, the schism between reality and the fairy tales they told us about freedom in public school will be too wide even for the American Idol crowd to believe. An interesting time to live. It's just too bad we can't be investing these man-years and resources on attaining sustainability before the Earth becomes a giant radioactive ball of toxic shit inhabited by cannibalistic asshats.

    2. Re:USA...we miss you! by homer_ca · · Score: 4, Insightful

      That's ok. As long we get to keep our birth control and our gay rights, democracy is safe, right?

    3. Re:USA...we miss you! by jmcvetta · · Score: 4, Insightful

      There will be people out in the streets about this when things start getting bad.

      Yes, but the drones will take care of them.

  3. Re:How many bits? by KhabaLox · · Score: 5, Insightful

    How many bits should we use for encryption now?

    More.

    --
    Ceci n'est pas un sig.
  4. Re:How many bits? by Black+Parrot · · Score: 4, Informative

    How many bits should we use for encryption now?

    If you assume peak computing power is doubling ever n years, they you need one more bit every n years to keep ahead.

    And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

    --
    Sheesh, evil *and* a jerk. -- Jade
  5. Re:a thought by adturner · · Score: 4, Interesting

    That's basically what happens today with most protocols like SSL/TLS. For each new connection, the client and server negotiate a new key via public key crypto like RSA. Actually, based on some comments in the article, like needing more "transactions" to help break the encryption, makes me believe the NSA is actually working to break RSA then AES.

  6. NSA history and modern crypto's impact upon it by Anonymous Coward · · Score: 3, Informative

    The whole we-can't-break-codes-anymore story is told in

    http://www.amazon.com/Coded-Messages-Hoodwink-Congress-People/dp/0875868142/ref=sr_1_1?ie=UTF8&qid=1331918025&sr=8-1

    Coded Messages: How the CIA and the NSA Hoodwink Congress and the People

    by Nelson McAvoy, former NSA person, who claims to have been at the early meetings from when the NSA was formed.

  7. Re:How many bits? by Beardo+the+Bearded · · Score: 5, Funny

    Use no encryption and have a sig like mine. Eventually someone gets bored of reading every mundane post and email and puts you on an "ignore" filter.

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  8. Re:How many bits? by SuricouRaven · · Score: 3, Insightful

    I think at this point it isn't about the number of bits, it's about luck, implimentation issues and the search for user error. Doesn't matter how many bits you use if they can sneak a copy of your laptop hard drive and find the key somewhere in swap space, or if your 8192-bit key is derived from a passphrase that's only ten alphanumeric characters, or if they can pull off an effective MITM attack on an SSL by threatening/bribing/asking a trusted certification authority to sign their cert.

  9. A secret role by K.+S.+Kyosuke · · Score: 3, Funny

    One of its secret roles? Code-breaking your private, personal information. Everybody's a target.

    Gee, if that is a secret, I promise not to tell anyone. Anyone joining me on that? Just hope that no one will read this article who doesn't already know, that would kind of spoil it.

    --
    Ezekiel 23:20
  10. Re:Wow! by Black+Parrot · · Score: 4, Funny

    First post, never got that before.

    You must be using the new FTL neutrino submission system.

    --
    Sheesh, evil *and* a jerk. -- Jade
  11. Intelligence pays for itself by betterunixthanunix · · Score: 4, Insightful

    We use our signals intelligence capability to pass the trade secrets of foreign companies on to our own domestic companies; there is plenty of money to be made from being able to decrypt messages that the NSA intercepts.

    --
    Palm trees and 8
    1. Re:Intelligence pays for itself by Anonymous Coward · · Score: 5, Funny

      You're Chinese?

    2. Re:Intelligence pays for itself by digitig · · Score: 4, Informative

      Or French, or American.

      --
      Quidnam Latine loqui modo coepi?
    3. Re:Intelligence pays for itself by Ghostworks · · Score: 4, Interesting

      The cited section basically talks about widespread French spying on American companies, and then claiming it was all a big conspiracy to make the French look bad once it came to light.

      The fact remains that even if the U.S. government were willing to steal information and share it with American companies -- and this is pretty unlikely given that the U.S. doesn't have the sort of cozy, formal overlap of public and private sectors that France, China, or even Great Britain have -- most other countries haven't had anything we want. You have to go back to 1793 Pawtucket to find a good example of the U.S. gaining an edge through industrial espionage.

      Don't get me wrong, the U.S. government has shown it's willing to co-op private technology for its own ends. (For example, when it co-opted the patent for Phillip French's Crater Coupler and then used that state secrets privilege to get the dispute tossed out of court.) They just haven't been shown to help private U.S. firms with any of it, or to do it specifically to improve the competitive advantage of a U.S. company.

  12. What am I missing? by Fnkmaster · · Score: 5, Insightful

    My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force. Even AES-128 is essentially unbreakable under any known attacks then, since brute forcing a single AES-128 password is so far beyond feasibility, it's absurd. My understanding is that the best known attacks on AES are side-channel attacks, which require only modest computational resources, but need access to the encrypting machine, and related-key attacks that are only effective for certain small classes of keys.

    So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

    And there have been several reports of FBI and other federal agencies being unable to recover AES-256 encrypted hard drives. So if NSA has the capability to do so even for small numbers of keys using existing computing power, they obviously keep it incredibly restricted and under wraps.

    So... this is BS by somebody, right? Either congress is getting BSed into funding stuff that won't do what they're being told it will do, or the public is getting BSed into believing that using encryption is pointless because NSA can real-time decrypt anything, so just don't bother, mmm'kay?

  13. encrypted message for the NSA by lemur3 · · Score: 4, Funny

    uckfay offway ationalnay ecuritysay agencyway

  14. Re:a thought by Anonymous Coward · · Score: 5, Insightful

    First off, AES isn't public key, it's just usually used in conjunction with public key. The public key portion of the exchange is used to communicate an AES key (the "shared secret") which is then used for communication moving forward. This is because public key encryption is "expensive" by comparison to block cyphers like AES. Secondly, you don't communicate a passphrase with public key. The passphrase that you're used to using is so that keys can be securely stored and someone that gains access to your key file doesn't get access to your key.

    You could potentially communicate a new AES key with every message, which would greatly reduce the chances of a bruce force attack being successfully since most rely on the ability to analyze a large number of blocks that use the same key. That said, if you crack one key you do gain access to every key that followed in the chain.

  15. Re:How many bits? by TheGratefulNet · · Score: 4, Insightful

    and even better: send false positives to waste their time.

    perhaps the crypto protocols need enhancing to allow fake bullshit messages that can't easily be told from real crypto stuff.

    ie, DOS them.

    I know, they have lots of power but it IS a war. war on our privacy and its so blatant now, they don't even try to hide their break-in attempts to us, anymore.

    the ONLY reason encryption was allowed in the first place was for banking and online 'business'. if there was not this use-case, we would be disallowed encryption entirely.

    --

    --
    "It is now safe to switch off your computer."
  16. Re:a thought by zill · · Score: 4, Informative

    Anyway AES is public key encryption.

    AES is a symmetric-key algorithm.

  17. Re:Notice how the "crypto guys" are the "old guys" by TheGratefulNet · · Score: 4, Interesting

    WHO would work for them, I ask you?

    decades ago, the people didn't view their government quite the way they do today. some patriotism did exist and people wanted to help their government. *generally*.

    today we all see how invasive and evil our government has become. totally 100% lost its way. almost anything it does, it does badly and hurts people, long and short run.

    if I was offered a job for the so-called white hats (which I now see as black hats) I'd turn it down. I would not be able to live with myself knowing I'm helping an evil force become more evil and more forceful.

    I do realize a lot of people can easily shelve their ethics and see money-making jobs as separate. but I wonder how many people still believe that if they join the government or gov-sponsored jobs, that they are really HELPING things?

    too many black marks on the government. working for them could be as bad as working for the old mafias. the people that they do get, I would not trust. they are whores.

    --

    --
    "It is now safe to switch off your computer."
  18. One Time DVD or SD anyone? by Gim+Tom · · Score: 5, Interesting

    The one time pad could make a comeback in the form of a one time DVD's or maybe even SD or Micro SD chips. I know, it is not scalable due to the problem of distribution. It is also symmetric in that the same "key" encrypts and decrypts, but it is also immune to brute force since your one time key is equal to or longer than the message length. An interesting variation might be to use an image file that is very long, but completely innocent as a pseudo random key and only have two copies of that exact image. The former Soviet Union used a one time cypher for all of their clandestine agent communications.

    1. Re:One Time DVD or SD anyone? by Maximum+Prophet · · Score: 3, Informative

      Everyone used one time pad for all of their clandestine agent communications. OTP, it's the only way to be sure.

      See http://en.wikipedia.org/wiki/Number_stations

      Using an image has problems in that they are not random, so are subject to analysis. If you stripped the headers, and used an "image" of captured static, it might be good enough, but almost anything organic like a photo of a tree, will have patterns in it.

      --
      All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
  19. Re:How many bits? by mhajicek · · Score: 4, Funny

    How many bits should we use for encryption now?

    All of them.

  20. Re:Notice how the "crypto guys" are the "old guys" by slew · · Score: 4, Interesting

    I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

    Crypto-guys are the "old guys" from a tradecraft point of view. AFAIK, in the NSA, many of the old-guys are involved with developing clever new internal ciphers (so-called classified "suite-A" algorithms). Since many of the "bad-guys" aren't nation states with heavy duty crypto development capablities, they often are using off the shelf stuff like AES/ECDSA (members of the "suite-B" algorithms). Until someone discovers a huge gaping hole backdoor, breaking these "suite-B" algorithms benefit from mostly from brute force (even if you know a few clever tricks that others do not which chops things down an order of magnitude or two). This is pretty much an admission that there is no huge gaping back door in these suite-B algorithms, not that any crypto-tradecraft capability was in trouble.

    I find it oddly somewhat comforting that the we have "old-guys" that realize that sometimes the best thing to do is to throw this problem at a box of computers and spend their time on other pursuits. Who knows, this facility might be dedicated to cranking on some clever cracking algorithm that is unknown to the public, all we know it it takes lots of OPS. Isn't surpising to me that cracking these algorithms are hard. As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits).

  21. It's unlikely the real target is breaking codes by mbkennel · · Score: 4, Insightful

    I actually doubt that they are most interested in brute-force codebreaking through the front door except in a few rare situations.

    Most of the time, it's massive traffic analysis: searching and analyzing a titanic, dynamically changing graph, nodes are IP addresses and phone numbers of the planet.

    Once they find a 'target of interest', then they would usually ask the FBI or other authority just to put a tap on a specific line, or if necessary break in and install a trojan on the target's phone or computer, avoiding front-door code-bashing, which isn't generally feasible in large scale any more.

    There are companies (e.g. http://www.conveycomputer.com/) which make highly parallel co-processors from FPGA's which give user-definable vectorized instructions on enormous memory bandwidth.

    This is just the thing for the NSA.

  22. Re:How many bits? by TheTrueScotsman · · Score: 4, Informative

    There's no way they can crack AES-128 unless there's a hole in the algorithm or they have quantum computing.

    Current best practices are:

    1) AES-128 to AES-256 for symmetric keys (although AES-256 has its own problems which can sometimes collapse it to AES-128 - these are ameloriated by increasing the key rounds)

    2) 2048-bit to 4092-bit for RSA keys (2048 may be breakable by 2030 with conventional computing, 4092-bit will take much longer).

    If quantum computing becomes feasible then AES keys will effectively halve in complexity (i.e. AES-128 goes to 64-bit, AES-256 goes to AES-128) and RSA and DSA keys will be useless.

  23. Re:How many bits? by GameboyRMH · · Score: 3, Insightful

    Don't forget there are commercially available quantum computers already, it's safe to say the NSA is already somewhat ahead of that, and they're on the bleeding edge of cryptography research. I've already phased out AES-128 and RSA-2048 from my systems just because I can.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  24. Re:How many bits? by CBravo · · Score: 3, Funny

    That would be 640kB

    --
    nosig today
  25. Hiding secrets from the future with math. by Tackhead · · Score: 3, Interesting

    The former Soviets got caught re-using their one time pads after a year.

    "Best of all, your secret: nothing extant could extract it.
    By 2025 a children's Speak-and-Spell could crack it.

    They were thinking, who would store the eTexts for that long, since OTP is unbreakable?

    You can't hide secrets from the future with math.
    You can try, but I bet that in the future they laugh,
    at the half-assed schemes and algorithms amassed
    to enforce cryptographs in the past."

    - MC Frontalot, Secrets from the Future

    Secrets cost money. How long do you need to keep them? Today we believe - with good reason - that most cryptographic protocols are secure. Bue even if that's true (and there's no guarantee), why not hoover up the data while it's available and wait for your opponent to slip up, or your mathematicians (or computer engineers) to make a breakthrough, whichever comes first?