Slashdot Mirror
NSA Foils Much Internet Encryption
An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.
For awesome powa
A feeling of having made the same mistake before: Deja Foobar
I believe the "working with industries to install backdoors" part, but the cracking internet standards encryption? Nope. The report doesn't even say what they are supposed to have cracked, only some nebulous "widely used internet encryption". Do they have a ton of computation power? Yes. Do they have some magical break on AES that no one in academia knows about or can even fathom? No. Just some FUD.
From Bruce Schneier Here and here.
Also a nice call to arms here.
"I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better."
grammar-lesson free since 1999. (rescinded - 2005)
The three organisations removed some specific facts but decided to publish the story because of the value of a public debate about government actions [...] .
Yet, the article does claim this:
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
But they also quote Snowden that:
"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on," he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.
Maybe we still have some hope?
The claim is VPNs and SSL... so either a break in RSA or AES, either way SSH would be covered. But there are so few details in the story its hard to know how technically competent the staff who reviewed the documents and therefore how serious the threat is.
So I'm left with the impression that the NSA will add features in return for improved access.
SELinux comes to mind as a gift from the NSA to the Linux community. A gift with a hidden payload.
Hmm.... We can call it Trojan Linux. Ribbed for your pleasure. The ultimate in back door penetration.
I wonder if their list includes SSH
OpenSSL came from SSLeay, which was created outside of the US specifically for this reason.
Its not a technical attack in the first round;
The long, strong arm of the NSA
July 27, 1998
Web posted at: 4:15 PM EDT
http://edition.cnn.com/TECH/computing/9807/27/security.idg/
[..]
It's gotten to the point where no vendor hip to the NSA's power will
even start building products without checking in with Fort Meade first.
This includes even that supposed ruler of the software universe,
Microsoft Corp. "It's inevitable that you design products with specific
[encryption] algorithms and key lengths in mind," said Ira Rubenstein,
Microsoft attorney and a top lieutenant to Bill Gates. By his own
account, Rubenstein acts as a "filter" between the NSA and
Microsoft's design teams in Redmond, Wash. "Any time that you're
developing a new product, you will be working closely with the NSA,"
he noted.
[..]
Clearly wary of granting the government supervision over its products,
Microsoft has stubbornly refused to submit a data-recovery plan, even
though the Redmond giant already includes a data-recovery feature in
its Exchange Server.
"The Exchange Server can only be used when this feature is present,"
Rubenstein said. "Because we haven't filed a product plan, it's harder
for us to export this than for companies that have filed plans."
[..]
I'd wager that the fundamental flaw in HTTPS is that the government has the private keys direct from the CAs. The protocol is flawed in the key management (as most are).
Socialism: a lie told by totalitarians and believed by fools.
surely there should be a ripe market niche for some smart geek to 3D print arduino-controlled quadcopters to facilitate key exchange. hmmmm... hold on, still a few bugs to be worked out...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The NSA can crack 4096-bit PGP keys? I doubt it. Seems like FUD to dissuade people from even attempting to use encryption
From ProPublica:
In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
Who else remembers the debacle about the government no longer purchasing Lenovo computers? I remember some people saying that if the U.S. government is making all this fuss about it, they're probably the ones doing it.
This seems to indicate those people are correct.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Unless you exchange private keys offline, manually, preferably not using any temporary electronic storage means, the NSA has your keys.
um you never exchange privet key's you only share public keys.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
The claim is VPNs and SSL... so either a break in RSA or AES, either way SSH would be covered.
You do not need to break RSA or AES to break a lot of VPNs. I.e. if you use aggressive mode IKEv1 PSK (typically plus XAUTH, but that does not actually help), the shared private key can be recovered by offline attacks. NSA supercomputers should have no problem handling most keys. Alternatively, if certificates are used, many organizations buy premade certificates including secret keys instead of going through the trouble of generating their own secret keys. That means the NSA only has to compromise the few certificate vendors.
And this is just the passive attacks the NSA can do. If they actively interfere, they can use downgrade attacks or (for HTTPS) the various TLS vulnerabilities or use proper fake vendor certificates or all sorts of other mischief. That is harder to pull off unnoticed of course.
Very little equipment supports IKEv1 with "raw" RSA keys (no certificates), even though that takes the whole PKI problem away and avoids aggressive mode. I'm only aware of (free|open|libre|strong)SWAN and RouterOS. IKEv2 is almost non-existent, and what little equipment supports it tends to only support the equivalent of IKEv1 main mode with PSK or certificates -- precisely the areas where IKEv1 is already good enough.
For those of us who use proprietary encryption acceleration: how do we know that the session keys are chosen securely and not divulged with steganography somehow? I know that products have existed which did exactly that, revealing part of the encryption key in the encrypted data stream (and I know that because the vendor was fairly open about the practice).
Finally! A year of moderation! Ready for 2019?
Why would anyone ever exchange private Keys???? The system does not work that way.
Certificate authorities never see private keys so you are dead wrong about that. What's more, even if a rogue CA was minting bad certs on the fly to attest that the NSA was really foobar.com, that would have been noticed. Remember that secrecy is something they value insanely highly. They wouldn't ever do something so easily noticed and the articles do not imply any kind of CA compromise.
In fact if you read all the stories (they overlap largely but not entirely) you can get a vague picture of what's going on. Firstly, they record all encrypted traffic in case they can decrypt it later. Secondly, they have a database of public to private keys, populated via any means they can. Thirdly, they obtain keys in lots of ways (hacking, subversion, bogus court orders, brute forcing old/weak keys etc) but they don't seem to have a magical solution to all strong crypto. The closest that the leaks come to this is discussion of some amazing cryptoanalytic breakthrough, which could possibly mean they're able to break some kinds of RSA? Perhaps they're ahead of Joux et al by some years?
Regardless, what it is, it can't be a solution to all crypto, because these governments apparently asked the newspapers not to publish on the grounds that people might switch to stronger systems that worked.
A) The NSA probably directly runs half of the CAs and thus own the root keys that come configured in your browser.
B) Absent some fancy crypto skills, having the CA root key only allows them to MITM connections. Doesn't help with decrypting a captured stream.
To fully secure our VPN, I've now built a CA on a non-Internet connected machine which sits behind lock and key. I use it to create SSL certificates for our VPN routers. I'm not building these Certs for Joe Average to connect to my servers, I'm building them so I can be sure that communications between my VPN endpoints is secure, and by securing the CA I can be certain that the likelihood of anyone, including the NSA, can break into my VPN tunnels with any kind of non-local exploit is low to nil.
The world's burning. Moped Jesus spotted on I50. Details at 11.
The raw document provides some more details but remains not especially explicit.
"The fact that NSA/CSS has some capabilities against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, WEBMAIL, and other network communication technologies".
Capabilities are defined here as NSA/CSS ability to exploit a specific technology. This may encompass acquiring and processing plaintext data and/or acquiring, decrypting and processing encrypted data.
So do you want the NSA to break Syria's encryption about their chemical weapons attacks?
Or do you prefer we not know that the Syrian government uses chemical weapons to kill civilian populations, affecting public policy?
Which social contract would you prefer government to break? the "Government shouldn't know private activities of foreign governments" or "Government shouldn't allow foreign governments to kill civilians"?
If your privacy is important, then you think that means your government shouldn't monitor foreign communications, correct? And that means you think it's ok for foreign governments to kill civilians as they please? And if you think foreign governments should be allowed to kill civilians, then I guess you don't donate to charity either? Why would you want to help other people, after all?
You can pick either charity or privacy, but you can't have both. Sorry. That's because bad guys have power, and you need more power to overcome those bad guys for the purposes of charity.
So charity or privacy? What's it going to be?
Won't somebody please think of the civilians!
All else aside, if you think the NSA breaks codes in order to prevent civilian casualties, or for "charity", you have another thing coming. They do it to provide intelligence to the US government to facilitate furthering its national interest, in whatever form that may take. And if you think civilian casualties or chemical weapons are the actual reason we are considering whether or not to attack Syria, you have yet another thing coming.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
"Government shouldn't allow foreign governments to kill civilians"?
Incidentally, that policy also applies to the Syrian government versus the US. Cos', you know, the US is a foreign government and airstrikes would surely also kill civilians.
Also, your entire post is a false dichotomy.
There are a surprisingly large number of public key generators with weak random number generators:
And those are the ones we know about.
For open source systems, the person or persons who inserted the weak code should be identified and kicked off the project. It may just be incompetence, but that's a good reason to keep them out of security-critical areas.
Weak keys don't just let the NSA in. They let the People's Liberation Army of China in, too.
Bruce Schneier should be technically competent enough for you, see his articles today at the Guardian.
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
From the article it sounds like the NSA has compromised most commercial VPN software (and is working on the rest) with backdoors, etc.
Do you use commercial (non open source) VPN software? If so, it doesn't matter that your keys are secure.
I don't read your sig. Why are you reading mine?
The article states that they are working with commercial software vendors to insert back doors, vulnerabilities, etc. into their software. This is much easier than trying to break RSA or AES by brute force.
I think we have to assume that all commercial software has been compromised and is vulnerable.
Only trust open source software where the code has been audited carefully.
I don't read your sig. Why are you reading mine?
That's like saying almost all sex they've ever had was consensual and legal, so we really shouldn't blame them for the few cases of rape they committed.
Trust the Computer. The Computer is your friend.
How did the NSAs ability to decrypt most of the encrypted communications of the world prevent Syria's chemical attack on its own people?
Or even help after the fact, for that matter?
How is helping Syria's people even part of the NSAs charter?
To be 1000% clear... all a CA does is sign keys generated by others. They never see the private server key(s). Having the CA signing certificates doesn't give you the magic ability to decode a site's traffic; it only allows you to pretend to be that site. (assuming you can get the users traffic to come to, or through, you. and that other steps (fingerprint validation, serial number checking, etc.) aren't being used.)
Spy on foreign governments and foreign citizens. They need to stay the fuck away from Citizens of the United States of America. Spying on Americans is what other governments are for.
The NSA is operating far outside of its charter. Put them straight.
Why is it so hard to only have politicians for a few years, then have them go away?
Actually, you will get neither if the NSA is able to read all encrypted communication. Simply put, if the government has the ability to penetrate all encrypted communications, there will be no privacy. If there is no privacy the government will eventually degenerate to a tyranny. Given a choice between a tyranny and dead Syrians, I choose the dead Syrians. I don't like the idea of people being killed by their government but I'd rather have the Syrian government killing Syrians than the American government killing Americans, something which will eventually happen if we lose our civil rights.
Don't doubt for a minute that there are forces in the government that are working toward that. They're mostly not evil people and most don't really understand what the ramifications of what they are doing, but history does repeat itself and there is plenty of history that demonstrates what happens when a government can do whatever it wants. Orwell's "1984" is fiction, not history, but it is based upon history and basic psychology. If we want to retain our civil rights, we need to fight and struggle for them, both in the courts and in civil disobedience if necessary.
It's really quite a simple choice: Life, Death, or Los Angeles.
I'd like us to continue treating encryption as weapons and regulate its export accordingly. Unfortunately, it is not really possibly — any enemy worth the designation would be able to get it anyway, because moving an algorithm is much easier than a gun. And, unlike guns, you only need to move an algorithm once.
I wish I had sufficient confidence in my own government to be able to sincerely pick charity... Unfortunately, I do not. If the President can already ask the IRS to hurt opposition's finances, what's to prevent him from asking the NSA to look into the opposition's e-mails? The sort of thing, that got Nixon to resign is barely an issue with today's Americans...
However, according to an earlier article about Snowden's interaction with journalist(s), PGP (with sufficiently large keys) is still unbreakable even to the NSA — at least, as far Snowden was aware:
So that's, what a particularly private person should be using for all of his communications...
In Soviet Washington the swamp drains you.
This has nothing to do with liberal or conservative and everything to do with the power of government.
From Bruce Schneier:
Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
I don't read your sig. Why are you reading mine?
I trust the math, even though I don't understand it.
I don't necessarily trust the people who coded the math into a program.
I don't necessarily trust the computer that is running the program.
//TODO: Think of witty sig statement
The silver lining in this sad story is that the algorithm used by SSL itself is still unbreakable to the NSA. They wouldn't have needed the keys otherwise. So asymmetric crypto is still sound — if used properly — and privacy-minded people can still use it to communicate...
In Soviet Washington the swamp drains you.
Though I sympathize with the gist of your position, I must question this particular argument:
Why exactly is this so? Of course, it would be rather uncomfortable to have no privacy, but would it necessarily lead to tyranny? Why not the opposite, for example — if no one's dealings are private and all information (from banking transactions, to kissing, to bowel movements) about everyone is readily available to whoever cares, wouldn't it be harder to subdue the electoral process, for example?
You would make it much, much easier to "subdue the electoral process". If you're currently the party in power and facing re-election, you first kill everyone who donates money to the opposition--everybody stops giving them money, hampering their campaign. Then you kill anyone who's given any hint that they might vote for the opposition. You and your cohorts get re-elected. Rinse and repeat, and eventually nobody dares form an opposition party, much less support one. If anybody says or does anything that remotely sounds like rebellion, you kill them too. Your party stays in power indefinately, the only things that might end your reign are a split in your party, or killing off so many people that there not enough people left to work and your economy collapses.
I think at this point it is safe to assume that all US or US ally based commercial software of any kind that is of some value to the NSA/GCHQ has been compromised. I would imagine that this will present a huge advantage to open source software in relevant fields. IMO any software company that allowed such backdoors deserves to go out of business. It also means that commercial anti-virus, firewall, and other security software has to be assumed to be backdoored for the NSA/GCHQ. This also gives Linux a huge advantage because it is not so dependent on high quality security software.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
Yeah, 'accidental' civilian deaths, or deaths from 'necessary collateral damage' are so very noble and just.
In Serbia the US/NATO 'accidentally' bombed a farmers market, two hospitals, the Chinese embassy, civilian radio/TV stations, bridges on the wrong side of the country with civilians on them, etc. Also random factories that weren't military-related industry (eg. tobacco) - Interestingly the tobacco factory got bought by Phillip Morris a couple years later...
Chemical weapons are abhorrent, absolutely. But unless use is widespread, picking winners and causing more death and destruction isn't ideal, neither.
Sent from my PDP-11
Your can configure your HTTPS server to use forward secrecy. Forward secrecy uses one-time keys, generated by between the website and the browser for the single session. Most modern browsers support it. But it generally requires compiling the latest version of OpenSSL and the compiling Apache 2.4.x against that, not using the Apache 2.2.x versions that are standard in most of the Linux distros. More detail also here.
If you set up your webserver this way, and your visitors use the right browsers, they NSA's having good copies of the site's certificates won't gain them much. At least that's what Ivan Risti's saying. On TLS/SSL stuff, there may be no one better.
"with their freedom lost all virtue lose" - Milton
Perhaps we shouldn't have provided the Syrians with the precursor chemicals to make weapons in the first place.
Your position is laughable. You have the precursor chemicals to make weapons under your kitchen sink. It's basically impossible to have any kind of modern industrial base without them.
People like you are why I can't buy fucking cold medicine anymore.
What part of "shall not be infringed" is so hard to understand?
With closed source, you don't know if it's secure and you can't verify that it's secure and now we have these NSA documents which state that they have already compromised the most popular commercial security software and they are working on compromising the rest of it.
With open source, you don't have a guarantee that it's secure but you do have lots of knowledgeable people looking at the code (especially now) and you yourself can audit the code. It has a much higher chance of being secure.
You're right, "a security solution with a destroyed reputation is no solution at all"... and the NSA just destroyed the reputation of all commercial security software.
I don't read your sig. Why are you reading mine?
My suspicion is that they can monitor the AES key negotiation during SSL handshake. I've heard enough experts say they still trust AES. But if you as a government agency can compel a company to disclose their private RSA/DSA key then snooping SSL is easy. SSL uses the RSA/DSA public to encrypt the session symmetric encryption key. If you know the RSA/DSA private key, then you can easily decrypt that session key and then snoop the communication.
This is a boring sig
You can't do much with the knowledge that a government wants you dead.
But a government can do a lot with the knowledge that you want it replaced.
Rethinking email
So because there are scary bad men out there the government should be able to do whatever the fuck it wants to be able to catch them? Even if that includes massively violating the privacy of every citizen (never know who's a scary bad man!!) in the country? Even if it includes building a massive database filled with who the fuck knows what that never, ever, gets erased? You know how they say the internet forgets nothing? This is even worse, since random fruit loops on the internet don't have access to your phone records, your banking records, your phone calls, your location and every niggling little detail of your entire life! If you think it's bad that /b/ can access something stupid you said on your blog and troll you even if you delete it, just wait until some scary bad men, I mean trusted public servants, get ahold of all that juicy personal information that those stalwart do-gooders of the NSA put together for them, they'll have a field day! Accidently piss off some bureaucrat at the DMV? He'll just call his cousin at the Ministry of Love and they'll whip up some charges doubleplusquick then off to the Re-education centers (actually, that's too expensive, off to the work camps, more than likely).
If you really think it's just "metadata" you're deluded. All this stuff that's coming out used to sound like the fever dreams of the loony fringe, and god damn does it suck having to listen to them smugly say "We told you so."
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
While you guys are cracking jokes on ROT13, a letter to NYT ( http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0 ) caught my attention
- - - B Missouri Reader
Missouri
On the one hand, âoeIn the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,â but on the other hand the liberties of Americans are at risk by such programs.
In other words, we face a situation where the strongest, most secure nation can no longer be a nation that guarantees the rights of its citizens.
Privacy is not simply a convenience, but it is intimately linked to free speech and to the future prospects for democracy in America. Key elements of the Constitution provide a framework where incumbents can be challenged in free elections, ensuring that better ideas and better leaders will become available to guide the nation. But nobody can win an election against an incumbent with unlimited access to the communications of its rivals. We're not there yet, but the trend is in that direction.
It is high time that members of both parties in Congress get off of their high horses and address this growing threat to our democracy. Technical and legal hurdles must be cleared, and it may even be necessary to make significant changes in the way the internet works. But time passes very quickly in the technology world, and the clock has already been ticking for quite a long time."
Muchas Gracias, Señor Edward Snowden !