Most Tor Keys May Be Vulnerable To NSA Cracking

Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23,000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key," rather than stronger elliptic curve encryption. More from the article: "'Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,' Graham wrote in a blog post published Friday. 'Assuming no "breakthroughs," the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.' He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That's the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker."

well

there goes the neighborhood

Re:well

[Jeremiah+Cornelius]

Just use bigger DH, with better cipher. AES-256? Maybe. Twofish? OK.

Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks.

Re:well

[Black+Parrot]

I recommend a "zero time pad" : if you want it secret, don't put it on a computer.

Re:well

I can't help but notice that your link has nothing to do with what you're saying.

Re:well

[Jeremiah+Cornelius]

Wrong Guardian Schneier link. :-)
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

From Item 5:
"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."

Re:well

He was probably misquoted and was talking about that laughable EC random number generator NSA tried to push once

https://www.schneier.com/essay-198.html

Re:well

[Jeremiah+Cornelius]

No. He wrote this.

Re:well

[goombah99]

Just use bigger DH, with better cipher. AES-256? Maybe. Twofish? OK.

Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks.

that's what they want you to think.

Re:well

[noh8rz10]

you be flip, but seriously. it's called "signals intelligence" for a reason. if you don't want it taken, don't transmit it over the internet. I'd say an airgapped desktop or laptop is still fine, tho.

Re:well

[pongo000]

Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks. [theguardian.com]

I didn't see any such recommendation in the linked article. However, there is a comment in this article in which he does make such a statement. Schneier seems to have reversed himself on advocating the use of elliptic-curve ciphers.

Re:well

[Dahamma]

He hasn't reversed himself from that link you cited - he was just pointing out an NSA recommendation, and was against it then, as well. See his comment to a poster further down:

Bruce Schneier September 30, 2005 11:39 AM
"'Elliptic Curve Cryptography provides greater security and more efficient performance than the first generation public key techniques'

"But ECC was less researched than the others algorithms!"

I agree with you, not the NSA.

Re:well

[rvw]

I recommend a "zero time pad" : if you want it secret, don't put it on a computer.

I disagree. A computer may be a lot safer than... what else do you propose? But never connect it to the internet, so remove wifi and ethernet from the hardware, and I think you're good. Install a linux distro that you can trust, use usb-sticks to transmit files, use Truecrypt etc, and what are you going to do on that computer anyway? Just wondering for myself what I would be doing on a computer like that....

Or.... has it come this far that the NSA has manufacturers build in 3G chips that we don't know of?

Re:well

[Eunuchswear]

I guess the ONI will be pissed that the NSA can read their mail.

Re:well

Spectrum analyzers are dirt cheap. You could also verify that antenna leads are unplugged.

Re:well

We certainly need more research, but it looks like an RC4 complete break (that would be the big, recent breakthrough - would love to see the details, now we know about it) and 1024-bit RSA keys are the meat and potatoes of BULLRUN. And since PCI Compliance for a while advised everyone to use RC4 as a workaround to the BEAST attack... yeah. NSA. Bastards.

They set the constants for all of the NIST curves, however. And if they have a SHA-1 preimage (and it's their algorithm they no longer even recommend, so they might) then they could set them any way they wanted. Or just try repeated phrases until they got bit patterns they were after. prime256v1/secp256r1 and all that jazz? We can't trust them anymore. They're NSA-derived - and the way it turns out they've been behaving, we therefore assume that they ARE backdoored, even if they use them themselves.

The curve Tor uses is curve25519. That is not NIST-derived, NSA didn't pick parameters out of a hat for that one: DJB made it independently. It's been designed, and the reasons for the choices thoroughly explained. It's extremely fast due to its structure, it's good even through the twist, the implementation is so careful that it's constant-time to avoid timing attacks, and we have a rough idea how strong it probably is (around 2^110-ish). Ed25519 is also similarly good and makes a great signature scheme (and you could do DH with it better as well), although you probably don't want to use SHA-512 with it anymore, because NSA - Skein-512-512 is probably the way to go. I don't trust NIST's choices anymore. They are ALL NSA, and thus ALL potentially-tainted.

Unless elliptic curves in general are crackable, which would be quite a wheeze, and of course a possibility. Certicom (NSA) have been doing those for a long time: but the 25519 curves are the product entirely of civilian mathematical research, at least. For now, Schneier is spooked and notes RSA still works fine, if slowly, and maybe bigger keys... 3072-bit? 4096-bit? Against an adversary like this - and it's clear that they consider EVERYONE an adversary - we need the margin.

I note DSA and ECDSA really need strong random numbers for every signature (see fail0verflow's Sony crack for a practical exploit), and GCM fails quicker than it should with non-random keys. Reasonable conclusion: subtle RNG backdoors. We should keep a special look-out for those. Other choices exist which aren't similarly affected (particularly, Ed25519 does not need random numbers per-signature, neither does RSA, although RSA blinding does).

What next? AES-128-CCM use in TLS, perhaps, or OCB-AES-128? (Note I'm specifically NOT recommending AES-256/192 because of the meet-in-the-middle attack - I'd rather move to TWOFISH-256.) Ed25519 DH in TLS? All commercial CAs are toast, the model has been so thoroughly subverted that it can't possibly continue to work. What about DNSSEC? Could do the job. But we can't trust the US to manage the internet anymore. We're meeting in November to see what we have to do: maybe if we remake it used good RSA or Ed25519 keys and take the hands of the root out of ICANN, because ICANN is the US and the US has spectacularly demonstrated it cannot be trusted to manage anything, probably no country can... which means, perhaps, it's time to dig the root KSK revocation key out of mothballs: if there's no trust, there's no point. We're going to need a treaty, a .INT. This isn't a quick-fix.

Re:well

[Burz]

So, I just checked the I2P encryption page and it says they use 2048 ElGammal (which is log-based, as Schneier mentioned) for public key crypto. I think this means I2P could be safer from the NSA than Tor.

Re:well

Osama must be laughing in his alleged watery grave as the United States of Amerika descended further down the path of tyranny against its own citizens. Time for a burning cross on the White House lawn perhaps?

Re:well

[wonkey_monkey]

that's what they want you to think.

That's what they want you to think.

Re:well

Here's an idea, go fuck yourself.

Re:well

[blutfink]

But this was before that happened. http://en.wikipedia.org/wiki/Dual_EC_DRBG

Re:well

[Jeremiah+Cornelius]

I DO really like your detailed information, and where you are going with this.

Again, I worry a little bit about this sort of response:
https://en.wikipedia.org/wiki/GEC-Marconi_scientist_deaths_conspiracy_theory

Re:well

[Jeremiah+Cornelius]

"What you mean 'we', White Man?"

Re:well

[marcosdumay]

He said exactly that some ECC curves have suspicious origins, and one shouldn't trust them. What he didn't say is that all of ECC is suspicious, or that he knows anything with certainty.

Anyway, it's easier to use RSA with a larger key than to investigate each ECC curve you are thinking about using. But that's just my opinion.

Re:well

[xtronics]

Recommending ECC might well be disinformation. Can someone ask Snowden?

Re:well

[Wandering+Idiot]

Yes, this is a sane and measured response. Get off this site and go back to Stormfront where you belong.

Re:well

[bluegutang]

I recommend a "zero time pad" : if you want it secret, don't put it on a computer.

That's equally vulnerable to the $5 wrench decryption method.

Re: well

I DO really like your detailed information, and where you are going with this.
Again, I worry a little bit about this sort of response:
https://en.wikipedia.org/wiki/GEC-Marconi_scientist_deaths_conspiracy_theory

Thanks for that link to the strange death of scientists! I have a memory of another story like this when I was a boy, when a group of smart people working on the same project all died in unusual circumstances. Anyhow my point here is that these scientists must know they are working on projects that have one purpose and that is to take the lives of those whom your government or its allies deem to be death-worthy. In short they are using their god given talents to kill others whilst working in a lab for a bunch of warmongers.

Why then are they really surprised when the get killed for this demonic kind of work?

Karma or cause and effect

For the sake of the billions yet to be born into this ever hostile reality, find something better to do with those amazing minds!

Re: well

[fuzzytv]

I see nothing about elliptic-curve crypto in that article.

Re: well

[Jeremiah+Cornelius]

Other Guardian link by Schneier in reply to my post. It has elliptic curve-ball in it.

Obama hates US Constitution

Leader of the no longer free world

Re:Obama hates US Constitution

[w1zz4]

Mmmm laws that granted NSA permissions to do this have been approved during Bush presidency. Is this meaning Republicans and Democrats are the same? Maybe it's time to wake up US citizens and stop voting for those two partys over and over... But as a Canadian, I probably should not comment on US politics. Anyway our Prime is not a reference...

Re:Obama hates US Constitution

Ehhh, Canada's a two party system anyways. I happen to vote for one of the fringe parties and when I say Harper sucks, they assume I'm a liberal. When I complain about Trudeau they accuse me of being a Harper booster. We occasionally get to see a third party slightly modify things, but that's rare. And we get to see one other party that only one province votes for that can never run the country because they won't run candidates anywhere but their home province (mostly because they hate every single other province).

Canadian politics are probably a worse version of US politics. Can you imagine how well the US would work with 52 parties, each of them never having a chance of winning except California?

Re:Obama hates US Constitution

[w1zz4]

A two party system with a third one being the official opposition right now... Yeah Right (Slow Clap).

Re:Obama hates US Constitution

If I lived in Alberta, I'd vote for the Quebec party. If Quebec secedes, Alberta would be next.

Re:Obama hates US Constitution

[compro01]

A two party system with a third one being the official opposition right now... Yeah Right (Slow Clap).

Which is increasing looking like a one-time temporary thing, unfortunately. Modulo the Bloc voters they took and appear to be keeping, NDP support is about back where it was before the Crush and seems likely to stay there unless Trudeau does something dumb.

Re:Obama hates US Constitution

[compro01]

If you're in Alberta, you can't vote for the Bloc. They don't run candidates outside of Quebec.

a billion dollars...

[Black+Parrot]

for how many chips?

Re:a billion dollars...

[Dahamma]

Probably a LOT - silicon is cheap when you mass produce it, and while they may be custom, they are probably fairly trivial to design (either individually pretty small or easy to duplicate the core many times in one chip).

They're probably already cracking DES keys in minutes...

Re:a billion dollars...

[HiThere]

I doubt it. If they were, why would they need that quantum computer they're ordering. It probably (currently) takes them hours or days.

OTOH, perhaps they just want to be prepared for the backdoors going away.

Re:a billion dollars...

[Dahamma]

From that link I posted, the EFF built a board for under $250k to crack a DES key in under 24 hours a few years ago. There are open source P2P tools to do it in much less today. So it should pretty much be taken as fact the NSA can do it in minutes by now, given their $10B+ a year budget...

Question: multi-layer encryption

If someone encrypts twice, does that make it exponentially harder to crack, or just twice as hard?

Re:Question: multi-layer encryption

[dantotheman]

Depending on the encryption method, doing it twice might make it easier to crack...

**This message has been encrypted twice with the ROT13 method**

Re:Question: multi-layer encryption

twice as hard, as long as different keys are used for each pass.

Re:Question: multi-layer encryption

Little over twice. Encrypt it 3 times and you square the time needed

Re:Question: multi-layer encryption

[sjames]

Not necessarily. In many cases, double encrypting it will not make it at all harder to crack, it will just effectively encrypt it with a composite key no more complex than either of the keys you used.

Re:Question: multi-layer encryption

[Dahamma]

No, it's twice as hard (CPU-wise) if the *same* key is used for each pass. If two completely different keys are used it would generally be equivalent to a key twice as long.

For example, 3DES uses 3 56 bit keys, with OUTPUT = encrypt(decrypt(encrypt(INPUT, K1), K2), K3) if you use the same key for each step it's only going to take 3x longer to test. If you use 3 different keys, it's nominally equivalent to 56x3 = 168 bits, though MITM attacks can make it effectively 112 bits. Still way WAY more than 2x that of a 56 bit key.

Re:Question: multi-layer encryption

[Dahamma]

Eh, never mind, I was assuming something like 2-key 3DES... if you just encrypt twice, sure. Though I guess the point is the "2x" is not because it's inherently "multiply by the number of encryption steps", but because of specific attacks that make it ineffective...

Re:Question: multi-layer encryption

[malacandrian]

Not only this, but applying different cryptography methods on top of each other may expose weaknesses in the system. IIRC Sony choosing to use "all the crypto" was one of the mistakes that allowed the PSN to be cracked,

Re:Question: multi-layer encryption

[aaaaaaargh!]

If I remember correctly, there is a proof for Triple Encryption with Minimum Keys (TEMK) that shows that if you encrypt three times with two independent keys, it will be at least twice as secure as one encryption with one key. The keys must be completely independent, though, derived from two different high-entropy passphrases or random keys that are long enough.

Anyway, encrypting twice with the same key can make it less secure, as others have pointed out. Increasing the rounds of a block cipher might be a better choice in this case, but without extensive cryptanalasis the security gain could still be illusory.

Re:Question: multi-layer encryption

[Qzukk]

It pretty much depends on whether your encryption algorithm may have an alternate key kz where decrypt(k1,decrypt(k2,ct)) = decrypt(kz,ct) and especially where that alternate key may be derivable from the other keys kz=f2(k1,k2)

As an example, consider xor: (plaintext xor key1) xor key2 is equivalent to plaintext xor (key1 xor key2), thus kz is (key1 xor key2).

Re:Question: multi-layer encryption

[marcosdumay]

Also, whatch your random number generator. Once you start with such schemes, it starts to become a bottleneck.

Re:Question: multi-layer encryption

[aaaaaaargh!]

It amazes me that despite the need for random data everywhere there are so few consumer devices with built-in hardware RNG. It doesn't seem very hard or expensive to add one.

Re:Question: multi-layer encryption

[emt377]

All ciphers can be used as random number generators. The seed is the key, and to get a random number you encrypt zeros. Works with any cipher. If you need to generate a PK pair to exchange a symmetric, revolving session key for a stream or block cipher, you can collect entropy (e.g. urand) and use that to vector the cipher, then use the cipher to generate random numbers for the PK generation.

Re:Question: multi-layer encryption

Contrary to what you believe, no cipher can be used as a random number generator. Hint: The "P" in PRNG stands for "pseudo".

Re:Question: multi-layer encryption

[marcosdumay]

All of Intel last processors come with builtin RNGs... And it seems that they have backdoors from the NSA.

Don't trust your hardware too much.

Getting tired here

[ghost_templar]

The more I read of Slashdot (and to an extend Ars Technica), the less I want to continue reading. All it is these days is NSA, NSA, NSA. It's too damn depressing and what's worse, it's one of those situations where it's

(a) an intangable threat (you will probably never suffer directly because of what they're doing, but it still feels wrong)
(b) related to (a), it's something that the wider public doesn't know about and would be hard-pressed to convince is a threat without sounding like a looney
(c) cannot be overcome (moving to Linux for example doesn't change much if the network can still be tapped, and evidently TOR is now comrpomised), short of abandoning technology and reverting to primitive technology for, again, a hypothetical threat that will probably not ever affect us DIRECTLY, but still something we know shouldn't be happening.

I just want to read about science and technology, interesting shit. Seems impossible to do that anymore since clearly NSA stuff rates rather highly.

TL:DR - what's the point of knowing how evil things are if tangible, WIDESPREAD changes aren't going to happen due to our lack of power? You just become miserable, while everyone else is (relatively) happy because they don't know. There's a reason ignorance is bliss is a saying.

Re:Getting tired here

You are always free to vote or submit...

Re:Getting tired here

[msobkow]

Nobody is forcing you to read the articles. You're welcome to stick your head in the sand or cover it with a towel at any time.

Re:Getting tired here

There's a reason ignorance is bliss is a saying.

Given the quality of your writing, spelling, and grammar in your post, I expect
you are a very happy boy.

Re:Getting tired here

[ghost_templar]

Oh fuck you. My post was basically a cry for help and you come here with your superiority complex. Maybe I'm suffering a bit of disillusion here because I'm helpless in a shit world. Could have given some advice you know.

Re:Getting tired here

[ghost_templar]

When you're feeling miserable about the world, perfect typing is not a high priority (particularly if English is not your first language).

You understood what I was trying to say, why be a dick about it? FOR FUN? You asshole. You complete wreck of a human being. Do you enjoy making a sad person even worse? Will you see this as one of the highlights of your existence?

Think I'll just kill myself. The world isn't getting any better if no-one cares. We've lost all hope.

Re:Getting tired here

Oh fuck you. My post was basically a cry for help and you come here with your superiority complex. Maybe I'm suffering a bit of disillusion here because I'm helpless in a shit world. Could have given some advice you know.

He gave you advice. I'll repeat it with different words. If you're just going to piss and moan about the quality of the articles and discussion, then you're part of the problem, and would do everyone a favor by just not bothering.

Re:Getting tired here

And you're so much better, spreading your self-centered "misery" and begging for attention?

The world isn't getting any better if no-one cares. We've lost all hope.

Speak for yourself. You're obviously suffering from a severe case of confirmation bias, which is why you keep up with your bullshit.
Suck it up Princess, or go do something else that doesn't make you cry as hard.

Re:Getting tired here

[msobkow]

"Cry for help?"

I didn't see any "cry for help", just someone whining about the quality of the stories on slashdot.

Again.

Re:Getting tired here

Hey buddy, it get's better, I promise you. Ive been there myself. Just take it one day at a time.

Re:Getting tired here

[AHuxley]

We have had 30 years of whispers, books, magazines and talks by past experts. We seem to have a generation of experts who seemed to allow their allowed hardware and software encryption to fail on a global scale.
So every new story adds to work mentioned in the past. In 30 years this would have been amazing news.
Getting all this crypto and telco news now is going to allow some very creative people to release some new software and hardware.

Re:Getting tired here

Well, you're not alone in how you regard the circumstances. I feel much the same. I detest the panopticon surveillance we've brought upon ourselves, but I have little insight about what actions I could take that might slow our slide down the slippery slope.

Voting is ineffective. I think it no longer matters whether one votes Republican or Democrat. The candidates of both parties depend on monetary contributions to be (re)elected to office, and when (re)elected, legislate so as to channel more wealth to their contributors. Perhaps if I had a billion dollars per annum I could aim at the political process, I could make a minor difference. But I haven't that.

Really, I don't see how we can channel our fate towards a better outcome for more Americans. We're locked into concentrating more wealth into fewer recipients. Enhanced surveillance is but one consequence of that process. Diminishing economic vigor is another. Take a look at the decline in payroll as a % of GDP vs. the increase in corporate earnings as a % of GDP - payroll goes mainly to workers who spend it in our economy, corporate earnings go mainly to top corporate management and shareholders, who don't spend in per capita proportion. Economic stagnation results.

I've changed my goals from contribution to my society to preservation of myself and those whom I hold dear. This means accumulating enough wealth to live in the penumbra of the truly rich so as to benefit from their privilege. So, I live in a legacy small home within an exceptionally wealthy community. If I need to call 911 for an emergency, you cannot believe how much faster responders show up compared to if I were to have made the call from a friend's home a couple of miles down the hill. Fire, police, medical response, road repair, internet access - it's all faster and better for me and my family because I lucked out and live in a community of the 0.1%. And the county sheriffs don't ticket for talking on my cellphone while driving until I leave the Cone of Privilege at the entrance ramp to the closest freeway. What a surprise.

As long as they don't deploy net worth detectors on Mountain Home Road, I'll be fine. And, of course, as long as I can make the mortgage and property taxes.

So, yes, it is depressing. Wish I had advice for you that went beyond "save yourself and those whom you love", but I don't. Your grandkids may enjoy better times. Maybe.

Re:Getting tired here

[QRDeNameland]

I just want to read about science and technology, interesting shit.

I feel your pain, but unfortunately, if the NSA/intelligence complex truly can not be reined in (and I'm not optimistic that it can be), I think you're looking at the dark ages for any science or tech that doesn't serve their purposes.

Someone posted the following citation at the New York Times yesterday, which really struck a nerve with me:

"The man who is compelled to live every minute of his life among others and whose every need, thought, desire, fancy or gratification is subject to public scrutiny, has been deprived of his individuality and human dignity. Such an individual merges with the mass. His opinions, being public, tend never to be different; his aspirations, being known, tend always to be conventionally accepted ones; his feelings, being openly exhibited, tend to lose their quality of unique personal warmth and to become the feelings of every man. Such a being, although sentient, is fungible; he is not an individual." Bloustein, Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser, 39 N. Y. U. L. Rev. 962, 1003 (1964).

Don't think for one second that this is an intangible threat. The people who blissfully ignore or accept it are exactly the people who won't be doing the paradigm shifting science or creating disruptive technologies. The people who would do those things are stuck with the same choice you state: acknowledge a really sucky situation and face being miserable, or ignore it as 'intangible' and go about their day, and just focus on uncontroversial science and tech that won't get them in any trouble. Can that possibly be a good thing?

Re:Getting tired here

[sharklasers]

I think their point is that Slashdot (and presumably most tech sites at the time) focused more on tech, developments, hard science and whatnot. Now it's basically more about the politics that goes on in tech, such as data mining, surveillance and patent wars. Sure, the stuff being talked about is serious and worth covering, but it dominates coverage these days and the balance doesn't seem to be there anymore.

Also, if you are a fan of a site, you SHOULD piss and moan about the quality of the articles and discussion. The only reason you'd bother is if it was once great and has devolved, and you're not pleased by it. There seems to be this impression that making noise and complaints about something is a BAD thing. No wonder things are getting worse.

Re:Getting tired here

Yes, good little frog. Pay no mind to the water, you only think it's getting warm.

Re:Getting tired here

[Artifakt]

I'm going to take a stab at empowering you.
We're in a long term fight for human freedom. Long term means you may have to influence people now who can just possibly help us, or at least you, ten or twenty years down the road. Pick people who are running for minor or local offices, and need a little help, whether it's contributions or getting out the vote or going door to door. You don't have to spend a fortune or put in fifty hours a week on top of your day job to be remembered as one of those people who helped congressman X get his start in politics.
Write letters - you'ld be surprised how many seemingly major pieces of legislation draw two or three letters as they are up for debate, and how getting letters from as few as 10 or 20 people may make a congressman suddenly vote the way he now thinks the vast majority of his constituents want him to vote. Senators and Representitives may see 10,000 e-signatures on a stock electronic petition, but don't usually see even 10 actual letters. A letter thanking them for having done the right thing after it's over is even rarer.
Focus on the persons who seem like they have a good chance of making it to higher office eventually. Find out what a Farley file is, and make sure you end up in a few, in a positive way. Work on your spelling and grammer - An eloquent nutcase may be able to pass as a mainstream voter, but a mainstream voter who writes in all caps and spews sentence fragments, can definitely say something eminently sensible and still be labled a nutcase.

Here's a link for Farley Files. Politicians who make it to high office just about invariably use these, so it's always helpful to know about them. Learning to watch for signs a candidate uses the system is a way of spotting the ones who will go high enough they may someday be able to address issues like the NSA programs. It's also useful to consider in judging what a politician truly considers important rather than what he says in prepared speeches - that is, if he or she is using a file, what do they focus on.

http://en.wikipedia.org/wiki/Farley_file

Re:Getting tired here

[j-turkey]

Welcome to Slashdot (and the Internet at-large as of 2013)! This is a place where people often come to be a dick, just for fun. The fact that you are upset about suggests that you must be new here. It's cool...AC posters are almost universally douchebags. Anyway, mostly due to the lack of civility, I've long since quit posting here unless I have something very specific to say...or because it's late and I can't sleep (like tonight).

Re:Getting tired here

[Natales]

I understand your thinking. Yet, once your eyes have been opened, you can't go back anymore. I know it's a cliche in this audience, but it's really like swallowing the red pill. We now know we were not crazy and there really is an extremely powerful entity out there attempting to break all our most trusted systems. We can 1) ignore it, 2) accept our fate and go kosher (according to 'the system') or 3) fight it. I've chosen 3, mostly because I think this is just the beginning and things can get really dark very fast if we let this stand. I also want to point out that the NSA hires really smart folks, but they are not superhuman. We, as a collective, can outsmart them all, and then we can create open source software easy enough for the masses to use. We've done it before and we can do it again. THEY are not infallible!

Re:Getting tired here

The more I read of Slashdot (and to an extend Ars Technica), the less I want to continue reading. All it is these days is NSA, NSA, NSA. It's too damn depressing and what's worse, it's one of those situations where it's

(a) an intangable threat (you will probably never suffer directly because of what they're doing, but it still feels wrong)
(b) related to (a), it's something that the wider public doesn't know about and would be hard-pressed to convince is a threat without sounding like a looney
(c) cannot be overcome (moving to Linux for example doesn't change much if the network can still be tapped, and evidently TOR is now comrpomised), short of abandoning technology and reverting to primitive technology for, again, a hypothetical threat that will probably not ever affect us DIRECTLY, but still something we know shouldn't be happening.

I just want to read about science and technology, interesting shit. Seems impossible to do that anymore since clearly NSA stuff rates rather highly.

TL:DR - what's the point of knowing how evil things are if tangible, WIDESPREAD changes aren't going to happen due to our lack of power? You just become miserable, while everyone else is (relatively) happy because they don't know. There's a reason ignorance is bliss is a saying.

I am entirely fed up with this NSA crap. Than again, I could care less what anyone knows about me, just as long as I can do my day to day stuff without being harmed. It is the same old crap. Same thing happened when airport searches had an extreme makeover. Everyone wanted the searches to stop, completely disregarding that there were those that wanted to blow us up. Anyway, just wanted to say that I side with you on this one. I came here to slashdot to read up on the latest tech news. What I didn't want to read was more NSA shit. Not even Tor shit. Tor is just a guy trying to go to a fine restaurant without a shirt and shoes.

Re:Getting tired here

[AHuxley]

The http://en.wikipedia.org/wiki/Allegory_of_the_Cave moment via US crypto exports :)

Re:Getting tired here

[AHuxley]

Since when is encryption, telco, optical, hardware exports, unprotected OS, databases of phone use and poorly coded applications not the latest tech news?
This is a wonderful time for many people interested in tech, something beyond the consumer grade new product ad/news/cult.

Re:Getting tired here

[Jah-Wren+Ryel]

All it is these days is NSA, NSA, NSA.

I count 22 stories today (friday). At most 4 are NSA, and that's stretching it (epic browser isn't more about commercial trackers than government and Iran/Syria interception is only speculatively nsa). So ~15% NSA stories really isn't that overwhelming.

Re:Getting tired here

[betterprimate]

Go here:

http://science.slashdot.org/

Re:Getting tired here

[he-sk]

Hackers can't afford to be apolitical anymore. It's what brought us to the current situation.

Re:Getting tired here

It's an article about encryption and mathematics. It doesn't get much nerdier than that.

Re:Getting tired here

[Infestedkudzu]

Hey I get it, you need a hug. There isn't one of us that isn't a nsa poster that doesn't get down on the issue. You wouldn't have bothered to respond if you didn't care. This stuff has been getting me down long before NSA . Have a cup of coffee, read a short about fighting the good fight and we'll see you tomorrow. I don't know if we'll succeed but we'll try hard.

Re:Getting tired here

And defeatism helps how?

The threat is not hypothetical at all. Everyone is being monitored and can be singled out for saying the wrong thing at the wrong time.

Re:Getting tired here

Slashdot has always been about tech politics as much as it's been about tech. You can't actually separate the two. Tech has always been political and is becoming ever more so.

Re:Getting tired here

>Work on your spelling and grammer

Indeed.

Re:Getting tired here

[tonfagun]

You got to be kidding, right? I mean, I can understand the /sentiment/ behind your comment, but think about it for a second: it's a topic us tech/science people deeply care about (privacy, government control, etc), and as it turns out our worst fears were pretty much true. Now it's finally getting some exposure, so a broader public gets in on it, and maybe, just maybe some momentum will build and a larger number of people will say 'hey, I don't like this one bit.' ... And you want to read /less/ of it?

Okay, let me put it differently: I could see your point if every single submission, or maybe even just half of the submissions would be NSA themed. The way it is now, it's one or two submissions per day. If that's too much exposure for you, then you really don't care much if things change or not.

Re:Getting tired here

[metiscus]

All it is these days is NSA, NSA, NSA.

You have a uid of >3,000,000 and you are complaining about "these days" as though you have been here a long time. Just go back to wherever you came from, a week or so ago.

Re:Getting tired here

Hahaha disregard that!!! I suck cocks!

Re:Getting tired here

[TangoMargarine]

Yeah, because everybody makes an account the first day they start reading Slashdot.</sarcasm>

I was lurking for like a full year before I registered.

Re:Getting tired here

I've been reading /. regularly since 1998, but I only just recently made a user account (which I rarely use). UID doesn't tell you everything.

Re:Getting tired here

[emt377]

We, as a collective, can outsmart them all, and then we can create open source software easy enough for the masses to use. We've done it before and we can do it again. THEY are not infallible!

The people who are smart and knowledgeable enough also aren't concerning themselves with the NSA. They already know someone with the resources of a major government can brute force or less any cipher. This is why security classifications are based on the time duration for which a secret can be assumed to stay that way. For most battlefield comms it's a few hours.

So what if the NSA can use a billion-dollar grid to crack a handful of key pairs or TLS session keys per day? We expect them to be able to. It's their job to be able to, so we can find out what our enemies are up to. And they're no different from any other intelligence agency on the planet in this regard, except they work for a country at war (the Taliban still hasn't laid down arms or shown a willingness to discuss cease-fire terms) so have the resources and plenty of enemy communications to break.

a few hours for one key would be good

[raymorris]

If that speculation is right, that a billion dollars will buy hardware that takes a few hours to break one key, great. That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.

Re:a few hours for one key would be good

That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.

Maybe suspected terrorists should be denied all rights, just in case

No one would suspect YOU of being a terrorist, so this is ok, right?

Re:a few hours for one key would be good

They (NSA, GNCQ etc) have access to much more than a billion dollars. Combine that with Moores Law, doesn't look so good...

Re:a few hours for one key would be good

[girlintraining]

If that speculation is right, that a billion dollars will buy hardware that takes a few hours to break one key, great. That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.

I think you're looking at this backwards; They won't spend any money to break your key because you're worth zero dollars. What could you possibly be doing that would warrant the NSA's interest? You need to understand the organization; They primarily do signals intelligence, and they operate in a support role to other agencies, principally the CIA, FBI, and DHS.

The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority. They may record all cell phone calls, but they don't listen to them all. They may record all internet traffic, but they don't review all of it. In order for them to expend resources, there needs to be a reason. You could be using '1 bit' encryption and it would be as interesting to them as '1 million bit' encryption.

In security, your defenses need to be harder to break than the value of the thing being protected. Although Tor's encryption may be insufficient against a government, it is plenty strong for most everyday uses -- getting around corporate proxies, location-locked services (like shows the BBC offers, Netflix, etc.), and for proxying to Facebook. Yes, I use Tor to connect to Facebook... because I don't want them knowing where I am, and my IP address provides a wealth of marketing information to them. I also don't use my real name, but really, the main reason is just to piss in their data collection cheerios, not because I'm doing it to be 'anonymous' or 'super secure'. And this is what most people use Tor for; along with browsing bittorrent sites (though downloading is still direct...), and other things that they may feel uncomfortable with having a readily-accessible record of at their ISP's office (gay porn anyone?).

The NSA cares not for these activities. It's logged all the same, but until they say that, say, "the alias raymorris on slashdot indicated he may be in possession of classified materials" all that data just sits on a harddrive somewhere, waiting to expire. The NSA just waits for the phone call.

That said, a few hours to break one key is pretty petty for accessing your internet traffic or mine, but if Al Quaeda has a hidden service inside Tor they're using to communicate with, a secret website if you will... now those few hours' worth of electricity seem very, very worth it.

You've gotta understand that security is not an absolute; There is no "secure" versus "insecure". There is only no security, and then varying degrees of more security; And good security is when it costs more to break it than the value of the thing being protected. Great security is when that's true and the computer functions the way you expect.

Re:a few hours for one key would be good

people should just start posting and emailing 1million bit encrypted shit all over the plus just to fuck with them

Re:a few hours for one key would be good

[Yvanhoe]

This is good only if you work under the assumption that you will not disturb any entrenched interests. As a European who works for European companies with US competitors, I can not assume that no one will ever spend a few hours to know what is inside the mails I sent to my boss.

This is not an hypothetical case. In my last job we were in direct competition with IBM and were exchanging crucial pricing information through email. There has been precedents of ECHELON being used to gain economic intelligence (google "echelon airbus boeing" to learn about that)

Re:a few hours for one key would be good

you are the one looking at it wrong. we get a leak once a week, that generally shows previous claims were false or incomplete. so we don't know what they do.

being able to crack some encryption means they will likely store what they can unencrypted, if it meets some threshold. one end being a foreign location, or keywords, or being one or two degrees of separation from a suspect.

a few hours for one key times how many chips? break 10 keys a day, and keyword or contact search each broken connection. or 100 a day.

you are right, they don't know if you are a bad guy. but they desperately want to find out before you surprise them. yes, active cases take priority, but if you have the 256 bit key, you are the obvious target for idle cycles.

how do they know you're not a threat if they don't decrypt your data? from the start, they said they hang in to data until they find it is an American, then dump it. are you saying no one reviews this data to determine that, even if automatically, unless another agency requests it? dump in the decrypt queue and see if you get anything interesting is more likely. especially since this whole story is about NSA cracking encryption.

Re:a few hours for one key would be good

[__aaltlg1547]

If you're not concerned, you should be. You might not be worried about the government having access to your private information because you figure you're not a target and if they come after you, there's a lot worse they can do than read your data. But in a year or two thieves will be able to crack what the NSA can crack now. They don't want to put you in jail. They just want your money and if you think the NSA hasn't much respect for the law, watch how little the thieves have.

Re:a few hours for one key would be good

[girlintraining]

This is not an hypothetical case. In my last job we were in direct competition with IBM and were exchanging crucial pricing information through email. There has been precedents of ECHELON being used to gain economic intelligence (google "echelon airbus boeing" to learn about that)

Oh please. Every government engages in industrial espionage. The French are so well known for it that CEOs for pharmaceuticals that check-in to local hotels are told not to use the fax machine or internet there, and to keep their laptops in their room, and to bring their own locks to secure it and not use the hotel safe or in-room safe as the cleaning crew often isn't the usual maid service. I mean, this is SOP. Not that I'm picking on the French -- they're only guilty of being particularly bad at doing it covertly, but everyone does it.

One does not need ECHELON to spy on a company. Hell, showing up to replace a printer in slacks and an official-looking work order is usually enough to get into a building... and having a rigged printer that records all the jobs sent to it is a nice opener. Following up with a power strip with its own wifi, mini computer, and cat5 pass-thru is a good follow-on. Why do people assume you need satellites and taps on hundreds of internet routers all over the world to do this?

And don't underestimate blackmail, human stupidity, or the CEO's penchant for keeping a post-it note with his password on his computer, trusting that his secretary and security staff would neeeeever let anyone in who wasn't supposed to be there.... and of course, nobody ever takes bathroom breaks while watching the CEO's office over lunch time.... -_-

And as a bonus... most corporations record all e-mails to monitor their employees. Amusingly... these systems are usually less secure than the ones they're tapped into. So if you don't have the money to bring your own equipment... they're usually nice enough to provide it for you.

Re:a few hours for one key would be good

[swillden]

The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority.

This is why it's important that web servers enable ECDHE key agreement, which provides forward secrecy. Basically, the only way to penetrate it is to mount a man-in-the-middle attack in real time. Recovering the server's private key later does not provide the ability to decrypt stored traffic.

Re:a few hours for one key would be good

nice try nsa apologist

Re:a few hours for one key would be good

What could you possibly be doing that would warrant the NSA's interest?

Today, nothing. But are you sure the government in a few years in the future will think the same? Maybe that one article you read (oh right...) on hacking will be enough to put such dangerous individual away.

until they say that, say, "the alias raymorris on slashdot indicated he may be in possession of classified materials" all that data just sits on a harddrive somewhere, waiting to expire. The NSA just waits for the phone call.

Or, you know, a bored admin decides to read it. Before you say "but ethics", let me remind you he works for the NSA.

Other than your almost fanatical devotion to the Pope, you're correct.

Re:a few hours for one key would be good

[dalias]

You missed the point: the NSA likely has the capacity to break systems which SHOULD provide forward secrecy, as long as the key size is sufficiently small, for example 1024-bit Diffie-Hellman. Migration to larger keys is needed to combat this. I may be mistaken, but offhand I believe with DH each additional 2 bits will double the resources needed to break it.

Re:a few hours for one key would be good

[j-turkey]

I disagree with your assertion that since you're not a terrorist, the NSA has no interest in you and/or what you do. Law enforcement tools are always used to their fullest extent. I mean, it makes sense; law enforcement is a bit hamstrung by rights guaranteed under the constitution - they will use whatever tool is at their disposal to get their job done.

Whether or not you were investigated when the system was new is irrelevant to what law enforcement has started (or will start) using these systems. Also, to obtain a FISA warrant for an investigation related to terrorism is quite trivial and open to interpretation. Any evidence discovered of other crimes in that warrant is usable in court. I have seen it first-hand while siting on a federal jury last summer. A US khat-selling ring's sending money overseas was investigated by DHS due to concerns about possibly funding terrorism. It wasn't, but the multi-million dollar investigation had to net something - so I sat on a jury for 5 weeks and sifted through mountains of wiretap transcripts so the federal government could incarcerate a bunch of taxi cab drivers who wanted to chew some khat so they could work a little later and make a little bit more money.

I hate to be the slippery slope guy...but this is typical. It's only a matter of time until these law enforcement tools are used on a wholesale basis (if they aren't being already). After reading about the extremes that the Soviets would go to under Stalin (if you were being investigated, you must be guilty of something), I feel like I have a fair understanding for how far things can go. I'm not suggesting that America is going that way...but why give her the chance, especially when we can do something now? Why not start setting some limits on this stuff? I think that the risks of what's going on outweigh the benefits. Is it unreasonable to do an honest analysis of the real risks of terrorism against the security measures that our government is putting in place?

Re:a few hours for one key would be good

Fascist pig.

Re:a few hours for one key would be good

[AHuxley]

As the history of phone data hints, they keep it 'all' and when your noticed, all your digital life is fair game.
The real trick is what gets you noticed... the web 2.0 'jokes' seem to point to not much at a federal, state or city level.
vs a book on a political dynasty or a history of cryptography with new interviews on wars of the past 10~20 years...
The fact that random posts are found so fast seems to point to some very robust, cheap and quality code in constant use below the federal level.

Re:a few hours for one key would be good

[Lennie]

It would be kind of OK if that was true.

But you are wrong, because they don't have the resources to keep ALL that traffic data. They get a LOT of traffic data.

In at least the UK they got a copy of all traffic going through a bunch of undersea cables and Germany they basically get a port-mirror from certain transit providers.

So they have a computer to look at the data to find 'interesting' stuff.

Then they store it for up to a couple of weeks. Until a request comes in for some information and a human queries the data and looks at just a little bit. Anything that looks even remotely interesting will then be kept forever.

The problem is, what are these criteria that the computer and human are using to mark stuff 'interesting' ? And don't say, it's just a computer. That computer algorithm is fed by a human too.

That is my problem with this.

Their is a paper trail of the second part, but it is secret.

Re:a few hours for one key would be good

[Njovich]

Ok, so I live in Netherlands. The US is wiretapping most of the worlds traffic, and the excuse is that all governments do this? No they are not. I really don't think Dutch intelligence services are spying on IBM to get better deals for companies. There are a handful of countries that do this shit at a bigger scale, and all of them should stop. This is no way to treat the citizens of other countries, especially if there is no national security issue.

Frankly, the only thing I've heard about this that is more insulting is the 'oh, it's not a problem because we only do this to foreigners' excuse.

Re:a few hours for one key would be good

Uhuh, the data just sits there, until you run for Public Office, run against a popular incumbent in Public Office, apply for a PI or Security Guard license, apply for a Police job, apply for enlistment in the Army, want to start a Preschool, apply for a Teaching position at a preschool, apply for a job at a Financial Institution, apply for a job as a Registered Nurse... So, yeah, the data just sits there and no-one ever looks at it...

The only way to safeguard yourself is to not hand the data to them in the first place.

Re:a few hours for one key would be good

[houghi]

Does not work for me. The reason is that I do not know if I am a terrorist or not. We live in a time where EVERYBODY can be labeled a terrorist or worse.

Re:a few hours for one key would be good

[Burz]

There is a problem with your, urm, political philosophy: If the government is even a tiny bit short of being perfectly rational and fair, the net effect of all that desire to store information from absolutely all communications will become monstrous. Before long, it will resemble a kind of absolute power and so will attract the most corrupt.

No, the NSA can't afford to 'go after' everone at the same time. But like some perfect archetype of the fishing expedition, they can go after anyone at any given time.

You've gotta understand that security is not an absolute;

Then tell that to your secret police idols.

Re:a few hours for one key would be good

Why'd you go cracking their keys when you are openly supporting their terrorism against sovereign nations?

Haven't you watched the news. Al-Qaeda are the good guys now.

Re:a few hours for one key would be good

[Burz]

So you work in pharmaceuticals?

Re:a few hours for one key would be good

[nbauman]

I disagree with your assertion that since you're not a terrorist, the NSA has no interest in you and/or what you do. Law enforcement tools are always used to their fullest extent.

National security agencies will use their tools not only against criminals, but against their political enemies who are engaging in Constitutionally-protected activities. For example, J. Edgar Hoover used to tap Martin Luther King's telephones, and then spread personal information about King's sex life to try to harm the integration movement.

Or a recent example. Eliot Spitzer was the Democratic governor of New York, and he was an effective governor who was aggressive about shaking things up. Banks have to report every transaction by every customer of $10,000 or over to federal authorities, and every transaction under $10,000 that looks "suspicious." So the feds get this huge flow of reports. One of the reports was on Spitzer. They investigated and found out as the result of this fishing expedition that he had used an escort service, which was probably legal and almost never prosecuted. Nonetheless, the Republican Attorney General decided to prosecute Spitzer for this, and leaked his name to the press. The Republican AG offered Spitzer a "deal" -- if the effective Democratic governor resigned, the Republican AG wouldn't prosecute him. Spitzer resigned, and was replaced by David Patterson, who didn't want the job and nobody, including Patterson, thought was qualified.

So there you have a partisan use of confidential information that a federal agency got through its financial monitoring process, that a Republican AG used to get rid of an effective Democratic governor.

The more electronic monitoring we have, the more it will be used improperly by politicians to damage their enemies.

Re:a few hours for one key would be good

[nbauman]

This is not an hypothetical case. In my last job we were in direct competition with IBM and were exchanging crucial pricing information through email. There has been precedents of ECHELON being used to gain economic intelligence (google "echelon airbus boeing" to learn about that)

Oh please. Every government engages in industrial espionage. The French are so well known for it that CEOs for pharmaceuticals that check-in to local hotels are told not to use the fax machine or internet there, and to keep their laptops in their room, and to bring their own locks to secure it and not use the hotel safe or in-room safe as the cleaning crew often isn't the usual maid service. I mean, this is SOP.

So because everybody does it, it should be legal and I should accept it when my own country does it to me, without even a national security interest?

Re:a few hours for one key would be good

Wrong. Stop lying. The NSA does not just sit and wait for the phone to ring.

They provide daily summaries and briefings to a host of officials and agencies.

Intel regarded as an imminent threat is shared immediately with the cognizant agencies.

They share "red flag" positives with the DEA, FBI, and DHS automatically (and usually illegally).

They sell data to marketing and other "partners" to enhance their black budget earnings.

How do I know? You'll have to water-board me to find that out.

Re:a few hours for one key would be good

Does not work for me. The reason is that I do not know if I am a terrorist or not. We live in a time where EVERYBODY can be labeled a terrorist or worse.

I make it easy for the government. I am a terrorist in that I want the government overthrown due to abuses upon the people. Obama is a tyrannical megalomaniac superceding even the "God told me to invade Iraq" George Walker Bush.

Re:a few hours for one key would be good

[WGFCrafty]

Is it unreasonable to do an honest analysis of the real risks of terrorism against the security measures that our government is putting in place?

No, it's damned reasonable. So reasonable the president himself was saying we need an evaluation of what's happening.

He, however, was unwilling to provide any detail, leaving that sort of discussion relegated to the paranoid, and the people probably selling, buying or using this info-arsenal (think that's as good of term as any).

Snowden helped out there, and overall I think his revelations helped America more than they harmed.

Obama had no clue how open of a discussion would be going on.

Re:a few hours for one key would be good

Oh please. Every government engages in industrial espionage.

Exactly, and including the US. And it is a problem. Are you even in disagreement there?

Re:a few hours for one key would be good

How do you know how the NSA operate?

I only know how _I_ would operate all this info.. Agent-based prediction modelling, culture and politics shaping, media distortion simulations and strategy builder, world-wide 3D historical surveillance / history of all known geolocations, correllation searches across all domains, war games, the list goes on and on and on...

If I had _my_ way over NSA, we would no longer live in a democracy, only in an illusory one, and I'm not even that clever a person as evil people are clever in self-destructive ways.. However, I'm more mature than wanting to contribute to such atrocities.

Can it be abused? Hell yeah! The very act on spying on your own population is abuse in itself! Basically, such technology short-circuits any failsafes and give power to the elite few to basically conjure up or manipulate any world-wide event they please.

It's not like information, once collected, is easy to contain either, so the morons behind this are responsible to releasing all this information to criminals, mob and foreign states and adversaries as well.

Re:a few hours for one key would be good

I'm not finding any sources backing up the assertion that *anyone* has the capacity to break 1024-bit DHE without compromising the endpoint. TFA does not, nor does the blog post. I'm not saying it isn't possible, it's just quite a big assertion and requires more than just a random phrase like "everyone seems to agree", especially once you add the weasel words "if anything".

Re:a few hours for one key would be good

[jmhobrien]

That wasn't his point. The point was the NSA cannot afford to break every key.

Re:a few hours for one key would be good

[santosh.k83]

Couldn't agree more. Also the majority of comments from Americans who are outraged at the NSA activities seem to indicate they're so pissed off only because it has now been shown that NSA is *also* spying on Americans! This is exactly the same "Who cares about the other guys" mentality that has led the NSA and the higher echelons of America's politicians and military to act like this: to them, the majority of America's people have also now become "others," and hence the casual treatment of American laws and citizens as well. Non-Americans are "others with no rights, not even human rights" while American citizens are "others with least possible rights."

Re:a few hours for one key would be good

[mrchaotica]

No, the first piece of hardware to break a key in a few hours costs a billion dollars. The next million of them off the assembly line cost two bucks each.

Re:a few hours for one key would be good

[swillden]

You missed the point: the NSA likely has the capacity to break systems which SHOULD provide forward secrecy, as long as the key size is sufficiently small, for example 1024-bit Diffie-Hellman.

No, you missed the point. It is, perhaps, a subtle point, because the meaning of "forward secrecy" isn't obvious. Let me explain.

Having the ability (assuming they do) to crack 1024-bit keys does not give them the ability to read very much of the world's traffic because even if they can crack each key in a few hours, there are way too many keys. girlintraining said that they address this by capturing and storing all of the encrypted traffic so that at some later point in time when they realize they need to read some particular piece of it, then they can crack the relevant key (in a few hours) and decrypt it.

But if servers use algorithms that provide forward secrecy, they can't do that. If you have recorded traffic and later crack the ECDHE private key used by the server to derive the session key with which the actual data is encrypted, you still can't derive the session key or decrypt the data. That's what forward secrecy means.

To crack recorded data, you'd actually need to crack two 1024-bit keys... the server's key and the client's key. While the server's key is fixed (until rotation), the client generates a new random key for every session. This means that if the NSA has recovered the server's key, they still have to do that several-hours-of-computation for every single SSL session they want to read. And even that doesn't state the full difficulty of their problem, because unless they can somehow break into the server to recover its private key, the problem they're facing is cracking two 1024-bit keys at the same time from the same data stream. That problem is equivalent to cracking a 2048-bit key, which requires on the order of 10^10 more effort.

Of course, what they actually have recorded is many sessions which all use the same server key but different client keys. There may be some way to exploit the fact that the same server key is used in all of them to optimize the process a little. If so, no one in the public cryptanalytic world has found it, and it's not obvious mathematically that it would exist. But it's vanishingly unlikely that this supposed improved method wouldn't still be orders of magnitude harder than cracking a single 1024-bit key.

The other benefit of ECDHE over RSA is if we vary the threat model a little bit. Suppose, for example, that the NSA has bribed some employee at a big Internet site (say, Google) and obtained a copy of the server private key. If it's an RSA key, the NSA can then decrypt and read all traffic to Google which was protected with that key. If it's a DH key, they have to crack the client key for each individual SSL session before they can read that session, unless, of course, they've compromised the client thoroughly enough that it hands over each key it uses -- but if they've done that they can simply have it hand over the data, bypassing all of the crypto crud entirely.

And if servers switch to using 2048-bit ECDHE, as Google has recently done, then the whole thing becomes completely intractable, even with the server private key, unless the NSA is mounting MITM attacks, which are fairly easy to detect.

I may be mistaken, but offhand I believe with DH each additional 2 bits will double the resources needed to break it.

You're mistaken. Determining key strength for asymmetric keys is not easy to do, but assumptions based on the complexity of the number field sieve (the best known algorithm for cracking DH as well as RSA) provide a decent way of estimating. From the estimates in RFC3766, I get that to add one bit of security (double the resources) of a 1024-bit key you'd need to add 25 bits to the key length. To add a bit of security to a 2048-bit key you'd need to add 36 bits to the key length. For a 4096-bit key you'd need 52 more bits.

Re:a few hours for one key would be good

[Qzukk]

That would mean nobody is going to break MY key

Yes, obviously the NSA buried a billion dollars of equipment in concrete at the bottom of the Mariana once they finished decrypting Al Qaeda's keys an hour after buying it.

No, your key is #125125215 in the queue. Though since you expressed an interest, I'm sure they can bump it up to be decrypted in the next few months.

Re:a few hours for one key would be good

and then spread personal information about King's sex life to try to harm the integration movement.

He did worse. He sent anonymous letters to King threatening to expose him unless he committed suicide.

That would never happen today, of course. Not because they aren't evil enough, but because there's no need for such crude, ham-fisted approaches today. Today, they'd know vastly more about King than who he had sex with. He could probably have been neutralized without ever having the suspicion that someone wanted him gone.

Re:a few hours for one key would be good

[marcosdumay]

Well, by the other side, Al Qaeda people are probably smart enough to use a longer key, so all the NSA will have the power to breeak are the communication of people like you.

And if they ever spend that billion to acquare the capacity, they'll use it, whatever targets they have.

Re:a few hours for one key would be good

[girlintraining]

I disagree with your assertion that since you're not a terrorist,

Excuse me, you're putting words in my mouth. I talked about the value of your communications versus the cost of capturing and decoding them as the metric by which the NSA chooses to decrypt or not. I didn't put a restriction about you having to be a terrorist for it to be valuable enough -- I used an example of terrorism as an example of high value communication.

Re:a few hours for one key would be good

[tinkerton]

I've seen an interview with an ex nsa guy (William Binney) that at the moment they went way further than the 'one or two degrees of separation rule' (his position that they should stick to that rule and that they're way out of line now). Of course they'll still prioritize.

The main thing that bothers me with an article like this is the emphasis on the really hard encryption. Most hacking happens at other, often mundane levels. With TOR for example, they'll make sure they've got access to servers.

Re:a few hours for one key would be good

[Yvanhoe]

Ok, I am sick of people missing the point totally. This is not about saying "oh! nasty US! we should team up with Russia instead!". This is not about saying how easy or hard it is to break into a company's network

This is about TOR, this is about what TOR is supposed to be and this is about why it is unacceptable that the NSA can break a key in a few hours.

You are totally free to not care about security, but understand that in many fields, this mean lost contracts and millions wasted.In all IT wompanies where I had admin rights, and I did this job as a side attribution, a few hours a week, none of the tricks you proposed would have worked : network was switched, passwords encryted, local machines not trusted, printer maintenance was made internally, crucial technical information was not accessible by non tech-savvy people, and in two of them, offices were locked during lunch breaks. Basic security is easy and cheap, and some people do it well. Some of us take security seriously, and TOR is a tool that should be trustable in such a context. It is generally and, honestly, we were aware that it was probably not 100% NSA-resistant, but it aims at being, and in that context, this problem is a big problem.

Re:a few hours for one key would be good

[j-turkey]

Excuse me, you're putting words in my mouth. I talked about the value of your communications versus the cost of capturing and decoding them as the metric by which the NSA chooses to decrypt or not. I didn't put a restriction about you having to be a terrorist for it to be valuable enough -- I used an example of terrorism as an example of high value communication.

My apologies. I was using your example of high value communication and terrorism interchangeably; especially with regard to the NSA supporting other agencies. However, it does little to diminish the point that I was trying to make. It's only a matter of time until it's cheap and easy enough to look at anyone for any reason - the phone call that the NSA was waiting for to have them mine our data will soon become an email, then a batch request, then they'll be helping any federal or state agency to look at everyone automatically. Over time, that cost:value curve changes - and the cost of analyzing the data drops to the point where an extremely low value target is worth looking at extensively...or am I still misunderstanding your point?

It does seem like you have an understanding of systems security, and I do agree with what you say about weighing the value of what you're securing versus your adversaries interest, resources, etc. (Not exactly what you said, I know; but please excuse my loose paraphrase).

Re:a few hours for one key would be good

Let's all collectively ignore the fact that MLK was a huge womanizer who had neanderthal attitudes towards women. If he were alive today, he would have been destroyed by feminists years ago. Let's also ignore the fact that he plagiarized his master's and doctoral theses. "Pay no attention to the man behind the curtain!"

Re:a few hours for one key would be good

[girlintraining]

There wasn't a point beyond the basic security principles outlined earlier. The OP suggested the NSA can spend billions to build data centers for the express purpose of cracking Tor keys. Well, okay... but ignoring the setup costs, the cost of electricity isn't tiny. Is the value of what's being protected worth more than that juice costs?

The NSA wasn't interested in people's gay porn habits before it was encrypted. They were just logging it and storing it. Doing the same thing on the Tor network doesn't change the equation any, it just increases the cost of accessing the data from slightly more than a few pennies to perhaps some several thousand dollars.

Does this mean anything to the average person? No, not really. Just make sure whatever you're communicating is worth less than that. New technology changes the values in the equation... but the equation itself remains unchanged.

Think of it as the Tao of security.

Re:a few hours for one key would be good

[girlintraining]

none of the tricks you proposed would have worked : network was switched, passwords encryted, local machines not trusted, printer maintenance was made internally, crucial technical information was not accessible by non tech-savvy people, and in two of them, offices were locked during lunch breaks. Basic security is easy and cheap, and some people do it well. Some of us take security seriously, and

... And I promise you that I could still get in where you work and own your network all the same. The fact is, the more links in the chain, the weaker the chain is overall. Humans are... human. They make mistakes. They trust. They forget. Even the NSA suggests that you assume your networks and machines are already compromised. That's where you start. Your attitude of "Oh, we're secure! That would neeever work with us" smacks of inexperience in the field of security.

The reason why the military and our intelligence agencies compartmentalize information, restrict everything to 'need to know', etc., is to reduce the number of links in the chain. It's to reduce the attack surface area. They know that if you capture someone and torture them, they will eventually tell you what you want. A pair of pliers and a lack of morality beats your 9 trillion bit encryption every time. Blackmail is effective as well -- you think all those arbitrary hoops they put people through for their security clearance is to test their loyalty? It isn't. It's to make sure that the people themselves don't have any exploitable conditions... no secrets, no financial problems, etc.

Tor is not, and never has been, trusted for high value communications and if you are, you're an idiot. Let me say this again: Tor for high value communications is an incredibly stupid thing to do, and you should be ashamed for suggesting otherwise. Tor does not add security... it adds anonymity and there is a big, huge, massive difference between these two things.

There is NOTHING Tor can do to prevent the site you're visiting through it from being compromised. Nothing it can do to prevent drive-by browsing attacks, injected javascript, or many, many other exploits. Everything that can be done to you on the internet, can be done to you over Tor. The only thing Tor helps you with... is camoflaging your IP address, and it does this imperfectly. An adversary such as a large corporation or government has the resources to pierce such camoflage, and you should proceed accordingly when using Tor.

And you missed the point here; You can crack Tor. Anyone can, with enough resources. There is no complete system that has zero vulnerabilities... Tor, encryption, computers... there will always be a weak link. Always. Always. Always. There is no such thing as 'unhackable'.

I'm not worried about the NSA. I'm not worried about the CIA, the FBI, Iran, Iraq... aliens from Mars; All of them are subject to the same natural laws of security. If the security is more costly to break than the value of what it is being protected, it's good security. The end. It doesn't matter if the attacker is the NSA, or a million trained monkeys.

That was my point. And you missed it. You got lost in the example, and failed to see the larger picture... like so many amateurs before you. Let me be clear: Tor can be cracked. It's been crackable from day one. Everything can be cracked. But as long as the effort required to crack it costs more than the value of what you're protecting, you needn't worry.

Burn this into your skull, and stop being Chicken Little.

Re:a few hours for one key would be good

[...] Basic security [...]

[...] That's where you start. [...]

AGAIN. How about you argue about something you disagree with.

Other than a few uber nerds

[BitZtream]

pedophiles and botnets ... no one uses Tor that matters.

Sorry guys, Tor is designed to be used in all the ways we've spent years trying to fix broken internet protocols from doing, you really need to stop drooling over it. Its not actually a good solution. It is in fact an absolutely shitty solution to the problem, as its really a way to create a bunch of new ones.

If you have to hide, the Internet isn't for you.

Re:Other than a few uber nerds

Ok, then don't use https at all.
Don't use a password. Make all your files available to the public.
You dont have anything to hide, so why hide it?

Re:Other than a few uber nerds

[wrackspurt]

If you have to hide, the Internet isn't for you.

It's kinda twisted. I'm just guessing but I'm guessing everything a pedophile would want, and, maybe even a terrorist would want is available in some hard copy someplace they could access with much less likelihood of getting caught. It's like using the Internet is part of some twisted rush they looking for.

Re:Other than a few uber nerds

[black3d]

What's this "have to hide" bullshit? What if you want to hide? A large percentage of the population are introverts, and a significant proportion of both those (among others) don't have any desire to share anything personal with anyone, at least aside from those they choose to. Some people like privacy, like anonymity, like not being seen by others. Hell - I get a serious case of anxiety if someone is merely standing behind me, no matter how innocuous my activities.

Please, don't start with this "if you have nothing to hide, you have nothing to worry about" utter crap. The next step to that is "if you have anything to hide, you're probably a pedophile" which you're already alluding to. No, we just don't like oxygen-wasting cretins sticking their nose into our lives. Considering such a vast number of people value their privacy in exactly the same way, this behavior is *natural*.

I make very little effort to hide my presence online. But if I did choose to, then by no means does anyone have any justification to suggest that there's something wrong with wanting to hide. It's part of the human condition - some people like being seen, being known, being pored over - some people prefer the exact opposite.

You might suggest this is an over-reaction, that you're merely pointing out that the internet isn't for people who want to hide. But the point is, it should be. You should be directing your energies to fixing the problem - not just throwing your hands up and saying 'don't bother trying to hide even if you want to'.

Re:Other than a few uber nerds

If I pay all installation fees, maintenance costs, and a small monthly rate, would you permit me to install HD cameras in all the rooms of your house? (including toilets). I'd like to run my own free to view reality TV show for my site but am having trouble setting this up fully above board due to privacy laws. All I really need is someone such as yourself who understands that privacy is pointless and is willing to sign away all the corresponding legal rights.

Re:Other than a few uber nerds

[djdanlib]

Exactly. Some activities need to stay hidden. For example:

* I don't want someone's Christmas gift to be spoiled for them.

* My neighbors don't need to know how much my electric bill was, or what tier of service I have hooked up to that wireless router.

* I have a very dedicated stalker, whose information is limited because that person can't dig into my email or other accounts to find out what I'm up to.

* If I post on a forum for people who own a particular product, I don't need people to be able to find my house so they can steal it.

* A friend who's hurting after a disastrous breakup might email me something in confidence. That should stay confidential.

* Employment and tax documents, with pay grade information and SSNs and all kinds of other PII.

* Online banking, anyone?

* I may compose some music that isn't ready for release yet, and that needs to stay private until it's been polished.

* Medical records about who has what rash on their what now?

There's just some information that doesn't need to be free. No nefarious intent, just things that shouldn't be public.

Re:Other than a few uber nerds

[penix1]

You might suggest this is an over-reaction, that you're merely pointing out that the internet isn't for people who want to hide. But the point is, it should be.

No, it shouldn't. You are doing the same exact thing you are accusing the poster of doing. Imposing your will on the entire Internet when you do that. The whole intent of the Internet is to share data. What form that data takes is irrelevant. It is far easier if you are that paranoid that you leave the Internet than to ask the Internet to conform to your paranoia.

Re:Other than a few uber nerds

pedophiles and botnets ... no one uses Tor that matters.

Sorry guys, Tor is designed to be used in all the ways we've spent years trying to fix broken internet protocols from doing, you really need to stop drooling over it. Its not actually a good solution. It is in fact an absolutely shitty solution to the problem, as its really a way to create a bunch of new ones.

If you have to hide, the Internet isn't for you.

Prove it, post your unedited, unblocked out tax returns, credit card statements, bank statements, phone records, emails, texts, and browser history. Now who has something to hide?

Re:Other than a few uber nerds

[bmo]

"If you have to hide, the Internet isn't for you."
"pedophiles and botnets"

Are you cutting yourself with that edginess?

You know what, I've yet to see anything worth reading coming from your keyboard and this is your crowning glory - associating people who want some privacy with pedophiles.

Your opinions are worth less than the photons they have been written with.

Ciao. Meet your new status.

--
BMO

Re:Other than a few uber nerds

Nonsense. No one is trying to use the force of the government to alter people's use of the Internet, so no one is asking the Internet to conform to anything. What's happening is that people are voluntarily using certain tools and protocols; that's it. There is no hypocrisy there, as all he did was point out why the "nothing to hide, nothing to fear" nonsense is just that: nonsense.

Re:Other than a few uber nerds

[BitZtream]

If you don't want people on the Internet to know shit about you ... don't use the Internet and publish shit you don't want people to know on it. Its that simple.

I have plenty I don't want people to know, and you know what ... YOU WON'T FIND IT ON THE INTERNET.

The Internet is a public network for many things, this silly fantasy you have about hiding is just that, a silly fantasy. You were NEVER anonymous on the Internet, you have ALWAYS been logged, you just aren't smart enough to realize it.

I make no effort to hide my self online, I just don't put the shit I don't want people to know anywhere near it. Its that simple.

Do you understand what communication is? Do you understand that the Internet is a communications medium ... the WHOLE POINT IS TO SHARE INFORMATION.

I made no mention of that retarded 'nothing to hide nothing to fear' crap, you did. You should be directing your energies towards getting a clue rather than telling me that a public network is meant as a place to hide.

Your anxiety issues can be treated, the Internet is not proper treatment, you're hiding and making your own problem worse. You use the Internet as a crutch. Man up and fucking go see a damn doctor and stop being such a coward.

Re:Other than a few uber nerds

[BitZtream]

Am I supposed to be impressed at your reply? Did I hit a nerve?

I said nothing about people who want privacy.

I'm a firm believer in privacy, I'm not just no so retarded that I use PUBLIC NETWORKS for PRIVACY and then bitch about it.

You're ignorant of well known and cited reports about Tor usage.

Tor is a shitty solution to wanting privacy. Instead of ranting and ruffling around trying to look cool on slashdot perhaps you should get off your ass and act in that place called 'the real world' and stop voting for assholes who erode our privacy in far more damaging ways.

My new status? Whats that, I'm a foe of some douche on slashdot, OMG I'M GONNA GO CRY NOW. Seriously, grow up, get a clue, get out of your fucking moms basement and do something in the real world, judging by your UID you're what ... 40ish and you're still to stupid to realize that you have no privacy on a public network?

You utterly fail to understand why you have no privacy in the first place, you want to broadcast to strangers ... in secret.

For fucks sake, Tor was designed by the fucking US military, how stupid do you have to be to not realize they planned for ahead for dealing with public usage?

Re:Other than a few uber nerds

[BitZtream]

Why are you using Tor for online banking? They already know who you are.

Everything you've listed as being private except online banking doesn't belong on the Internet. If you're hiding your self from your bank, there are so many other fucked up things in your world that continuing to reply is clearly a waste of time.

If you don't want people to know those things, Tor isn't the solution. Not putting it on a public network in the first place is.

Tor is a shitty solution because of ignorant statements by ignorant people like you. If you want privacy, get a clue and act like it.

Re:Other than a few uber nerds

[udachny]

I made no mention of that retarded 'nothing to hide nothing to fear' crap, you did. You should be directing your energies towards getting a clue rather than telling me that a public network is meant as a place to hide.

you need to check your short term memory, here is a quote from you: If you have to hide, the Internet isn't for you.

By the way, just because people want to communicate with each other, it does not mean that their communications must be open up for everybody to listen. Internet is for communicating... with people that you choose to communicate with.

Re:Other than a few uber nerds

[black3d]

I'm not imposing anything on anyone. Far from it - I'm saying if people want to be left alone, then leave them alone. Unless you already have evidence they're committing a crime, then nothing they do is yours or my business. OP was saying "if you have to hide, stay off the internet". I'm saying that premise is offensive, primarily in that he's suggesting that people who "have to hide" are the same as people who "want to hide".

Re:Other than a few uber nerds

[black3d]

> Your anxiety issues can be treated, the Internet is not proper treatment,
Firstly, who said my anxiety was anything to do with the internet? I never even mentioned a computer. Stop making up shit.

> You use the Internet as a crutch. Man up and fucking go see a damn doctor and stop being such a coward.
I said I don't make effort to hide my online activities. I'm not talking about myself. I'm respecting those who do want to maintain their privacy.

> You were NEVER anonymous on the Internet, you have ALWAYS been logged, you just aren't smart enough to realize it.
Huh? Of course I realize that. I've been building networks since before the net existed. I just posted yesterday in fact about the futility of trying to hide your information on the net - http://slashdot.org/comments.pl?sid=4173525&cid=44773011

You're completely mis-understanding me. We're probably on the same page in a lot of respects. My issue isn't that you're suggesting that the internet isn't secure. My issue is that you make no distinction between people who "have to hide" and people who "want to hide".

> I made no mention of that retarded 'nothing to hide nothing to fear' crap, you did.
You did - as soon as you failed to make the above distinction, you treated people who want to hide but have nothing to fear as being in the same group as people who NEED to hide. For example, you said TOR is only really used by "uber nerds, pedophiles and bot nets".. So - anyone who uses TOR because they want to hide, who isn't an uber nerd or a bot is.. a pedophile?

I'm simply pointing out that your argument basically strips down the internet population into - precisely - those who have nothing to hide and those who need to hide. Not only are the two not mutually exclusive, but it completely ignores the category that the majority of people fall into who want to keep their privacy - those who have nothing to hide but want to hide anyway.

Your line of thinking is very near to treating anyone who uses encryption, or encrypted channels, or any means of trying to secure the communications, pre-emptively criminal. It's a line of thinking that needs to be stamped out whenever it's seen.

Re:Other than a few uber nerds

[lawnboy5-O]

"...get off your ass and act in that place called 'the real world' and stop voting for assholes who erode our privacy in far more damaging ways."

Bingo.

Cookie for BitZ!

Re:Other than a few uber nerds

Hey look, an insensitive clod in the wild! You fail at reading comprehension and being decent to other people. Good job. It appears in your other posts you just love to argue so here's something to chew on.

The GP and parent poster were conversing about privacy in general on the Internet, in a calm and reasonable manner, and you extrapolated the ludicrous conclusion that someone was using Tor for online banking out of that? Do you mean to tell us that you never participated in an online user group or collaborated with someone on a project by email? Never shopped online? Never had your place of employment email you a document related to your terms of employment? (You must not be in a tech field then, which makes one wonder what you're doing on Slashdot.) Haven't you heard of health e-record systems? You know, the ones you can't opt out of, because more and more hospitals are participating and sharing data. There is no air-gap between those and the Internet, I assure you, as someone actually knowing enough of the implementation details. In fact, some of them email the records for every visit and test result directly to the patient, or at least provide a Web interface to the database. How about your health insurance, do they have electronic records? Sure do. Accessible by people who also have Internet access on the same machine? Yes. Whoops.

There is an implicit trust placed in some things, such as a democratic government being for the people. Nice to see that trust is earned... or is it still? Some people want their governments to be accountable to them, to be trustworthy again. Not that it's likely to happen anytime soon with the malaise affecting the general world population who get to enjoy their entertainment and forget that their consumption of that entertainment is being monitored, analyzed and monetized, but some of them want it. The engineers who built the Internet were supposed to be trustworthy. The people who built Tor were supposed to be trustworthy. There was a lot of language suggesting that they were, and it received a reputation of trustworthiness. Now that the rug has been pulled out from under it, people want some assurance of privacy before they trust these key parts of their digital lives again. Loss of trust makes a very unhappy public.

What if the postal service or your country's government wanted to read your mail, peruse your packages, and file descriptions of the contents of every package away? Would you be OK with that? Isn't that a public network? They are probably already storing and analyzing your phone conversations -- yet another public network -- are you OK with that too? Airspace is public too, right? So you won't mind if your neighbors fly drones with cameras to look in your windows, right? It's legal if they can see it from outside in a lot of places. There are those fun 'see-through-the-wall' radar systems, why not mount that to a drone? After all, it's outside in public airspace, so it's not REALLY an invasion of your privacy since you shouldn't be up to anything illegal in your house anyway and should therefore be okay with someone broadcasting a live feed of what you're doing behind closed doors. What about using a laser reflecting off your window as a microphone to pick up conversations in your bedroom? That's just light reflecting off your house, how can that be illegal? You know you can train freely-available software to accurately analyze the sound of someone typing and play back their keystrokes, right? What about using magnetic GPS tags to track your car? GPS is public, right? You don't mind if an unintended audience picks up the call-home signals from that device and tracks your car, do you? That's just EM emissions out there where anybody can receive them, no big deal. How about an extra-outlandish scenario that is nonetheless possible - monitoring the power fluctuations in your home remotely, so as to determine what you're up to when they can't see you. It's not that difficult to do. Where do you draw the line for privacy? Apparently, not very far away fr

Re:Other than a few uber nerds

[MikeBabcock]

The whole purpose of the Internet is to connect machines. Whether data is shared or not is up to the users.

Re:Other than a few uber nerds

go die in a fucking fire communist, nigger loving fucktard.

- BitZtream (692029)

Re:Other than a few uber nerds

[Arancaytar]

(Man, if someone wants to know their christmas presents badly enough to crack 1024-bit RSA, just let them.)

Cryptography isn't the answer

We need to improve the political ecosystem. Throwing cryptography is easy for programmers (who know nothing else) but it fails to correct the underlying problem. Worse yet, our enemies (yes, there are legitimate examples of people who want to hurt us) benefit from this double-edge weapon.

"When all you've got is a hammer, everything looks like a nail." That doesn't just apply to programming, it applies to programmers. Stop being lazy and fix the underlying problem.

Re:Cryptography isn't the answer

Stop being lazy and fix the underlying problem.

Are you seriously suggesting we try to occupy the US and liberate it from its government?

Re:Cryptography isn't the answer

[BlueStrat]

Stop being lazy and fix the underlying problem.

Are you seriously suggesting we try to occupy the US and liberate it from its government?

Just assist and support the people in the US who are trying to curtail the out-of-control US government whenever and however you can with whatever can help.

The US government has been steadily growing and hardening itself against control by the citizenry and expanding its' scope & power beyond constitutional limits for ~100 years. It won't be overcome by a change simply between (D) & (R). The pendulum must swing back toward constitutional first-principles and a government that is small enough, and local enough, to be controllable by the citizens.

The American people, on the whole, have a long history of being basically good, relatively peaceful, and generous people. The US government, on the other hand, has grown far too large & powerful and has long ago lost any legitimate claim to actually represent the will or the character, spirit, or beliefs of it's citizens.

From a friendly/neutral foreign perspective, it would be far more beneficial internationally for the smaller-government crowd in the US to prevail, as a smaller, less-powerful US Federal government that is more open and accountable to its' citizens and has more effective oversight would sharply curtail the international bullying and "dirty games & tricks" the US government has been playing, and increasingly plays, against even those the US government call "allies" and their peoples & interests.

Strat

Re:Cryptography isn't the answer

But 'small government' to many seems to mean only cutting services to the poor, certainly not any government service that is keeping them safe, like the ones in question.

Re:Cryptography isn't the answer

But 'small government' to many seems to mean only cutting services to the poor, certainly not any government service that is keeping them safe, like the ones in question.

"Many"?

Not nearly as many as those who would very much like you and everyone else to believe that would prefer.

Remember; government bureaucrats & politicians faced with forced budget cuts/reductions will always cut things that make those budget cuts/reductions most painful.

Reduction in city budget? Cut essential public services first, not the number or salary/benefits of bureaucrats/politicians. The "sequester" budget reductions and what services were cut provides a wealth of textbook examples.

Guess who is funding Tor?

[hypnosec]

According to consolidated financial statements and reports of the Tor Project for the year ending December 2012, US Federal agencies are responsible for nearly sixty percent of funds received by the project. Tor has taken a defensive stand against this, but who knows?

Re:Guess who is funding Tor?

[girlintraining]

According to consolidated financial statements and reports of the Tor Project for the year ending December 2012, US Federal agencies are responsible for nearly sixty percent of funds received by the project. Tor has taken a defensive stand against this, but who knows?

Tor was created by the US Air Force. Surprise, surprise, they still want to fund it. Sooo, why did they create Tor? Well, as it turns out, we've got this massive high speed satellite and ground network we use for military purposes, which basically amounts to a compartmentalized version of the internet. And within that, because soldiers are away from home for months or years at a time, they decided to offer internet access to them. Often they're on board carriers, or deployed in places where a direct hookup isn't really feasible. And they want to make sure that all that traffic isn't pouring out at locations that can be easily monitored... because as much as operational security is drilled into soldiers, loose lips sink ships and all, they're still human. They can screw up.

So they needed some way of giving them internet access without making it pathetically easy for foreign powers to simply tap a couple key routers and see everything any soldier browses (Facebook anyone?)... Enter Tor.

Tor has over 13,000 exit nodes all over the world. And it's expensive to monitor every node. Not only that, but you have no idea where in the Tor network the traffic originated from -- is this J. Random Soldier, or Closet Gay Guy Looking At Porn? Noooobody knows. It wasn't meant to be high security. It's not meant to be totally anonymous; It's meant to make it difficult for small-time players like, say, Iran, to spy on our soldier's personal communications. Because this has happened, and it has killed people; A cell phone left on in a soldier's pocket during an operation led to the death of a half dozen marines when enemy combatants used the signal to figure out when they were leaving base... and they planned an ambush.

So Tor will be funded by our government for the conceivable future, and they have a vested interest in maintaining the security of the network to the point that it would cost an adversary more to 'break' the network than the intelligence value of the soldiers' personal internet browsing.

Does this worry me? Nope. Tin foil hat time? Not a chance. Don't use Tor for high value communications. But then... that goes for the public internet as well. If you want to secure high value communications, you build your own VPN, and then add code to have it transmit/receive at a constant rate to deter traffic analysis. Which, coincidentally, is what most financial institutions these days do.

Re:Guess who is funding Tor?

[dcollins]

"A cell phone left on in a soldier's pocket during an operation led to the death of a half dozen marines when enemy combatants used the signal to figure out when they were leaving base... and they planned an ambush."

Citation?

Re:Guess who is funding Tor?

[ShawnA.Miller]

Tor was not created by the Air Force. Initial work was funded by the Office of Naval Research via the Naval Research Laboratory. See: http://www.onion-router.net/History.html. You can also see a list of funders here: https://www.torproject.org/about/sponsors.html.en.

Re:Guess who is funding Tor?

[girlintraining]

"A cell phone left on in a soldier's pocket during an operation led to the death of a half dozen marines when enemy combatants used the signal to figure out when they were leaving base... and they planned an ambush."

Citation?

You won't find one. Another example; Stealth bombers are really great at being stealthy until they're over the target and open the bomb bay doors. Then they're as visible to radar as flying barns. Which is why usually, ahead of the actual strike, a HARM missile is deployed. It's not actually a missile though, but rather a high altitude bomb that, when released, deploys a parachute and sits over the target looking for active radar signatures. When it finds one, off goes the parachute and on comes GPS-guided death. Well, as it turns out, the frequencies used for radar are the same ones used by microwaves. A fork jammed into the security interlock, door removed, and microwave pointed upwards... looked exactly like a radar site. $10 microwave meets $50,000 bomb. And once the bomb has blown up your $10 microwave, you can flip on your actual radar sites, lock on to the stealth bombers, and shoot them down with relative ease. You won't be getting a citation for that either... partly because that er... problem... has been fixed with newer electronics, but mostly because stuff like that being on the internet really is a matter of national security.

So no, no citation for you. But you can feel free to google for 'operational security' and 'cell phone', and note that every branch of the military has rules about this sort of thing. Those rules weren't created because of an abstract hypothetical... like most rules in the military, they were purchased with blood.

Re:Guess who is funding Tor?

[girlintraining]

Tor was not created by the Air Force. Initial work was funded by the Office of Naval Research via the Naval Research Laboratory. See: http://www.onion-router.net/History.html. You can also see a list of funders here: https://www.torproject.org/about/sponsors.html.en.

Air Force, Navy... point is, it was developed by the military. And it is used by the Air Force... I just noted that the first military link in the google search came up with this... and as the Air Force is the one spearheading the 'cyberwarfare' initiative in our military, it made sense that the Air Force would be the maintainer of military assets within the Tor network...

Re:Guess who is funding Tor?

Point is, you pretend to be an expert, when really you Google quickly, post, and to hell with the accuracy.

Re:Guess who is funding Tor?

I can see how some newer electronics would distinguish an off the shelf microwave oven from a radar, but surely it's fairly trivial for a sovereign state to manufacture some cheap custom built dummy devices that give off the exact same microwave signature of a radar?

Re:Guess who is funding Tor?

[kasperd]

So they needed some way of giving them internet access without making it pathetically easy for foreign powers to simply tap a couple key routers and see everything any soldier browses

A VPN connection going back home would be the most efficient solution to that problem. If you are really paranoid you set it up such that the endpoints send a constant stream of equal sized packets to each other, regardless of whether you have any data to send over the VPN connection.

Re:Guess who is funding Tor?

[AHuxley]

military assets....
The best use would be for NGO and 'colour revolution' types in distant lands that the US feels are ripe for regime change lite.
With the Western training camps filled with banners, slogans, stickers, web 2.0 efforts ready to go back to the home country and seem like a local grass roots issue.
The pretty 20 something English speaking locals who can get on youtube/the 24h news cycle and sell a US funded revolution back to the world....
Tor would have protected them from most forms of State tracking for a few years until the purveyors of fine surveillance technology had a new product selection.
Tor would not offer any protection from the US if they got too off message and wanted to escape their backers.
Think of it as Enigma in 1946. Safe from the region but the gift of message security to a friendly nation is not what it seems.

Re:Guess who is funding Tor?

And it is used by the Air Force...

Cats play iPad games. Do cats make iPads? Then why didn't they name them iHaz?

Re:Guess who is funding Tor?

[serviscope_minor]

I know about the microwave one, but surely flipping the radar on won't help: by the time the microwave has been destroyed, the stealth bomber will have long closed it's bomb bay doors and gone back to being stealthy.

You still have the problem that the expensive missile destroyed a $10 microwave and failed to clear the air for less stealthy planes.

Re:Guess who is funding Tor?

There's a reason why radar frequencies are classified. And sonar data for the Navy, etc.

Also, the microwave story? Bunch of bull

http://msgboard.snopes.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=48;t=000208;p=0

Re:Guess who is funding Tor?

Building your own VPN doesn't help when plants go in and sabotage it or the software / OS is corrupted.

Re:Guess who is funding Tor?

[theskipper]

An interesting rebuttal to the microwave oven anecdote, specifically during the Serbian war:

http://msgboard.snopes.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=48;t=000208;p=0

Re:Guess who is funding Tor?

[dcollins]

I hereby nominate you for #1 full of bullshit on Slashdot in the current era.

Bonus points for militarized LEO warmongering.

Who cares?

What is the NSA going to do with your pron? Everyone is quaking in fear at the United States government, and no one is quaking in fear at the prospect of the loss of credibility of the US government. China, Russia, etc are dictatorships that would have/do not have any qualms about using whatever means they have a their disposal to compete globally, if the NSA isn't on top they will be, and you can bet your asses you wont like the result.

Re:Who cares?

If you think the United States is freer than China, you are delusional. Try traveling around the world and educating yourself instead of staring at the boob tube all day.

I speak from personal experience.

Re:Who cares?

Everyone is quaking in fear at the United States government

Uh, really? I haven't noticed that. In fact, quite the opposite.

and no one is quaking in fear at the prospect of the loss of credibility of the US government.

The fact that you think my government had any credibility to start with makes me laugh. Or any government, to be blunt. The saddest thing is that you think yours still does.

Re:Who cares?

[AHuxley]

China, Russia seem to be spending their cash on loans, global charity, education, improving their image/optics/PR and getting the most for their exports.
Building, waiting, charming, learning, selling, helping, advising... arms, tech, nuclear, space, science .. raw materials all for sale, trade.
The days of backing messy revolutions and flaky leaders is still an idea that has traction but they have learned not to race into traps.
Tor has it origins with the US government and as such has always the same standing as any US cryptographic or telco product.
Useful but very trackable.

Re:Who cares?

[santosh.k83]

Yes exactly. The super rich, the militarily powerful and the elite the world over are building systems to spy on each other and try to out-compete each other in a race without any clear destination in sight. But meanwhile the systems and resources they're building to achieve their nebulous goals have now become lethally effective in quelling any call from ordinary people for accountability, transparency and democracy. In others words when X (substitute this with NSA or PLA or whatever you want) is effective against it's foreign counterparts, it'll be practically invulnerable to it's own citizens, the ordinary people. In the end, it's an overall rat-race where the fanatics, the fundamentalists, the megalomaniacs, the super-greedy and the super-rich people around the world are effectively ruining the whole planet for the "rest of us," who want genuine progress in science, environment, human standards of living, peace and so on.

duh

[LodCrappo]

1. Us government creates Tor.

2. Us government can audit Tor traffic.

Who exactly is surprised by this??

The real concern...

[rusty0101]

...that I have is not with the NSA being able to crack some platform's encryption. TOR after all was a product of some part of the DOD at least in part in response to the great firewall in China, though it's been through some itterations since.

My concern is that there's likely to be far greater money available from people willing to make use of collections of cracked keys outside of the news sector, than there is within it. That tells me that it's far more likely that someone working at the NSA is likely to be being asked to collect such keys for truely neferious purpouses, than that the press will find out that such is happening.

A MITM attack on an individual with such a key seems to me to be far more likely than that the NSA is interested in actually reading the vast collection of encrypted data that they have collected over the years they have been running these programs.

I can hope that such materials are being held in the strictest of secure areas, but that's kind of what a lot of people thought was happening with the material that Manning is convicted of sending to WikiLeaks, and Snowden has been giving to The Guardian, and presumably others.

Re:The real concern...

I can hope that such materials are being held in the strictest of secure areas, but that's kind of what a lot of people thought was happening with the material that Manning is convicted of sending to WikiLeaks

No, wrong. The shit he leaked was drivel, there was nothing worth protecting or keeping secret. There were no crimes, no illegal actions, it was secret by default, not for any other reason.

Stop comparing Snowden to Manning. Manning was an idiot who had an axe to grind over the military's policy towards gays, he released everything he could find in the hopes that someone might find something dirty... but nobody did. There was one video that Assange hacked up to try and stir up attention, and all you dipshit fanboys bought it hook, line, and sinker.
Snowden was a guy with a conscience who found a whole lot of shit he couldn't keep quiet about, and did the right thing by releasing only that which mattered.

Re:The real concern...

[rusty0101]

Wow, three straw man arguments aimed at derailing the conversation in one response. You're good.

My comment refernecing both Manning and Snowden had nothing to do with comparing either, or with the validity of the security level what they shared was, or should have been.

Simply stated, someone thought that the level was appropriate to convict Manning, whether it was drivel or not, and someone has considered that the material Snowden has shared is sufficient to generate far more publicity regarding searching for ad trying to put him in jail to begin with, than we have seen in any of the history I can recall. (for someone who has not pulled the trigger on killing someone anyway.)

Their appearance in my post was specifically aimed at recognizing that there are people willing to share material that _someone_ thinks should be secured, for a whole lot less than I suspect people are willing to pay for to get something that would allow them to institute a massive man in the middle attack against financial instututions, e-commerce sites, or even the ability to do a mitm attack to gain access to someone's e-mail, whether to simply see what they are doing, or to masqurade as them then, or at a later time.

Re:The real concern...

Fuck you, soldier sniffer.

windows7keysonlineshop

    cheap windows 8 key , mcafee antivirus plus 2012 1 year activation key , buy windows 7 genuine keys , key for window 7 professional for hp , windows 7 activation key sale , windows 7 ultimate product key , windows 7 professional product key , 0APPPg_n
        windows 8 anytime upgrade key

        windows 7 ultimate product key online

        windows 7 home premium product key buy

        windows product key online

        windows 7 activation key sale

        windows 7 license key sale

        windows 7 home premium key sale

        cheap windows 7 ultimate product key sale

        windows 7 ultimate product key

It means neither party is in charge

Patriot act wasn't driven by Bush, it was largely already written and pushed through by the spooks after 911.
Mass surveillance wasn't driven by Cheney, General Keith Alexander did that, turning a "intercept everything and filter" FISA warrant into a "intercept everything, filter out spam and store it".
When this scandal came out, he wanted Congress pass laws to give companies that acted for the NSA, immunity from their deads, i.e. to be above the law.

Make no mistake, the elected reps are not in charge, military pull the puppet strings, and they now have enough dirt to pick and choose politicians. Just as New Zealands PM got into power when 'someone' leaked incriminating emails against his predecessor. The military spooks now run the show, no different than the early KGB days.

Can you imagine NSA/GCHQ permitting a UK Prime Minister from cancelling their surveillance program? That would not be allowed to happen, so they'd leak scandals to prevent him ever coming to power. You wonder how the STASI kept East Germany in line for the KGB, and now we can see it playing out.

Watch for the scandals that shape US politics and secure NSA's funding. 20 million queries a month and that's just the ones they log.

See what I did here?

[Okian+Warrior]

Sorry guys, Tor is designed to be used in all the ways we've spent years trying to fix broken internet protocols from doing, you really need to stop drooling over it. Its not actually a good solution. It is in fact an absolutely shitty solution to the problem, as its really a way to create a bunch of new ones.

If you have to hide, the Internet isn't for you.

It's a really good solution! It protects privacy, it's supported/maintained by really smart people who want to protect privacy, and (when using the most current version) gives the user strong privacy.

I just made a whole lot of unsubstantiated claims with no explanation, no supporting evidence, and with no background... just like you did. (I didn't call people names, though.)

Sheesh, gimme some Deep Woods Off! - The number of astroturfers on Slashdot is astounding.

Who cares who else uses Tor? Who cares whether it creates protocol problems? Who cares whether pedophiles or botnets use the system?

The important bit, the one that has value to *me*, is that it can hide my identity. It can hide the identity of people who are afraid of oppression, it can hide the identity of whistle blowers, it can hide the identity of people asking for help.

Stop astroturfing - you're not particularly good at it.

Re:See what I did here?

[hacker]

The important bit, the one that has value to *me*, is that it can hide my identity. It can hide the identity of people who are afraid of oppression, it can hide the identity of whistle blowers, it can hide the identity of people asking for help.

Actually, no, it can't. You're thinking of i2p, not Tor.

If you're confused, you need to read up on the major flaws and vulnerabilities in Tor that allow the NSA or enough controlling entities to de-anonymize anyone using Tor. In fact, the more Tor exit nodes, the easier it is.

The tremendous spike in users using Tor could be both in reaction to the NSA news, or proactive from the NSA ramping up their use of Tor to more-rapidly de-anonymize the traffic coming across those exit nodes.

Re:See what I did here?

[BitZtream]

It's a really good solution! It protects privacy, it's supported/maintained by really smart people who want to protect privacy, and (when using the most current version) gives the user strong privacy.

No, it doesn't, can you not read the title of the web browser you're using? Ignorance is exactly WHY its a shitty solution to the problem. People think it magically makes them safe when it does no such thing.

Who cares who else uses Tor? Who cares whether it creates protocol problems? Who cares whether pedophiles or botnets use the system?

Lots of sensible people. Those same people are smart enough not to put private shit on the Internet int he first place, which you clearly seem to ignorant to do. What kind of stupid response is this crap? Do you like spam? You want to use a network thats so plugged up with various forms of spam that you can't get a packet through to a useful host?

Tor won't solve your privacy problems, you think broadcasting them on a public network is a good idea. No amount of software will prevent you from doing stupid shit to give away all of your privacy.

The important bit, the one that has value to *me*, is that it can hide my identity.

There is no 'astroturfing' here, just your ignorance. Its not hiding you, you just don't get it yet.

Re:See what I did here?

[larry+bagina]

The tremendous spike could also be a botnet.

Re:See what I did here?

Fuck you spastic. I'm sick of seeing you and cold fjord post your retarded ass-vomit everywhere.

Re:See what I did here?

That seems to be the prevailing theory now. The paranoid side of me wants to know if it's a three-letter-agency running the botnet, or one from Anonymous, Lulzsec or similar.

well, shit

Using debian which means by the time they update to 2.4, the NSA will be able to crack it.

Thanks, assholes.

Re:well, shit

[HiThere]

If you really want to secure Debian, you can. Of course it will take a bit of extra work. AND you will need to stop updating via apt-get. AND...

There are many good reasons why end-user systems aren't secure against high-powered intruders.

P.S.: You *ARE* aware that repositories don't validate the signatures as matching the owner's key aren't you? At least not for anyone who can get a CA signing authority to say the key is valid.

Rule of thumb: Don't put systems you wish to secure on the internet. Use a separate computer, and transfer files to/from it by burning CDs. Even then make sure that none of the files transferred have executable content. In that case any stable version of Debian should suffice. Of course, if this *were* to become common practice, someone would probably find a hole in it, but it would be difficult without physical intrusion.

About Tor versions

[ShawnA.Miller]

The original blog post by Rob Graham that Arstechnica reports on has created some confusion about Tor versions. The current recommended stable version of Tor is 0.2.3.25-12. The current alpha release is Tor 0.2.4.17-rc, and people running relays are being encouraged to use this version on the mailing lists. So the repositories, by recommending Tor 0.2.3.x, aren't out of date. However, the Tor website does advise against using the Ubuntu repositories because they aren't "reliably updated" (https://www.torproject.org/docs/debian#ubuntu), which I don't think is the fault of Tor developers. Also, the most up to date version of Tor can be found at the following repository: deb http://deb.torproject.org/torproject.org/ tor-nightly-0.2.4.x-wheezy main.

Re:About Tor versions

[IamTheRealMike]

What's more, this analysis is very fresh. Remember that right now huge chunks of Tor traffic appear to be botnet control circuits. The botnet runs on 0.2.3.x - so that's going to bias the sample somewhat.

BTW - not surprised to learn that Linux distributors are screwing their users with stale repos yet again. Anyone who is using distributor repositories to get security sensitive software is just asking to be compromised.

an opportunty

[Max_W]

One or two infested OSs or encryption algorithms are not enough. It is an opportunity for the new "cottage cheese" computers and software industry.

Various hardware architectures, various OSs, encryption approaches, etc. which are talking to each other via open clear protocols.

Let my computer be less sleek or cool but it should me my computer and my software.

Open WiFi access point + disposable laptop =

Uncatchable, and untraceable.

Fuck you, NSA.

Re:Open WiFi access point + disposable laptop =

Except for the surveillance cameras that see you outside that coffee shop or library and the facial recognition algorithms and the license plate readers and the cameras in the shop where you bought the laptop and the serial numbers on the cash you got from the ATM (with its camera) that you used to pay the Craigslist dude you bought the laptop from and...

Rise in malware

[Billly+Gates]

Could this explain why a hacked version of Firefox with NSA homing was discovered?

What are the odds of the NSA inserting malware to track users and then send the info to the FBI for prosecution? Could a user using a legit torrent hit a node and have this spyware installed from installing CENTOS for example?

minor correction

"Tor was created by the US Air Force"

Well, granted I wasn't there, but Wikipedia says that it was created with the assistance of the US Navy (NRL).
  http://en.wikipedia.org/wiki/Tor_(anonymity_network)

Obama wants to start WWIII

No peace man is he

billion dollar terrorists, yeah

[raymorris]

Yeah, actually if someone is bad enough to make the NSA's top 10 list, it'd probably be good for someone to be reading their email. I have a BIG problem with the fact that the NSA is tracking everyone's emails and phone calls. I've contacted my congressman about that more than once, calling them out very publicly.

The top NSA agents know who the really bad guys are, the guys who will probably be involved in the next 9/11. Maybe they can't publicize the intelligence that proves it, maybe they are missing a few details, but we knew who bin Laden was. I'm fine with invading their privacy.

But but but if they invade anyone's privacy, they'll invade everyone's privacy. If we let them, yes. Ideally what we want is systems, including budgets and oversight, which only allow them to spy on a few people, so they have to pick which ten people they really do need to spy on.

Re:billion dollar terrorists, yeah

[santosh.k83]

The enemies these days are good at blending in.

Re:billion dollar terrorists, yeah

[julesh]

Yeah, actually if someone is bad enough to make the NSA's top 10 list,

If they can break keys in "a few hours", you don't have to make their top 10 list for them to break your key. "A few hours" per key = a few thousand keys per year. With most targets staying under scrutiny for multiple years, this means you probably only have to be in the top 10,000 to have your keys cracked. I'd imagine it's fairly easy to end up there by mistake.

Re:billion dollar terrorists, yeah

[VortexCortex]

The enemies these days are good at blending in.

Too good if you ask me. In fact, the "enemies" now look just like passionately patriotic citizens who wish to protect their country's constitution, as they so swore.

It makes you wonder who the real enemies are...

Re:billion dollar terrorists, yeah

Each person may have more than one key...

Re:billion dollar terrorists, yeah

[julesh]

Each person may have more than one key...

Many people may have no keys at all.

that's my point

[raymorris]

That's my point. They won't spend any money tracking me. Well, not more than about $10-$50, since I'm pretty sure I'm on a list or two. They WILL spend money tracking whoever appears to be the next bin Ladin. Cool. I'd like them to be able to track bin Laden, while it's not anywhere near worth it to track me.

If I were using "1 bit encryption" they WOULD break it. They proof of that is that they DO track people who use 0 bit (plain email, phone). That's bad. I prefer that everyone use encryption enough so NSA finds it worthwhile to track 0-100 people.

Ps - I said I'm probably on a list. I've worked in security for many years, so my footprints can be found looking at information about exploits, etc. I run a system where we teach cybersecurity to state and local government employees, so I frequent sites that a bad guy might find interesting. On top of that, I use words like "freedom" and "Constitution" and we now know the Obama administration considers those words to be red flags.

Re:that's my point

That's my point. They won't spend any money tracking me.

Not until your daughter publishes that photo that shows your elected representative doing something they shouldn't with someone they shouldn't. Whether or not she knows who the person is.

The potential for abuse is ... large, to put it mildly. And there are no effective restraints, no oversight, nothing. Can you guarantee you and yours will never annoy anyone in a position of power? No matter who gets elected?

Re:that's my point

[lxs]

They WILL spend money tracking whoever appears to be the next bin Ladin.

Or the next presidential candidate promising to cut their budget.

specifically, HASHING multiple times weakens it

[raymorris]

To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.

There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.

Re:specifically, HASHING multiple times weakens it

[rvw]

To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.

There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.

I use Keepass. It has an option encryption rounds. I thought this meant the encryption is applied 5000 times:

To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.

Re:specifically, HASHING multiple times weakens it

[aaaaaaargh!]

To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.

That's a fairly meaningless description, because it doesn't tell you with what key the hash of the key is "encrypted".

Using a block cipher instead of extensive repeated hashing is not a bad idea in general, because in contrast to hashing it is guaranteed not to loose entropy. However, the password also needs to be salted.

Re:specifically, HASHING multiple times weakens it

[raymorris]

Which is better marketing than cryptography. To make it REALLY secure, they could add another step, hash it using this function:

function slashHash() {
  return('a');
}

You could never predict the result if they added slashHash to the sequence! :; Note that it doesn't matter if you put slashhash as the last step, the first step, or anywhere in the middle - the whole thing is broken if you have a breakable step anywhere in the procedure.

In the case of KeePass, it's not THAT bad because the thing they are hashing (your password) is probably shorter than either of the hashes, thus easy to guess. An eight character password doesn't provide much security, so not much is being lost. (8-12 characters is insufficient against offline attacks. 10-12 isn't bad for online systems that have server-side brute force /dictionary protection.)

The idea is that because most people's password is their pet's name or something equally easy to guess, KeePass might as well force the attacker to spend a second hashing each guess 500 times. That's not terrible IF you assume the users will choose short, weak passwords. However, it means the attacker does NOT have to guess the right password. They only need to guess any password which collides on any of the 500 rounds! Once the hash matches, hashing a match many more times still results in a match. In that way, it makes it 500 times easier for the attacker.

What that means is that if you did ten million rounds of SHA-256, ANY password would open your KeePass, 'dumb' would always work as an extra password because any password short enough to type will probably collide with "dumb" at one of those 10 million rounds. Of course the user and the attacker both have to sit around waiting for 10 million rounds to finish.

So in summary, more rounds means a) it's easier to guess and b) both the attacker and the user have to wait longer while the rounds run.

Re:specifically, HASHING multiple times weakens it

[Qzukk]

I thought this meant the encryption is applied 5000 times:

People choose crappy passwords like ABCDE so rather than using "ABCDE" as the encryption key (which wouldn't look very random at all and therefore be very bad) for encrypting the content, the password is hashed to something that hopefully looks random, then that hash is used as the key for encryption.

The purpose of repeating that hashing process is to slow down brute force guessing against your password itself, not to protect the contents from cryptanalysis or against brute forcing all the possible hashes directly. If I want to see if your password is AAAAA, I have to repeat the algorithm 5000 times to see if the resulting hash can be used to decrypt the contents. If I don't care what your password is, I could just guess hashes starting with 0x1 to 0xFFF.... The reason attackers put up with the 5000 rounds of hashing is that even if it takes a second to calculate each password's hash, they'd still guess "ABCDE" before they guess which of the 2^x possible keys it produced.

Re:specifically, HASHING multiple times weakens it

[rvw]

Thanks for the explanation!

Hate Speech

[Baldrson]

I find it offensive that you would disseminate information about how to circumvent the NSA's need to know what is going on to protect us. In truth, aren't you accusing the government of a conspiracy? What's the difference between that and accusing Jews of an international Jewish conspiracy? Are you going to start loading up government employees and officials into box cars and transport them to "relocation" camps? Its a slippery slope you're on!

Translation: Don't scare me!

[SmallFurryCreature]

Translation of the above: Please don't tell me scary things, tell me everything is alright with lots of puppies and kittens who never ever die. Tell me a world of unicorns and rainbows so I can believe everything is alright and as it should be and I can excuse myself for not lifting a finger to improve the world.

Allow me to rest my hand in the sand and then complain like a bitch when I am run over by a lorry. Because someone else should have been saving the world while I looked the other way.

Re:Translation: Don't scare me!

[sharklasers]

You don't need to use hyperbole. There's a lot of good in the world, but there's also a lot of bad. News sites have a predisposition to continually pump bad news, even though the NSA stuff is only one element in what's happening in the world. If people get their fix on tech news from sites such as Slashdot, and said sites fixate on all the shit that's happening, then of course people are going to become miserable. Because there's basically nothing we can do to stop it. We have no power.

If you're arguing that it's better to know how the world works because it prevents being taken advantage of - it's good to be educated and informed. It's horrifying when you realize there's nothing you can do and it's only getting worse. Heck a single person has no real power to fight against stuff like this, and if they do, well... people like Snowden, Manning and Assange have their lives ruined for trying to do so - doesn't really motivate anyone into fighting against their respective Governments now does it.

Snowden, Manning and Assange revealed information that shocked everyone. But those in power have all the money, weapons and blind support to ensure nothing changes.

And that's the reason why knowing is something worse than not knowing.

Re:Translation: Don't scare me!

[Nithron]

Agreed. What's the point in living in an imaginary world anyway?

At least I2P is independant

[Burz]

There are a lot of reasons to use it over Tor.

Schneiers most recent comment....

[ssimpson]

Bruce Schneier http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/ stated that "Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily."

I'd not rush from DH to ECC but would strongly recommend a move to 2048-bit or above keys

And have just realised that I haven't posted to Slashdot for many years...And yet somehow my .sig is still relevant. NSA may have dropped their plans for mandatory Escrow 15 years ago after the quote was made...but they didn't change the fundamental goal: to read everything.

Re:Schneiers most recent comment....

[tlambert]

Bruce Schneier http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/ stated that "Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily."

This is most probably correct, given the proof of the Taniyama–Shimura–Weil conjecture, thus proving Fermat's last theormen, and resulting in the establishment of the Modularity Theorem. On a related note, isn't 25519 a rational number? Meaning elliptic curve 25519 has a modular form? Meaning that Tor's choice of curve is rather subject to modular attack?

Just saying...

Re:Schneiers most recent comment....

No. 25519 refers to the group being over (2^255)-19, which is prime.

More encryption bits?

I don't have a background in cryptography but how easily do encryption algorithm scal? I'm just curious why we aren't seeing something like 10000000 bits (you get the idea) of encryption awesomeness.

Key Generation

If your random key generation is not random then it does not matter what crypto algorithm you use, you're still vulnerable.

This is all the NSA has to do: ensure that they can guess the key to any publicly used crypto. If the key generation algorithm is weak or predictable then it doesn't matter if it is RSA10240 or AES5120 - they don't have to exhaust the entire key space in guessing.

So if the NSA has provided input into the PRNG used by (say) Apple and Microsoft then you're screwed whenever you ask the system to generate a key for you (like the session key for SSL/HTTPS.)

However if every key that you generate comes from a random hardware source then they face a much harder battle.

Open sourcing these core parts of the crypto would help us understand how strong or weak Microsoft's and Apple's algorithms really are. Being able to replace it with our own, even better.

Bullcrap!

Oh fuck you. My post was basically a cry for help and you come here with your superiority complex. Maybe I'm suffering a bit of disillusion here because I'm helpless in a shit world. Could have given some advice you know.

Bullcrap! You didn't cry for help, your post was a bitch fest about how tired YOU are about NSA stories. You state that since you cannot do anything about it, you would rather not know about it. Basically saying that since you choose to bury your head in the sand that Slashdot should impose a similar information policy on the rest of us.

I want to know what I'm up against, even if it does seem overhelming. Screw idiots and ignoramuses, let them eat Facebook.

Before there was an Internet....

[couchslug]

People who wanted secure comms didn't fucking use the Internet.

There are many other ways to communicate. Not all communication is electronic, and not all data need be moved over networks.

The desire to use the internet is just gifting those who control the internet with information.

so 58,000 years, you say?

[raymorris]

> No, your key is #125125215 in the queue.

In that case, at four hours per key, they'll get to mine in 58,000 years.
It's too bad we can't know for sure that it takes at least a few hours per key, and that it always will. It would be ideal if it took about a day or so per key, with US government level resources.

Misinterpretation in BIGDATA

[DrYak]

What could you possibly be doing that would warrant the NSA's interest?

In addition to the most common answer to that question in this thread ("In ten years maybe what you consider trivial now will be considered highly suspicious"), may I point you to this other recent article on slashdot about a big marketeer reading its own "determined profile" and laughing off how much the ad targeter were off ?

Now realise this: there is big really monney in ad targetting and customer profiling. The marketeer behind are probably almost as serious about it, as NSA is serious about terrorism profiling.
Still, despite all the big brains behind this task, even if they DO have some success (see the Tagert vs. pregnant highschooler story), they can get sometime things completely wrong. (Can't manage to find the slashdot reference, but the guy's profile even guessed the wrong religion).

No back to your question: "What could you possibly be doing?"
Answer: Well nothing. Sometime it's not even what your are doing, but what the algo may wrongly assume you could be doing.

Think about the fly in Terry Gilliam's movie Brazil.

You could get into trouble because the stats wrongly said you could be doing something illegal, even if you actually did nothing. And that's onf of the scariest part of pervasive surveillance program: the risk of error.

Yeah, the Tor Project knows

[bill_mcgonigle]

If you want to see their status report and plans to address it, see this post from April, 2012 and follow the links:

http://archives.seul.org/or/talk/Apr-2012/msg00068.html

Here's the page to configure a yum repo for the 0.2.4 branch:

https://www.torproject.org/docs/rpms.html.en

They ask that relay nodes run this.