Slashdot Mirror
The Rise of the New Crypto War
blottsie writes: For more than 20 years, the U.S. government has been waging a war on encryption, with the security and privacy of all Americans at stake. Despite repeated warnings from security experts, the FBI and other agencies continue to push tech companies to add "backdoors" to their encryption. The government's efforts, which have angered tech companies and researchers, are part of a long-running campaign to pry into every secure system—no matter what the consequences. This article takes readers from the first Crypto War of the early 1990s to the present-day political battle to keep everyone who uses the Internet safe.
yeah. right.
1984 was right, it was just 20 years early, and this is the script they are working off of.
Look, we all know where the terrorists are and who is spreading it, and how to track and follow them. Encryption is no more a threat than a candy bar behind a locked glass case in a supermarket too high for kids to reach is.
The reason they defeat the spies is the spies are too stupid, and ignore the real threats due to the massive overkill of non-relevant data and metadata that obfuscates the actual threats.
They already have access to your phones and already subvert them for target cases, so it's just more justification for insane stuff we don't need.
-- Tigger warning: This post may contain tiggers! --
Just a continuation of the war, maybe a new battle?
WTF Slashdot, why do I have to login 50 times to post?
Learn how things work. Learn why things work. Build things, experiment, and never make an assumption without clearly identifying it as such, even if it's only a mental note.
Don't take someone else's word--look it up and verify it. Try it out. Play with concepts. I don't recommend using your own crypto in production (at all, since the odds are against you being a qualified cryptographer), but implementing known algorithms for educational purposes and then running attacks against them will give you a much better idea how everything fits together and what should and should not be done.
Shit, is that too hard? Sadly, it probably is. Also, don't give me the "I have no time" excuse. Stop watching your fucking boob tube and spend that time educating yourself and helping those around you.
If that were actually true that saving lives or keeping people safe were their true priority, they could be vastly more effective by spending their money on reducing the highway traffic fatality rate. Over 30,000 people die on the roads of America every year. Reduce that by 10% and you'll save the equivalent of a 9/11 attack *every* year.
Of course safety and saving lives is not their primary purpose -- it's entrenching their power structures. The ability to pry into everyone's communications and files is (in their opinion) essential to that.
Ian Ameline
https://twitter.com/wikileaks/status/619617733982978048
...are part of a long-running campaign to pry into every secure system...
More like part of a long-running campaign to pry into the private lives of everyone in America and abroad.
if the security agency of your country hasn't told a lie in front of parliament/congress/whatever and found out about it and got away with it... Raise your hands.
I think you're in a minority, but I could be wrong.
1) Belgium, Eddy Testelmans (Lied about 3 terror attacks prevented by the nsa prism program, later had to recant)
I don't give out copies of my car and house keys to the government. They sure as hell are not getting keys to all of my electronics.
In the header for this, your last sentence: "This article takes readers from the first Crypto War of the early 1990s to the present-day political battle to keep everyone who uses the Internet safe." The present day battle is not about keeping people safe - it's breaking down people's ability to keep secrets. The cost for this level of protection is way too high.
The most effective way to do that is put more troopers on the road and better highway design/maintenance. But that requires higher taxes, and a good portion of America would rather risk death than pay more taxes. "Freedom to die".
Table-ized A.I.
Baseless conspiracy theory. Take DES for instance. It was invented 45 years ago and we still don't know any practical attacks that do much better than bruteforce. The gap between civilian and intelligence crypto skills is not that large, especially as fewer and fewer crypto gurus are willing to be associated with government agencies.
I keep saying we should call it the Third Crypto Wars because NSA + GHCQ already won the Second. They did that in a secret war on all systems and cryptography with aid from post-9/11 legislation. The Snowden leaks attest to what they accomplished. Most crypto out there doesn't deliver on its claims because they backdoored, weakened, or bypassed (endpoints) it. Now, from a position of dominance, NSA and FBI are launching a Third War on Crypto which is a mixture of public (see article) and secret (try to see TPP). This is an attempt to automatically achieve what they currently work hard for. We're not going to stand a chance of winning this third round if we don't acknowledge they already won the second. And did it without hardly anyone noticing pre-Snowden. That's how bad our current position is and why we need to fight that much harder for strong security across the whole stack.
Note: I've only seen a few strong constructions ever posted on Slashdot or most other IT news sites. *Those* kinds of things don't get popular. NSA etc love that. It's why the majority doesn't stand a chance whether using proprietary or FOSS. Rare exceptions to that.
Nick P
Promoted by the Left.
Performed by the Right.
If the recent Hacker Team story has taught us, there is no such thing as a "secure back door". Just when you think you're cleverly safe creeping in a back door, there's someone else peering up your back door.
You are welcome on my lawn.
Wait a second, the EFF was just telling me the Internet is a Telecommunications Service, not an Information Service, in order to get the Title II regulations they were cheerleading for.
When the FCC contorts CALEA, something only supposed to apply to telecommunications, against cryptography on the Internet, it's the end of days, the Internet is dead, ...
When the FCC contorts Title II, something only supposed to apply to telecommunications, against your local ISP, praise the state! It's a miracle! It's justice!
Please. Repeat after me: The FCC is not your friend. The EFF, or the FCC for that matter, can't even identify a single, concrete action by an ISP that Title II would have stopped. It's a pure power grab.
Either the Internet is an Information Service (meaning Title II and CALEA don't apply), or it isn't (so it's a telecommunication service, and CALEA does apply), but you can't have it both ways.
Wonder what the public key field is for?
Take DES for instance. It was invented 45 years ago and we still don't know any practical attacks that do much better than bruteforce.
Perhaps not (who knows what the NSA has in its back pocket), but there are commercially availabe special-purpose machines which can bruteforce DES in a day or so. NSA could easily afford (and no doubt already has) a roomful of these which could bruteforce it in a matter of minutes. Who needs a backdoor in that case?
A backdoor doesn't have to be something like a skeleton or master key, it could be a hidden weakness in an algorithm that lets it be bruteforced by purpose-built hardware in reasonable time.
The article is quite good, and later on it points out that any back door leads to all of the bad guys having just as much or more access to communications as the government or law enforcement have. Comey, FBI, etc. are wishing for visibility into communications, but are not technical enough to realize that they are actually asking for there to be no encryption at all, since the presence of the backdoor renders the communication useless for sensitive information. Another topic that isn't addressed is protecting the public from misuse of the backdoor by government. The existence of pervasive surveillance eventually will lead to the creation of two classes of citizens: The first class "good" ones with law enforcement access to all communications, and the second class, who do not have such access to back doors.
A functional brute force is a backdoor. it just requires the attacker to have better processing capability.
Which is just what the OP described.
No, because the key length of DES was public and thus people had no problem understanding what kind of effort and costs it would take to break it by using brute force. Once it was felt that that threshold was near, 3DES was strapped together and that one is still not reachable by any brute force machine the NSA has now or in the foreseeable future.
"DES is now considered to be insecure for many applications. This is mainly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology)."
https://en.wikipedia.org/wiki/Data_Encryption_Standard
I believe with modern hardware the NSA can break DES almost in realtime.
This is my opinion based on what little I know and understand of the rumors and lies Thanks, Randal
So, just be aware that you currently do not have any real security.
This should be modded up, not down! Why can't people accept this? Are you all that afraid of the truth?
Get over yourselfs! The constitution does not gaurentee privacy in all cases
You (and possibly the article) are making an improper distinction. Anyone who breaks into my computer or my putatively secure communications is a bad guy, whether they work for some government or other or not. And it doesn't matter which government. And, no, even if they had a warrant that wouldn't mean they weren't a bad guy, it would just mean they might not be operating illegally.
I think we've pushed this "anyone can grow up to be president" thing too far.
LOVEINT.
That is all.
You do realize the amont of proof to get a warrant to get onto a computer is significant?
I've seen arguments to the erect of "we would give a backdoor to the NSA, except, others could exploit it". NOOOOO! The NSA are demonstrated liers, perjurers, torturers, and murderers. They cannot be trusted. The US government, and pretty much any government, cannot be given this power. They will abuse it. The only good government is a government constrained from doing evil. The US government needs more constraint, not less.
The right wing rules the ignorant with fearful suggestions. The leadership of the right situates themselves in plush conditions and justifies their existence by claiming ever more need for security. The catch is that there is no absolute security. No matter how much spying that is done we will always be prone to either individuals or groups committing violence or mayhem. And it is obvious that terrorists are acutely aware of just how chronic terror attacks can be. Even if we get rid of all organized terror groups we will still have self styled lunatics setting off bombs and the like. Both Great Britain and France were driven out of Arab regions by ongoing terror tactics. The best thing Americans can do is to simply obey the law themselves, pay their taxes and be willing to report any unusual people or actions to the police. As far as stopping snooping by the authorities simply over load the net with constant encrypted or nonsensical messages such that machine time or human time make searching messages ineffective. Passing deeply encrypted nonsense messages with certain upsetting key words could keep agencies clogged to a state of nonfunction. For example pass a cake recipe with the words submarines in port embedded and then encrypt the message using numerous schemes and send it from person to person. Spy agencies would go nuts.
No, I'm not saying that anyone who breaks into your computer is a bad guy. What I am saying is that if the FBI gets a back door to do good things, then they also greatly increase the chance of crimes being committed by criminals who use the same back door the FBI uses. I am also saying that is that without back doors, a rogue FBI agent violating his authority can do damage to people and the nation, but that a rogue FBI agent violating his authority and with back doors can do extremely large amounts of damage to people and the nation.
Further proof that back doors will be hacked has already happened! http://it.slashdot.org/story/1...