Slashdot Mirror
Ask Slashdot: Echelon Protection?
An unidentified submittor had a worthy question and I want
to submit it to you all for discussion:
"How confidant should we be in private sector
encrytion as a defense against ECHELON intercepts.
The NSA probably has toys we will never hear about.
Can we really trust PGP and FreeSWAN to defend personal and corporate data from the spooks?
Should corporations begin hiring encryption experts to
defend their data stream?" Slashdot has covered
Echelon before, and in the midst of all the
recent concern from Congress one can only sit
and wonder how long it is before 'privacy' (or if you
prefer, the illusion of privacy) becomes a thing of the
past.
When I was studying math at UCLA, one of the number theorists there was blocked from publishing an article by the NSA. They 'classified' his work. They were nice enough to offer him a job, though!
Ever wonder why the US government seems just as afraid of low level encrytion that they can crack fairly easily as of high level stuff that would take them weeks? Its because if PGP keys became common and the use of even light encryption became standard policy, it would bring the Echelon sniffers to a grinding halt.
...
Think about the traffic that any sort of large sigint operation like this needs to filter through. If it took even a couple of seconds to descramble each message just to check for any red-flag words the entire system would rapidly backlog.
Want to fuck with the Echelon project? Put the words "nuclear technology transfer funding" in the subject line of all of your email and encrypt it. It could be fun
Posted by Stephen "The Carp" Carpenter:
Well they can always do "The right thing"
and immediatly distribute as many copies as
they can as widely as they can and get copies
(electronic and otherwise) into as many hands
as they can before the NSA has a chance to stop
them.
Sure it will bring legal wrath down on them
and if they patent then they don't care about
doing the "right thing" anyway...hell they
half deserve it...their intention was to keep
it to themselves legally so they could make
money...and instead the NSA said no..we are just
going to keep it to ourselves and forbid you
to use it openly.
almost fitting but...the NSA shouldn't be allowed to keep secrets. They are the greater evil
The ABC was built *prior* to the war, and was an electronic digital computer. The colosus may have been the first to do something important, but it certainly wasn't the first.
I have never had an interest in crypto, or even used it. I never thought I had anything worth hiding... But that hasn't stoped me from occasionally pondering the theory of it.
Ok, I guess I understand a bit more that "it just takes the right password to decript a message." But basically, key management is the bigest risk I would see, isn't it? Because your "secret key" or whatever is kept somewhere on your computer, and it takes the right key to decript something. So, if your key is say 128 bit, it would take some serious horse power to crack it, BUT, wouldn't it be way easier for someone to crack into your system and steal your key, then just crack the password for the key? To me, stronger and stronger encription seems pointless if this is all it would take to break it.
Also, I guess since I am getting older (and lazier), I wouldn't mind trying some pgp or gpg thing just for the heck of it, but a nice GUI front end, and maybe a Netscape Mail Plugin for it would be nice. Is there such a thing, a full GUI front end for pgp or gpg that is gpl and generates keys, incripts mail for easy sending, key management, and everything? the only thing I found is gpgp and that seems to be only key management. So, is there anyone who has done such a thing, or am I just going to have to spend 15 minutes reading the docs, and not have a good mail plugin, and realize that my less technical friends will never be able to read anything I would send them encripted. I guess it's not a big consern, because like I said, I don't think I have anything to hide, but I guess if it was an easy thing to do, I might just consider playing around with it.
Even....you......unassisted........to.read....fai
Um, CmdrTaco, the preview screen strips the tags out of the comment field of the form, so if you submit from there you lose all your formatting. Sorry it made a junk post
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
Why do they need to crack your message at all?
Traffic analysis, tempest, conventional espionage... I see no reason why they would even bother trying to decrypt anything. Unless your security methodology makes the encryption absolutely necessary to crack to obtain the information required... it's kinda pointless to bother with decryption.
--
In case you didn't know, P ?= NP is probably the biggest unproven assumption in theoretical computer science today. Although it is widely believed to be true, noone has succeeded in proving it.
Furthermore, your definition for class NP is wrong (your definition instead most closely applies to a different class often called RP); NP is most easily described in the following way: if you are given a solution, you can verify that it is indeed a true solution in polynomial time.
In addition, your definition for polynomial time is wrong! Polynomial is time n^k where n is the size of the problem, and k is a constant; not k^n which rather would be exponential time (class EXP). For exponential time, it has been proven that EXP = NEXP; i.e. that nondeterminism buys you nothing when you have exponential time to play with (because you can simply enumerate all the possibilities and try them all.)
Now, public-key cryptography (but not traditional cryptography) relies on the assumption that P != UP, where UP is the class of problems solvable in polynomial time on something called a unambiguous nondeterministic Turing machine; UP is a subset of NP and a superset of P. The assumption P != UP is actually stronger than P != NP.
It is widely believed that P != UP != NP, but neither has been proven.
Reference: Papadimitriou, Christos H.: Computational Complexity, Addison-Wesley, ISBN 0-201-53082-1. Excellent book.
strong encryption (128 bit+ for block cyphers, 2048 bit+ for asymetric - like PGP) should be adequate to protect any data from evesdropping. Even our US goverment with all the crays and clusters in the world could not brute force keys this big with much success. Cyptanalysis attacks are different, but good cyphers are resistant to this type of breaking. FreeSWAN and PGP would be a good, quite secure solution. Learn about cyptography if you are truly interested in this subject (Applied Cyrptography - second edition by Bruce Schneier is a great book) And remember, cyphers are only a part of your security solution. Your security is only as strong as the weakest link, and if you have other security problems (key management, training, etc) it wont matter how good your cyphers are.
While it's true that a one time pad may be as hard to transfer securely as an original message, you only have to do it once and then you can transfer as many other original messages, in complete security, as you want (until you use up the pad).
And you may not even have to transfer the whole pad if you can both (again, by secure channel) agree on some commonly available text to serve as the one time pad (which has the advantage to looking innocuous if you're subjected to physical search.)
Consider that pressings (from the same master) of, say, a music CD would make a great ~650 Mb worth of one-time pad.
-- Alastair
I'm rather surprised nobody has mentioned this before. First off, when people say, "Oh, distributed.net is the fastest computer in the world, and look how long it's taking to crack only 64-bit keys...". We do not know the full extent of NSA's hardware. It is believed that a quantum computer would be able to crack a RSA-encrypted message rather quickly, generally regardless of length. Why? Because a quantum computer will attempt to solve all the possible keys *at once*. Bah, but there is no such thing as a quantum computer (yet), right? Recently (at least 3-6 months ago now) IBM completed testing on a very simple quantum computer capable of adding 2 'qbits' or quantum-bits together. While this might seem elementary, there exists a chance that the NSA already has a fully functioning quantum computer. Considering that they decided not to classify such technology, despite their paranoia in classifying other crypto-related technology, it makes one wonder. Granted, the immediate use for quantum computers is not crypto-cracking I would think.
Secondly, if one looks at the top 10 supercomputers in the world, they will notice that around 3 of them are of the "classified" category. Combined, these three supercomputers provide more power than the top computer which is at Sandia. Some of these have been in operation for at least 2-3 years. It has also been acknowledged that dedicated systems with custom-designed chips are able to crack DES, etc, at much higher rates than conventional technology - DeepCrack or whatever by EFF is a good example, and that only cost them $100k-200k. Imagine what an intelligence agency with a multi-billion dollar budget can do. So I wouldn't rely on distributed.net to be the benchmark in crypto cracking.
Finally, there is the matter of limited manpower. Yes, the NSA's weak point would probably have to be their inability to focus on *everybody* cause they just don't have the resources to do so, however, the nature of Echelon lends itself to more economic interests as well as national security ones. Thus, there has been concern that corporations which donate mucho $$ to the current administration might be slipped occasional interceptions of their competition. Given the willingness of our current administration to cater to the Chinese government, I'm not sure they wouldn't hold back against our own national companies. But unless you're some major multinational corp w/ some big competitors sitting around, I wouldn't be too worried.
So for the most part, I must agree with the rest of the posts that one need not be too concerned with NSA intercepting their transmissions - even if they did, the odds of it being used for malaligned purposes is very slim. While the NSA might possess the technology (and the money), there are many other factors which appear to work in our favor.
It should be noted that the FreeSwan project - which I've been following for quite a while now - is merely an implementation of the IPSEC standards from IPv6. As such, the FreeSwan team is highly concerned that it interoperate with any other program, commercial or free, that also uses IPSEC. Much of their present work is interoperability testing, and so far, FreeSwan works with almost all of the IPSEC products its been tested against. They're working on the others.
Those of us in the US owe a tremendous debt to the people in the free worls who are doing this. We can't help, but we can test and report. If you want to help, or just see what's going on, go to the FreeSwan site at http://www.xs4all.nl/~freeswan
When properly used and configured, FreeSwan, using high quality encryption, should be proof against even the NSA. (And yes, it DOES work with 2.2.x kernels.) BTW John Gilmore refused (thanks, John!) to include standard DES in the FreeSwan implementation, even though some people wanted it for backwards compatibility.
High level encryption, 128 bit symmetrical keys and 1024 bit public-private keys, would take more computational power to crack than presently exists on the planet. Check out how long Distributed.net has been working on a 64 bit key.
The problem with all this is traffic analysis. Even though they can't read the messages, they can tell a LOT about things just by keeping track of who's talking to whom.
So just by keeping track of who is sending encoded messages to whom, they can find out a lot.
The real power of FreeSwan, and especially IPSEC, won't be seen until it operates as a standard, and everybody uses it. Then Echelon disappears into history, along with all the other police states that have plagued us recently.
In Germany they came first for the Communists, and I didn't speak up because I wasn't Communist.
Then they came for the Jews and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist.
They they came for the Catholics and I didn't speak up because I was a Protestant.
Then they came for me, and by that time there was no one left to speak up.
Martin Niemoeller
For people who are having difficulty relating to this, here is a modernized version:
First they came for the fourth amendment, and I did not speak out, because I didn't deal drugs.
Then they came for the fifth amendment, and I was silent because I owned no property involved in crimes.
Then they came for the sixth amendment, and I did not protest because I was innocent.
Then they came for the second amendment, and I said nothing because I didn't like guns.
And then they at last came for the first amendment, and I could say nothing at all.
Unknown
Think about it, OK?
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I can see it now... hard working guys (and gals) at Black Helicoper Central working hard over their super-duper-computers....
G-Man 1: I finally got into Foo, Inc.'s email...
G-Man 2: Ohhh, Ohhh, what does it say...
G-Man 1: Quick, wake the President this says they are going work on improving their customer satisfaction and ultilize syngeries between units of their company to beat their competitors...
DrLunch.com The site that tells you what's for lunch!
Does anyone think it is likely that the NSA has mathematicians/computer scienties working for them who might have solved (or are close to solving) the problems upon which most cryptographic protocols are based (i.e. factoring or NP completeness)? An AC posted that a mathematics professor had his work censored by the NSA and I heard a rumor that someone at Berkeley had proven that P=NP (this was last fall some time), although I haven't heard anything about it since (although I'd guess it was because his 'solution' was WRONG).
Somehow, I doubt that the most talented people end up working for the NSA. How many intellectuals could bare to work in secrecy? It would be as if Shakespeare never showed anyone else his works, never had them performed, and burned them upon his death. It seems pretty unlikely that any creative person could work in such an environment...
... but I suppose there's always a chance...
In the earlier days of the net, it was quite common to see .sig files that looked somethign like this:
.sig file is, the tradition has fallen to the wayside.
------
Chet Blodack, Yoyodyne University |
argyle@mindspring.com |
"You are in a maze of twisty tunnnels" |
libya soviet nuclear encryption Reagan warhead money secret israel china |
oil submarine NSA CIA FBI KGB MI6 IRA Basque communist russia |
The idea was that if everyone put Echelon keywords in their email, the Echeleon system would flag way too many emails and make the system unworkable. Now that the vast majority of people on the net have no idea what a
Anyone else remember doing this? Any other good sig files?
nuclear iraq bioweapon encryption cocaine korea terrorist
I think most conspiracies are just that. While symmetrical algorithms are breakable by brute force, there is very little else you can do. The field symmetric encryption has enough study that many cryptographers would be willing to risk their life on such methods. Choosing a long enough key will make brute force impossible (considering the amount of energy required to move a single electron that many times the distance of one nanometer).
Asymmetrical encryption is a different matter. RSA (used by PGP and SSL) has the largest amount of study, so it is often trusted more than Elliptical, or some of the newer matrix based asymmetrical algorithms. RSA's breakability depends on the ability to factor large numbers. Over the years new factoring methods such as quadratic sleeve factoring have been invented that make RSA weaker and weaker. In general you need N*N number of bits to be as secure as symmetrical algorithm. Improvements to factoring have been incremental and not ground breaking and many people they will never go beyond ~O(sqrt(N)).
But there are practical reasons why you shouldn't be afraid of the government snooping on you. First, you are most likely boring. Unless you work for a foreign government, or you are involved in the weapons industry the RSA probably doesn't care about you. Even if you use PGP to trade child pron, the RSA has bigger problems to worry about. If they RSA had some magically decryption algorithm, there is so much information out there, that they cannot dedicate hardware to decrypting messages unless they believe it is a matter of national security. Most, if not all, of the information they collect is in plain-text form. If everyone used PKZIP to encode their messages, this would be probably require more processing power than they could handle to scan the data.
Local officals are a million times more likely to just raid your house and use "find" rather than try to tape your phone line. In fact I've never heard of a single case where local officals have tapped a modem-line and decrypted a message. It's much easier, cheaper, and faster to go straight to the source.
Bottom line is using PGP with any length key is probably safe. Use keys >2048 bit keys if you are selling nuclear weapons.
-- Virtual Windows Project
So many of these posts are concerned about echelon picking up every little bit of data going around on the net. It is probably true the NSA can monitor all traffic at various international chokepoints, as well as a large percentage of phone conversations. They keep logs of suspicious activity, while dumping the content and most of the innocuous stuff immediately. Chances are most slashdotters and everyone else doesn't make it past the first level of filters, but I would bet a copy of this discussion makes it to someone's desk for analysis(buy me a pint, J) and a good laugh.
/. logs on a regular basis and use the IP address to match AC postings to possible accounts. C-taco and Hemos have never stated they dump the logs on a regular basis or never back them up, so AC is a bit of a farce if it ever comes down to serious law enforcement action.
What worries the ones who are paid to worry about things like this is directed surveillance. If the echelon filters pick up something and it gets you onto a watch list, then any messages from/to you get collected and analyzed by a human. At that point they can determine whether you are just some snot-nosed college brat using PGP for fun or whether you should be monitored more closely.
The watch lists can probably number around 100,000 to 300,000 targets, with AI-like knowledge engines flagging only the most interesting changes to the watch list for humans to review. I understand there is a much fought over pecking order within the ranks of echelon/NSA analysts to get their filter to be on one of the higher tier alerts when they think their project is important. Each target gets a dossier opened on them and stored in a big case management database [remember INSLAW?], with various bits of info and analysis added as necessary.
Directed surveillance of embassies, terrorist communication channels, high ranking political types, and business leaders is the highest tier of alerts, producing reports of activity every day. Lesser tiers cover suspected drug activity, crackpot political fringe groups, key players in telecoms operators and military suppliers, and business and entertainment movers and shakers.
On the back end, post-event analysis of collected material can often reveal a bunch of information to analysts and law enforcement liasons, giving them all kinds of leads. [did anyone notice how the gay navyman on AOL just happened to have the exact same name as a convicted terrorist? coincidence, or the result of a very deep analysis of stored material?]
I'm too lazy to log out to AC, I figure someone [them!] grabs the
the AntiCypher
P.S. I especially like the people who go through tons of iterations just to hide something, is what you do so important that it needs hiding?
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Actually, the NSA can classify any work that is submitted to the patent office. The way it works is that if the NSA sees something that is submitted for a patent and they think that it is interesting enough to them, they have the authority to classify that patent. So what happens is that a crypto researcher will attempt to patent their method for encryption/decryption, and it comes back that while they got the patent, it's been classifed, and there isn't a whole lot you can do about it!
So let's assume that the government has a hypercluster of computers that are a billion billion times faster, en masse, than the ENTIRE
distributed.net.
It would still take them 1e20/1e18=100 years to break _ONE_ 128 bit key.
2099: "Well, Fred, it took a hundred years, but we finally decoded the message! And those pesky Slashdotters thought they were so smart."
"What does it say, Bill?"
"It's printing out now... M... A... K... E... space... M... O... N... E... Y... space... F... A... S... T... space..."