Slashdot Mirror
Can the NSA brute force RC6? Probably.
Anonymous Cypherpunk writes "The latest Cryptogram Newsletter has an interesting link to a paper about the feasability of building a RC6 cracking machine much like the EFF's Deep Crack DES cracker. The proposed machine would cost roughly $280 million and be able to crack a 64-bit key in an average of only 3.58 minutes. "
There is a book called "The Puzzle Palace" from the early 80s... Interesting reading...
With RS/6000 and such why would the NSA use commerical chip technology..... why not just use 'big iron' such as crays/alpha processors/soviet chips (slashdot article early this year).... yeah I know its part of the design just..... you would think that getting someone to code the software for a big system would be easier than having a million PC boards........
If a terrorist want to smuggle in one of them there H-Bombs, all she would have to do is hide it in a bale of mari-joo-ana. Customs would never find it.
this is a great use of tax dollars. if you think the US could do much better..think again. do you want 280m going to the military?
face it..not much good could can come out of the government. nasa and science/math are probably the best uses for the billions of dollars that the government gets each year.
but then where do all the purrrrdy graphs come from?
They've got 15 acres of mainframe and high-end computers under a secret base already in the US. Please, they've BEEN cracking 64-bit code for a frickin while now.
Do you REALLY think they haven't?
"an average of only 3.58 minutes."
Does this mean that the longest it could take to
crack would be 7.56 minutes? My reasoning is that,
assuming random key distribution throughout key
space and assuming that the program goes through in
linear order, the shortest time to crack would be
"0" seconds, and with an average of 3.58 sec, the
last key would be tried at 7.56 secs. Am I right?
Ok, slightly off topic, but is anyone here familiar with the US cryptography export policies? I understand that export restrictions on 56bit DES have been eased, but it's still necessary to submit the software for a 'one time technical review'? How does one go about doing this?
Also, if I use cryptographic routines obtained from abroad, is my software still subject to export restrictions?
The NSA can break just about any code. They have literally hundreds of acres of computer systems, custom hardware and some serious brains.
Their budget is undisclosed and they answer to no-one.
They literally intercept and check every electronic communication on this planet. Every telephone call, email, fax from anywhere is intercepted, decoded and scanned for important information.
Some people laugh at this sort of thing. Believe, they do have the capability! Even back in the 70s they were intercepting and doing voice analysis on every word spoken.
Their mission is to know everything worldwide and I'm pretty sure they do a damn good job, they have listening stations in every country and even in space!
Unless you've been at the sharp end, you probably don't believe that such a massive invasion of privacy is occuring every day. It is and there is nothing anyone can do about it.
Oh, and yes, the boys at the NSA do read slashdot!
Unlikely, but possible. One way to help would be to have the PC controller for each node do some of the analysis on positive hits, and only if it failed the controller's check, send to the master for final analysis.
In a similar vein check out the (somewhat tounge-in-cheek - but realistic) paper on building an RC5-64 cracker I wrote a year or so ago at http://www.taniwha.com:80/~paul/rc5.html
They have their own god damn chip fabrication plant.
You think they can't build specialized cracking chips "cheap"?
Hmmm... I wonder how many K6-II systems the NSA is going to donate to the TeraFlop project..?? :-)
Pete
We didn't bomb the Chinese embassy to suppress Serb communication or takeout Chinese intelligence efforts.
The best theory I've heard is American stupidity. Basically, they were counting on Kosovar/anti-Milosevich agents to give bombing coordinates. So, a Serb snuck into the spy ring, sacrificed a few good targets to build a reliable rep, and then one night said "I got you a mobile target at X, but you have to hit it now." The coordinates were the Chinese Embassy, and the jerkoffs didn't bother to check. To the particularly dense, the plant did it knowing the US would lose a lot of world support if NATO bombed a sensitive non-military target.
NSA probably specified these boards from the very beginning. They have been into building special purpose code cracking computers since WW II and should know these things very well.
Expect them to get allmost everything out of these boards. They know their trade very well.
/007
According to http://www.milk.com/wall-o-shame/gray_men.html, the NSA is much further ahead than the rest of the world, which means they've probably cracked all the codes that are crackable ;-)
Intel gave the military the designs for the Pentium some time ago, so really, some of the $280 Million can go to fabricating these Pentiums while the rest of the $ go towards other hardware essentials. The initial intentions were to use these chips to power laser- (or whatever) guided missiles but since it's kind of silly that Intel can keep the military from spreading the design to other branches of the gov't, I doubt they'll use 486's.
Speaking as one who was offered a job there, and toured their facilities, let me tell you that they do indeed have a shitload of computers. I'm talking dozens and dozens of really powerful computers (and I just visited a lab or two.. I'm sure they didn't show me the really cool stuff).
Speaking also as a graduate of a top engineering/geek college, let me also tell you that they don't have the brightest bulbs from the bunch. I'm not saying that the people there are dumb, but the smartest people I know were not interested in the slightest in a job at the NSA (and who can blame them -- look at the pay). They really wanted to hire me (at first), and I'm no Einstein :)
Also -- if you're interested in a job there, I hope you didn't have a social life in school. That killed my offer. I should have listened to Bill and not inhaled. Just as well -- the people there don't see the bright of day too often. They were definitely not the most interesting people to work with, nor the most knowledgable.
How can you say the NSA has oversight in congress when they flatly refused to testify before the congress about the subject of the recent leaks on the Echelon system and the USAUK agreement claiming, of all things, attorney client privilege. As far as I am concerned the NSA has only one client, the people of this country, and when they tell the NSA through their elected representatives, to show up and explain them selves, the NSAs only response should be "where and when, sir?" How else can you say we have a democracy? I think this is shameless, and if I were in congress I would zero out ANY and ALL authorizations and appropriations until such time as they expalined themselves to my satisfaction.
AES specifies 128,192 or 256 bit keys. Using RC6 (or any other AES candidate) at a length of only 80 bits is not operating according to specification. The machine as designed tests 4.3*10^16 keys per second. At 128 bits, the average length of a key search will be 1.25*10^14 years. 80 bits will take more than half a year. Now consider the cost per break. Assume the machine doesn't use electricity, requires no maintenace and you don't pay for floor space. Assume that the machine lasts for about 5 years. Then they can break a grand total of about 10 keys during the machine's lifetime. Cost per key = $28 million. If you have a secret which, if divulged within a half year would be worth $28 million to somebody, then maybe (big maybe) you have something to worry about. Use AES as designed, 128 bit minimum.
And I didn't complain because, hey, they should have saved their virtue for that important post-doc gov't-sponsored privacy invasion.
Then they took the hard-driving fighter and attack pilots with fallen arches, and put them to work beside the fallen cryptographers.
Then they took the special forces infantry commanders who'd been passed over for promotion once too often, and put them to work.
Then they took the thirty-year spooks who preferred private industry to poverty, and put them to work too.
Then when they came for me, I looked at the half-dozen ring-knocking Perfect Candidates who stood between me and genuine disaster, and I began to have a sinking feeling in the pit of my belly.
Did the person who posted this article even bother to read the paper it points to?
/. capsule summary was .. unfortunate: RC6 is +not+ known to be insecure or breakable at present or in the forseeable future.
The author's conclusion is that key-lengths of up to 80 bits are feasibly breakable by an organisation with resources like the NSA.
RC6, when used as intended for the AES submission, operates on keys of length 128, 192 or 256 bits.
This is not even remotely breakable by the estimates in the paper.
The wording of the
Article concentrates on cracking 56 bit keys. Everything serious (ssh,pgp,apache-ssl,fortify) today uses 128 bit keys. Except for my bank, who are using a commercial ssl server.
Mayby they think closed-source, short-key cryptography gives a more security, than reviewable, secure , cryptography...
Bleh.
First off, let's assume that with $280 Million, you can buy 100 million 486's (which is rather unlikely given that with PC's, you would need hard drive space, motherboards, cases/racks, and the network cards/hubs to connect them all.
Now let's assume that you get a genius programmer (willing to work for free, though the cost of the programmer will be minimal compared to $280 Million, so this is not all that far-fetched), and this brilliant programmer somehow finds a way to get the machine to do one round of the algorithm in one clock cycle, meaning that at best (on an overclocked 100+ Mhz 486) each 486 can do 10 million iterations per second for a 12 round system. This now works out to a total rate of 1 trillion iterations per second, or roughly 2 ^ 40 iterations per second. This means it will still take 2 ^ 39 seconds to break one 80 bit key (given that on overage you will only have to search half the key space) 2 ^ 39 seconds works out to be roughly 17,000 years assuming I didn't totally miss something.
Next off, just in case I missed something here, you still have the issue of heat, space, and power consumption. As it is, the very densely packed hardware system would require a large portion of the space of the pentagon (hence the adoption of networks); less densely packed 486's would take up considerably more space, and would use considerably more power.
On the other hand, using the money for a beowulf does have some merit; a beowulf cluster could be easily (relative to pure hardware) converted to attack a different crypto system, however I doubt a suitable 486-based beowulf system is feasible.
I seem to recall some input they gave on the S boxes for DES, when it was being developed. A lot of people thought they put in a nice trap-door for themselves, until a few years later, when it was realized that the numbers they gave avoided some hole that the origional numbers had.
I can't really remember the source, and it's foggy in my mind, so don't trust the anecdote too much, unless someone else comes up with the references. However, if this was the case, it would point towards the NSA being a bit ahead of the outside world.
No, yer right. It was the invention of "differential cryptanalysis" -- basically a chosen-plaintext attack whereby you force pairs of plaintexts over and over through the coding machine until, bit by bit, the biases in the pseudo-random scrambling functions come out as systematic differences in the cyphertexts, and the machine gives up its key.
It works for a general class of s-box like functions but (as Biham and Shamir noted in the original paper) not for the DES s-boxes themselves. Previous to the (re)invention of diff. crypt. in the public literature, the NSA had been very cagey about why they used that particular algorithm -- making everyone worry that DES had a back door. But after the paper was published, they admitted that they'd known about differential cryptanalysis for years, and had designed DES to be proof against it.
So I'd say a lower bound on the gap between NSA and the rest of us would be the gap between the publication of the DES standard [1977] and the publication of the differential cryptanalysis paper [1991].
jsm
http://www.nsa.gov:8080/
"Providing and protecting vital information through cryptology"
Does anyone else find that ironic & hypocritcal?
And if a big three or four letter agency wanted to build a series of these machines, they would get their own chip foundry going, and the price would come down as time went on. Assuming the NSA has done that, you can imagine the cracking power they can throw against codes they haven't comprimised yet.
The following is a quote from some NSA recruitment literature:
"Your work may also take you into our microelectronics fabrication facility that includes a 20,000-sq.-ft "Class 10" clean room. It is here where we are redefining the limits of an array of key technologies - everything from electron beam maskmaking and "direct write" wafer lithography, to wafer fabrication and testing, and more."
So they can make chips themselves. But for a production run necessary to build this cracker it might be cheaper to have someone else make the chips, cause you need about 64 million of them.
Every key is assumed just as likely as any other key (in a brute force attack). Key number 1 is exactly as likely as key number 2^63 is exactly as likely as key number 2^64 - 1. Thius means that the distribution is uniform.
That's what the remarks by Gilmore and Brazier concerning controllable search order was about. Unless you're extremely careful about the randomness of your key-generation technology, your actual key-ditribution will not be uniform, and your keys will most probably fall within a very small fraction of the potential key-space. If you understand how they are distributed, you can shrink the sub-4-minute mean time to crack into something far smaller -- probably under one second, and dominated by set-up time rather than by the cracking computation itself.
"My opinions are my own, and I've got *lots* of them!"
Oh, and the NSA does have oversight. Not as good as I (nor many people) would like, but they do answer to congress and the DoD.
The NSA routinely refuses Congressional requests for information (on the occasions it IS brought to the attention of congress). That's not oversight, that's a sham.
Considering that a good secrecy tactic is to deliberatly leak damaging information to keep people from digging for disasterously damaging information, one must wonder what's going on there. Don't ask Congress, they don't know.
The president MIGHT know what's going on in the NSA. Consider though that this is an organization dedicated to digging up deep dark secrets, and that the president has an image (such as it may be) to uphold.
Looking at the balance of power in the above relationship, this is a recipe for disaster. It might as well have been designed to be corrupt. And We The People are supposed to believe that in spite of this, in 50 years time, the NSA has not become corrupt?
In theory, they could shut it down, but in reality it won't happen unless or until the consequences of NOT doing so outweigh having every dirty little secret revealed to the world (and a few total fictions as well).
I'm not sure that even a public opinion strong enough to guarentee that NOT shutting them down would mean being un-electable ,even as dog catcher, for life would be enough to counter having every last secret (including stealing a fig newton from mom's cookie jar at age 4) revealed to the world. This one may require villagers with torches and pitchforks.
We've seen stuff like this before. Does the name E.J.Hoover ring a bell? History is on the side of democracy -- without resorting to the "lynch mob" kind.
J. E. Hoover lived a full life, died a natural death, and was buried with full honors. All while nasty rumors (probably true) circulated everywhere. Those rumors were enough (at that time) to end any career in Washington unless extrordinary means were used to stay in power. I don't see how that helps your point.
J.E. Hoover was also a one man show. His death ended (as far as anyone knows) the extortion racket. The question is, in NSA's case is it one man (in which case it will go on until that man dies) or is it institutional? (in which case, only the 'lynch mob' will end it).
Keep in mind ( Re: Germany and strong encryption) that the NSA has a history of infiltrating corperations in Europe who make strong encryption equipment, and inserting fatal flaws into the design. That's how they decrypt diplomatic channels. The EU could seriously limit the NSA's power, but that would effectivly BE the lynch mob since the action would not be coming from those who supposedly have oversight.
One big goal in cryptography is to eliminate any such curve. Ideally, the keyspace and the cypher text both look like white noise.
Perhaps my definition of "lynch mob" is different from yours" (I'm picturing burning buildings, here).
I think I allowed my metaphore to cloud the meaning. The burning buildings will be more a figurative thing. I'll try to experss it better:
The NSA will not be shut down by an act of congress, the president, or the DOD. It will be shut down by consistant and loud public outcry. The leaders of the NSA may well feel as if the metaphorical angry villagers have surrounded them. The process will need to take place on several fronts. The people of the EU will have a role to play as well, by demanding that their governments withdraw support, facillities, and permission to base operations on European soil. There will probably be many angry words (even more than usual) in the U.N. over this.
Short summary, it can be shut down, but not by those who supposedly have oversight. It has grown too powerful for them.
Mean is the average value, whilst median is the middle value. Neither are guaranteed to be exactly halfway from either end of the range. My gut reaction is that the range would look similar to a skewed gaussian curve, with -ve infinity replaced by 0 and a worst case situation being a lot higher than 7.56. Comments?
:)
BTW, it was 3.58 minutes, not seconds
"We have seen that the machine can do a full exhaustive key search of a 64-bit key in 7.16 minutes. On average, only 50% of the keyspace needs to be searched, so the average keybreak will be in 3.58 minutes."
:( Of course the range is bounded because we know how many keys per second can be tested, and how many keys exist (2^64). I still think that it will probably be shaped like a gaussian curve though.
You are right. I should have read the article before I opened my mouth... sleep deprevation, excuse, excuse, etc
Also, the NSA would have never OKed DES if they had known the algorithm could also be implemented in software. (There were enough details in the specification to do so.)
computers://use.urls. People use Networds.
But what is fiction and what is fact?
I don't know since when the NSA operates, but they are around for some years. I would like to know if any real proof about these mythical abilities surfaced in the past, some stunt the NSA performed that they were the only ones being capable to.
This is one of the things I wonder. There is lots of software available that would make spying harder, but still your software - lets take any UNIX distribution - comes preconfigured not using this.
So the default is lower security. Why is it not the other way round?
Would it really complicate the installation so much if for example PGP would be made part of the default installation process?
Why do we have telnet or ftp preconfigured, but not have ssh or scp running out of the box?
I would like to see a change here.
Yes. This calculation only works with "average" values.
Now suppose that the cleartext is not known, and is compressed. Then no assumptions can be made about what byte values will appear in it. Those chips would have to be quite a bit more complex - and slower - to do decompression before checking whether the result contains only ASCII printable character codes.
But you're absolutely correct -- a message should be a certain minimum length. Otherwise, the use of a long key and advanced encryption would be pointless.
Kythe
(Remove "x"'s from
Kythe
From what I understand, the NSA does have the capability to intercept most, if not all, telephone calls made between America and other countries. I would bet most of these calls are dismissed out of hand as "unimportant".
While it is evidently true that the NSA and equivalent organizations in foreign countries cooperate in the "echelon" program to spy on each other's citizens (since most such departments are prevented by law from spying on their own citizens), I would bet that, again, most communications are simply not important enough to waste valuable time and resources on.
The Internet, by contrast, is potentially a different matter. It is so easy to set up a backbone node and simply scan for keywords that I find it difficult to believe that it's not done. But again, there are practical limits to what the technology can do. I would bet most encrypted messages go unnoticed and undisturbed unless they're between certain people.
Oh, and the NSA does have oversight. Not as good as I (nor many people) would like, but they do answer to congress and the DoD. The trouble is, for the most part, what the NSA does doesn't seem to be routinely brought to congress's attention. Additionally, their budget can be inferred from the fact that they receive their funding as part of the overall DoD budget.
And for what reason do you believe they can "break just about any code"?
Kythe
(Remove "x"'s from
Kythe
Oversight of the form necessary to prevent abuse simply isn't there when it comes to the NSA (from what I've read), and much needs to change.
The point I was trying to make, however, is that, should they choose to do so, congress and/or the president most certainly could change or even shut down the NSA. And at least in name, the NSA does answer to these bodies.
Kythe
(Remove "x"'s from
Kythe
Further, things could get much, much worse for the NSA than they are. I really think they'd be overplaying their hand to try blackmail.
We've seen stuff like this before. Does the name E.J.Hoover ring a bell? History is on the side of democracy -- without resorting to the "lynch mob" kind.
Kythe
(Remove "x"'s from
Kythe
Regardless, Mr. Hoover's tenure in the FBI was widely regarded as the height of its abuses of power. Nonetheless, that power was curtailed through legislative means. Yes, the man had a very successful career, and in many circles, he's honored. In many others, he's villified. How he's remembered isn't the point -- rather, the fact that the democratic system triumphed is.
What we're dealing with (as most seem to agree) is an abuse of power and insufficient oversight. Regardless of the number of people involved, they still, ultimately, answer to/are funded by a democratic system of government. It will probably take courageous folks to rectify it, but such people seem to be taking an interest in the matter, and I have faith that as long as democratic systems of government exist, things like this tend to be rectified.
Perhaps my definition of "lynch mob" is different from yours" (I'm picturing burning buildings, here).
Kythe
(Remove "x"'s from
Kythe
The flip-side of this is, major efforts at public-domain cryptography have only been going on a short while -- pretty much over this decade. Prior to this, it was mostly small efforts outside the NSA. Nonetheless, differential and linear cryptanalysis were discovered after a relatively short time.
IOW, I believe the public-domain efforts are catching up.
Kythe
(Remove "x"'s from
Kythe
All of this info is public knowledge, interestingly enough. 15-20 years ago, noone would even acknowledge that the organization existed. Now they recruit on college campuses.
My, how times have changed :)
It is an interesting question as to whether such an organization could, in ~50 years of dedicated work, defeat mathematical problems that have stood (in some cases, such as the factoring of large numbers) for more than 2000 years as either "extremely difficult" or "unsolvable". My money's on the notion that they're about 10 years ahead of public domain cryptography at this time. They're not gods, however. I'm betting they've probably gone quite a bit further in developing certain technologies useful for cryptography, such as quantum computing (if it can be done), photonics and quantum encryption.
However, it's important to remember that even an organization that could break DES or RC6 (or any encryption, for that matter) in minutes would be overwhelmed if everyone used encryption (real-time mass scanning of internet traffic, for example, would be impossible), and the NSA knows it as well -- this is one reason they've campaigned alongside the FBI to limit the spread of encryption technology.
As far as proof, there are three resources I've found on the NSA. The first is the book "Puzzle Palace" published in the late 70's/early 80's (I don't recall the publisher or the author). The second is the NSA's own website. And the third is hearsay, including alleged NSA employee manuals, etc. published on the 'Net. Needless to say, the last is the least credible.
I'd bet we'll see more possible NSA stunts in the future, as they work more closely with the FBI on high-profile cases that involve criminals and terrorists. Such instances, I would think, would be inherently more visible than the super-secret breaking of Russian launch codes.
Speaking of which, I heard not too long ago that the Russians use RSA encryption for their nuclear launch systems. That alone tells us something of the NSA's capabilities, or lack of same -- assuming it's true.
Kythe
(Remove "x"'s from
Kythe
64 bit and 1024 bit encryption generally refer to 2 different things. The 64-bit encryption is usually symmetric, and relies upon various mathematical convolutions. The 1024 bit encryption is usually a "public-key" encryption method, and is considerably easier to crack for a given key length. 128-bit RSA, for example (if such a thing were available) would be so insecure as to be virtually useless, whereas 128-bit IDEA or CAST is unbreakable, to the best of public-domain knowledge.
Kythe
(Remove "x"'s from
Kythe
I assume that you are reffering to distributed.net's effort in DES-III. At the time of that contest, we had about 40,000-50,000 'active participants' who had submitted blocks within the previous 30 days. Currently, we are working on RC5-64 and have about 67,000 participants who have submitted blocks in the past 30 days. Over the entire life of the RC5-64 contest, blocks have been submitted by 188,845 seperate email addresses, but as you can see, most of those emails are no longer active.
Jim Nasby
distributed.net
> um, why would the growth of capital be a linear
> function? especaly if population growth was
> exponential.
It's the Malthusian Fallacy all over again.
---
DNA just wants to be free...
Well, it's taken us 630+ days to do about 10.5% of the keyspace. Hrm. If this can crack it on an average of about 3 minutes 35 seconds (3.58 minutes, rounded up) . . . hmm... I'll do the number crunching and try to estimate a keyrate within the next 18 hours.
This thing dwarves the Russian E2K for sure. =)
Bummer. I took the stats at face value.
So much for what was shaping up to be a decent conspiracy theory. Next step was to create a web page that suggested little tinfoil hats for one's mouse as a preventative.
--
Don't like it? Respond with words, not karma.
"pretty inefisent [sic]"
So, then, you'd be one of those uptight, humourless sorts that wouldn't recognize a joke if it leapt up and bit you on the arse, eh?
--
Don't like it? Respond with words, not karma.
Just over 188 thousand people are involving their machines in the DES cracking effort. Nearly 900 thousand are participating in SETI@home.
What if SETI@home were just a ruse by the NSA to bust open encrypted messages? Package it as something exciting, get all those none-techie-geek people involved...
Ooh! Spooky! Hey... what's that sound? Is someone ther...
--
Don't like it? Respond with words, not karma.
April 5th, 1999 the New Yorker magazine ran a story about the NSA's campaign (using the UN's inspection people as a cover) against Sadaam Hussain during one of the (many) Clinton bombings:
"The encryption system on Saddam's telephones, made in Sweden, was as sophisticated as any on the international market. The phones had a series of channels, and on each channel were algorithms that chopped the signals into hundreds of bits as the channesl were switched." (p. 32)
"Early in the spring of 1998....the algorithms were unscarambled, and Saddam's most closely protected communications were suddenly pouring into UNSCOM"" (p. 32)
And more...
"In March of 1998, a high-tech team from the National Security Agency. which is responsible for American communications intellegence, flew to Bahrain to revew the telephone intercepts. One official recalls that once the intercepts had been decrypted and transalted the Americans told themselves, "Here's the best intellegence that we ever had!" (p. 35)
"Then in April of 1998, operational control of the Saddam intercepts shifted to one of America's least publicized intellegence unites, the Special Collection Service. The S.C.S., which is jointly operated by teh C.I.A. and the N.S.A. is responsible for, among other things, deploying highly trained teams of electronics specialists in sensitive areas around the world to monitor diplomatic and other kinds of communications. Its operations are often run from secure sites inside American embassies." (p. 35)
All this makes me really suspicious of our bombing of the Chinese embassy-- what that was really about... And also-- it doesn't seem like there's too much the NSA *can't* crack if they want to...
I recommend that article, btw, it was pretty interesting and talked about a lot of sigint stuff in a suprisingly frank way.
W
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
Doesn't a good key-length depend on message length? That is to say, a message must be a certain length compared to a key-length (1/2x, 1x, 2x?) to be able to be encrypted by that key?
Granted, anyone whose bothering to encrypt probably knows this, but for those who don't, the crypto software generally pads the message length with pseudo-random data, whose contents can be inferred and used to assist the crack.
Or am I just talking out of my ass here? This really isn't my field.
pooptruck
Is this
;D
* $280 million US consumer dollars, or
* $280 million US government contract bid dollars?
Cuz if it's the latter, don't forget that you have to cover the administrative costs of putting the contract up for bid; costs of parts, labor, and "reasonable" profit to the contractor; costs of a lengthy service contract that is also lucrative to the service organization; cost of integration into the existing systems on site; cost of training personnel to use such a system... oh yes, and the padded-in $100 million to fund classified projects at various locations, including Area 51.
Sounds like $280 million dollars is a steal for such a box!!
SlashSigTheorem: Humorous, Political, Critical, Constructive- If you have a
I work for a company that makes massively parallelized boards for doing text matching at extremely fast rates. I know for a fact that getting a single board with no faulty chips can be quite a chore. Assuming that the NSA could produce thousands or millions of these boards I bet only 75% of those would work. (that's gonna kick the price up a little!) Plus mainframes can lose a processor a day. If you had 10 zillion chips how many of those would die every day? Surely that would slow them down. All that taken into account my guess is that 3 secs is WAY longer than it ACTUALLY takes ;-)
My sig has a broken link in it.
Dude, NO amount of math will make social secrity work.
They should put the same money into a Beowulf cluster. 280Mil would buy a LOT of 486's.
I am not your blowing wind, I am the lightning.
what it doesn't run linux? boycott the nsa and the us govt.
I noticed a logic flaw in the calculation of bandwidth.
he said that there would be X amount of "false positives" during each run. while it's true that X amount of false positives will ocur, you don't know *when* they are going to happen, in other words, you could end up with all the positives going off at once, and locking up the system for quite some time.
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
beacuse it would cost ***a lot*** more money, in order to get the same performance. the artical said that a pIII can crack 300,000keys or so per second
this box can can do 10, million * 2^32 or 42,949,672,960,000,000 keys per second. assuming that these bad ass CPUs can do 800,000 keys per second, you would need 53,687,091,200 of them. or about ten for every living person on earth. that would cost a lot
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
um, why would the growth of capital be a linear function? especaly if population growth was exponential.
if that were the case, we would have *a lot* more to worry about......
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
$280 million would buy a lot of hookers and beer.
in fact forget the beer
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
yes, read the whole artical
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
dude, they arn't *actualy* doing this, this is just some guys thoughts on how much a computer like this would cost to build. there's no indication that the NSA, is building, will ever build, or hasn't already built such a device
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
Funny to see that article by the EFF. They have no idea how much they have underestimated the NSA.
I used to work for a company called Annapolis Micro Systems (Annapolis, MD). They specialize in selling high performance configurable computing boards (both VME and PCI versions). These boards are especially suited to numerically intense algorithms (image processing, encryption).
It's no big surprise that the single biggest customer of AMS is the NSA. They routinely bought Wildfire arrays (see website) by the dozens. Two guesses as to what they were using them for, and the first doesn't count...
It must be emphasized what kind of power these arrays confer. Anyone familiar with configurable computing knows several things:
1) It's not for the light of wallet.
2) It requires a hefty design overhead for each application.
3) It presents the fastest known solutions to almost every NP-complete and iterative solution problem ever posed.
I am a hardware designer by trade, and I can tell you that is almost beyond my ability to measure what kind of processing power these boards can enable, purchased in groups.
Be afraid, be very afraid...
(Author's note: from my limited knowledge of encryption, keys larger than 1024 bytes probably aren't crackable by brute force in this day).
The opinions I post here have nothing to do with my employer.
$280 million is nearly pocket change to Bill Gates... Big Brother watching you? nah, far more insidious... Big Bill.... All anti-microsoft encrypted content will be monitored...
XML is like violence. If it doesn't solve the problem, use more.
Exponential vs. Linear might not be right, but if
... ask the SS Admin. innocently if you can make a withdrawal on your "contribution account"), and made our elders dependent on its largesse. Robbing Peter to pay Pauls' kids, stealing candy from generations of babies.
rate of output > rate of input, then the eventual effect is the same. The pot, toilet tank, refrigerator, coke can, bank account etc all grow empty, at rates varying with the difference between the in- and out- streams.
Social security? Non-sequitur, except in a graveyard. The government made promises which it assumes our asses can keep (lying blithely about the actual set-up
As someone else pointed out, you don't need a multi-million dollar computer to show this, just the willingness to see truth. The US gubmint is lying to the young to justify its defrauding the rich in a setup which would be prosecuted as a Ponzi scheme if the applicable laws applied to federal agencies.
timothy
p.s. Not to mention the obvious Orwellian aspects of the ubiquitous "SS number, please," which for the sake of readers I will not get into right now;)
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Beside saying nah nah.. to us internet people..
Why would they bother? Anyone who is using crypto
extensivly, especially to hide illegal activities
isn't using 64 bit. Probably using 1024 bit keys or higher. Only thing I can think of is to build a machine that can actually crack much higher keyspaces, but just say that you are only cracking 64 bit so as to not piss off the public about violations of privacy and such.
The greatest and probably most known stunt is cracking the WW II Japanese crypto and keeping that secret. After WW II they promoted the use of that crypto system just to lure other governments into using something NSA could read as an open book. Many small nations have enjoyed the benefits of the NSA helping hand.
Now it seems that they are trying other means of promoting weak crypto. The more modern approach is via the Wassenaar agreement. This will have a more long term effect by killing off the development of future strong crypto systems. The message is sign this agreement if you wan't to buy our modern weapons. This will have the added benefit of NSA peer review of most correspondence.
//Pingo
--- Linux or FreeBSD, it's like blondes or brunettes. I like both. ---
While I'm sure you have good intentions, it's attitudes like that which keep us from actually getting off this dirt ball before the big one hits and all life is expunged.
...
If it weren't for SETI and NASA using cheap collaborative methods, we would have no chance of any long-term survival.
Yes, the NSA is bad, but leave SETI out of it, ok?
Will in Seattle
they don't call it the Space Needle for nothing
and if my code there fails, oops
Will in Seattle
280 Million of our tax paying money to assure ourselves that terrorists from countries with GDPs lower than half that amount can't gain access to the technology to encrypt their diabolicle plots to smash this country.... yeah right. how about using the machine for something OTHER than breaking encryption keys, like, oh, i dunno, doing the math that will make social security work, rather than going bankrupt within the next 10 years? 280M seems like a lot of money to be spending on a machine i'm not so sure we NEED, and one that won't get all THAT much use.....
i want to live life, not just go through the motions
Its much more interesting than the theoretical brute force machine.
:-) Or if I am, everyone will be doing the same cheat, until we all decide to fix the rules.
I like the quote about cheating. Been doing that all weekend. Great fun being accused of cheating when all you do is exploit a loophole in the rules. Don't know if I'll ever be invited back for a games night again
There is a good follow up about good security == good engineering.
And the JYA article is a simple extrapolation of the EFF's DES breaker to more bits. A quick look at the numbers and I don't think it would cost anywhere near as much to build a machine like that. And if a big three or four letter agency wanted to build a series of these machines, they would get their own chip foundry going, and the price would come down as time went on. Assuming the NSA has done that, you can imagine the cracking power they can throw against codes they haven't comprimised yet.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I can do the calculations that show social security can't work on my TI-86... just graph an exponential function to represent population growth, and a linear function to represent growth of capital. If they cross then the bank goes bust.
(on topic) The scary thing is that the computer predicted in this article would run at 100 mhz and could still crack RC6 in 7.19 minutes. Think of how fast 1 ghz chips will this time next year... or 5 ghz chips by 2002.
... and there is no doubt, that one day he will be
where the eye of his telescope has already been
Why is the NSA trying to crack 64-Bit encryption?
First, why is it trying to crack encryption, isn't this part of the whole Big Brother thing.
Second, why 64-Bit, at that speed, to crack
128-bit it would take 28087540083642867424704551414336999000 min.
That's my 1/50 of $1.00 US
JM
Big Brother is watching, vote Libertarian!!
--Justin Mitchell
"2nd Place is a fancy word for losing" --Bender (Futurama)