NSA cracks encryption algorithms

[ElNono]

"average person" what does that make you, Einstein?

The concept is pretty simple, there is nothing rocket science about understanding the concepts of algorithms and "breaking" an alogrithm. Here I'll explain it to you in simpler fashion:
An algorithm that is "broken" here means that there is a published attack that is computationally faster than a brute force attack.

to say that the current State of the Art Encryption algorithms are "unbreakable" is pretty naive, given that algorithms get broken on a daily basis. Again all you need is the computing power and engineers developing set of methods to break it. Again breaking means being able to decipher codes in relative "fast" fashion. the point of the thread is it seems NSA has probably broken most if not all.

What I mean by 'average person' has nothing to do with intelligence, don't take it that way. Merely with understanding of actual applied crypto, algorithms, etc. It's exponentially more difficult to have a meaningful discussion about encryption with somebody that really doesn't know how things work (and there's nothing wrong with that, people that don't work in this area mostly do not, and that's how we end up dealing with this ).

There's nothing unbreakable. There's no security, then different levels of security. There's normally many attack vectors in a security chain. While the algo is the most convenient for obvious reasons, part of security analysis is identifying the weakest link. And sometimes the algo isn't it.

As far as the quote you posted, the rest of that paragraph applies:

Note that most cryptanalytic attacks against ciphers are still too complex to apply in practice. Widely cryptanalysed ciphers like Advanced Encryption Standard are considered stronger than un-cryptanalysed ciphers even if there are impractical attacks against them.

So, no, for an en y like the NSA, a theoretical attack that's currently unfeasible really doesn't work for them. They need the data. An attack that reduces the key search from 10 quadrillion years to 3 trillion just isn't going to cut it.

There are certain areas where attacking the algo is the weakest link (ie: cellular phone calls). That's an area where the NSA pushed for a ty, well known faulty algorithm and got away with it.

But for areas that use things like AES, in this day and age, there's just much easier attack vectors than the algo. Obtaining the keys is much simpler since it's not the end user the sole en y that has those keys.

well good luck believing that. The fact that they ask for keys has absolutely nothing to do with the fact that they could be working on ways to circunvent that. It's like saying "why is that cop asking for my license if he is going to identify me anyway?"

Well, unlike a cop, these guys prefer to work in secrecy, and having to go out there and coerce companies when they wouldn't need to (if they could just get the keys themselves) just isn't something that strikes me as secretive.

If you're interested in the political background of this, you should check out articles on the Clipper chip back in the 90s and the release of PGP back then. That's probably one of the few times the NSA literally their pants.

[cheguevara]

Well, unlike a cop, these guys prefer to work in secrecy, and having to go out there and coerce companies when they wouldn't need to (if they could just get the keys themselves) just isn't something that strikes me as secretive.

If you're interested in the political background of this, you should check out articles on the Clipper chip back in the 90s and the release of PGP back then. That's probably one of the few times the NSA literally their pants.

disagree. Like cops the NSA does it because they can. They have the power. Believing they absolutely must have no other way to read your data because they ask for the key is silly.

[boutons_deux]

Government Standards Agency “Strongly” Suggests Dropping its Own Encryption Standard

The NIST standard describes what is known as an “elliptic curve-based deterministic random bit generator.” This bit of computer code is one way to produce random numbers that are the cornerstone of encryption technology used on the Internet. If the numbers generated are not random but in fact predictable, the encryption can be more easily cracked.

The Times reported that the Snowden do ents suggest the NSA was involved in creating the number generator.

Researchers say the evidence of NSA influence raises questions about whether any of the standards developed by NIST can be trusted.

“NIST's decisions used to be opaque and frustrating,” said Matthew Green, a professor at Johns Hopkins University. “Now they're opaque and potentially malicious. Which is too bad because NIST performs such a useful service.”

Cryptographers have long suspected the standard in question was faulty. Seven years ago, a pair of researchers in the Netherlands authored a paper that said the random number generator was insecure and that attacks against it could “be run on an ordinary PC.” A year after that, in 2007, two Microsoft engineers flagged the standard as potentially containing a backdoor.

Following the criticism, the standard was revised in 2007 to include an optional workaround.

The NSA has long been involved in encryption matters at the standards ins ute.

http://www.propublica.org/article/st...ption-standard

[LnGrrrR]

If you really want to protect your info, you could run a personal encryption on your data before you send it. Sure, they could still crack it, but you might not make it worth their while. (Of course, you might draw extra scrutiny...)

Also, quantum cryptography is on the horizon. It is breakable, but not as easily.

[LnGrrrR]

Oh, and Che, until they develop Qbits, "faster" computers won't be fast enough anytime soon. Brute force attacks take a notoriously long time as long as the algorithm is decent, like AES. I'm aware there is an attack on AES (not very detailed with it, I'd have to google), but as Nono brought up, it's likely not worth the time.

[LnGrrrR]

so why isnt the US govt using it? why are they always gettin hack and losing private information to the chinese hackers who steal ur ideas and technology to go produce it at a cheaper rate and on the market ready to be sold...

The US gov't does use it. However, the best encryption in the world can't do against a keylogger or any other number of ways to find a user account/password.

US govt's systems have a great number of defenses-in-depth, but some attacks (social engineering as a good example) can bypass a good deal of them.

[ElNono]

The US gov't does use it. However, the best encryption in the world can't do against a keylogger or any other number of ways to find a user account/password.

US govt's systems have a great number of defenses-in-depth, but some attacks (social engineering as a good example) can bypass a good deal of them.

Exactly, you don't have the break the padlock if you have a mold of the key...