[cryptography] [info] The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)

Aaron Turner synfinatic at gmail.com
Sun Mar 18 23:58:17 EDT 2012

On Sun, Mar 18, 2012 at 6:40 PM, Jonathan Thornburg
<jthorn at astro.indiana.edu> wrote:
> On Sun, 18 Mar 2012, Randall Webmail wrote:
>> I suppose we've all seen the "proofs" that brute-forcing PGP would
>> take a supercomputer the size of the planet longer than the age of
>> the universe to accomplish.   Was the math faulty in those proofs,
>> or is it true, and the NSA is just empire-building?
> Maybe they only plan to brute-force human-provided passphrases used
> to generate AES keys?

Personally, I think Wired got it wrong.  If I were the NSA, I wouldn't
focus (so much) on breaking AES.  I'd work on breaking RSA.  Think
about it.  Vast majority of encrypted traffic on the internet is
SSL/TLS and breaking RSA gives you immediate access to *all* sessions
(AES or otherwise) to a server rather then each session key as in the
case with AES.

Sure, RSA 2048 is probably a bit much to ask, but how many sites are
still using 1024?

The one reason I believe this to be more likely is this quote:

"Breaking into those complex mathematical shells like the AES is one
of the key reasons for the construction going on in Bluffdale. That
kind of cryptanalysis requires two major ingredients: super-fast
computers to conduct brute-force attacks on encrypted messages and a
massive number of those messages for the computers to analyze. The
more messages from a given target, the more likely it is for the
computers to detect telltale patterns, and Bluffdale will be able to
hold a great many messages."

Frankly, it doesn't make sense to me that they need "massive number of
those messages for the computers to analyze" for AES unless you
believe they're using it improperly.  But if we agree that the target
is SSL/TLS then there's little advantage to keep all those messages,
other then waiting for computers to get fast enough that you can go
back and break each session key individually years later.  However,
RSA keys are pretty static and theoretically having a database of
messages all encrypted using the same RSA private key could give you
some clues to accelerate breaking the key which would give you instant
access to all the AES/RC4/etc session keys used in SSL/TLS.

At least that's my $.02

Aaron Turner
http://synfin.net/         Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

More information about the cryptography mailing list