[cryptography] [info] The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)

Peter Maxwell peter at allicient.co.uk
Thu Mar 22 22:23:09 EDT 2012

On 22 March 2012 17:02, Marsh Ray <marsh at extendedsubset.com> wrote:

> On 03/22/2012 09:57 AM, Peter Maxwell wrote:
>> From
>> http://blogs.computerworld.com/19917/shocker_nsa_chief_denies_total_information_awareness_spying_on_americans?source=CTWNLE_nlt_security_2012-03-22
>>   "Remember," former intelligence official Binney stated, "a lot of
>>> foreign government stuff we've never been able to break is 128 or
>>> less. Break all that and you'll find out a lot more of what you
>>> didn't know-stuff we've already stored-so there's an enormous
>>> amount of information still in there."
> In other words, they've accumulated a backlog of ciphertext. Encryption
> working as designed.

Depends on what you mean by "as designed" really.  Personally, I'd presume
as designed is to slow down or hinder an adversary, which would probably
fit in this scenario.

>  Binney added the NSA is "on the verge of breaking a key encryption
>>> algorithm."
> This sounds like budget boondoggle baloney to me.
> How can you be "on the verge" of something like that?
> You might have some ideas on how to attack it, but until they're proven
> they're just guesses and likely to be dead ends. Not something you
> should justify reworking your computing systems around.
> But once they're proven, you're not "on the verge".

Meh, strictly speaking, yes, but if we're talking in practical terms it may
be the case that they've figured out how to break some cryptographic
primitive in significantly less time than the original design
specifications but it would still take more computing oomph than they
currently have.  Fairly sure there was similar considerations about 64-bit
RC5 in the late 90s - people knew it could be cracked by brute force, but
took a distributed effort to prove as much (may have details slightly wrong
as was long time ago and I can't be bothered looking it up).

The scenario is not particularly likely though.

>  That sounds far more plausible than the previous explanations.  I'd
>> also suspect the "key encryption algorithm" may be RC4 and not AES
>> at the moment.
> Or it could just be all the 40- and 56- bit stuff that was captured by
> wiretapping Americans and not decrypted way back when the NSA felt
> constrained by laws.

Hehe... "NSA constrained by laws", erm, yeah, I suppose there's a first for
everything ;-)

> Or it could be everything using 512-bit RSA key exchange.
> Or it could be everything for which the security of the encryption
> ultimately depends on a user-chosen password. E.g., MS-PPTP/MPPE (but
> there's nothing really new about this).
> Or it could be a common protocol using a cipher weakly. For example, I
> noticed this the other day about RDP "standard, non-FIPS" mode:
> http://msdn.microsoft.com/en-us/library/cc240771%28v=prot.10%29.aspx
> If the endpoints do actually manage to negotiate the use of 128 bit (as
> opposed to 40 or 56 bit) security, it uses the output of RC4 without
> discarding any initial bytes. Those initial bytes have some
> correlations, some of which can expose the whole key. Just to make sure
> the 1684 bit state size of RC4 doesn't get stale, the protocol refreshes
> the key every 4096 packets. (Actually better than MPPE which seems to
> rekey every 1 or 256 packets depending on negotiated options).
> Or it could be complete BS.

In reality, they've probably got a lot of uses for more computing power and
the chances of us ever finding out in our lifetime are slim.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120323/7c447fdc/attachment.html>

More information about the cryptography mailing list