[cryptography] regarding the NSA crypto "breakthrough"

coderman coderman at gmail.com
Thu Sep 5 17:06:43 EDT 2013


On Thu, Sep 5, 2013 at 10:47 AM, coderman <coderman at gmail.com> wrote:
> ...
> 2. secret partnerships with service providers to obtain server SSL/TLS
> secret keys.

there is a line item in the BULLRUN docs that indicates this server
key recovery effort extends into involuntary efforts, e.g. covert
exfiltration of server keys or CA keys or any other key of interest:
  http://s3.documentcloud.org/documents/784047/bullrun-guide-final.pdf

also, the statement:
```  "capabilities against a technology" does not necessarily equate
to decryption ```
makes you go hmmmm...


tricks in the CES bag, as listed from the doc:
- NSA/CSS Commercial Solutions Center (NCSC) leaning on partners for access.
- Second party partners directly accessed.
- Tailored Access Operations (TAO, aka, "black bag jobs") to create access.
- NSA/CSS develops implants to enable a capability against an
adversary using encrypted network communication.


and some relevant points of interest from the guardian article:
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security/print
"""
A 10-year NSA program against encryption technologies made a
breakthrough in 2010 which made "vast amounts" of data collected
through internet cable taps newly "exploitable"...
-[ED: newly exploitable in real-time, even back in time for new keys
applicable to stored sessions]


The NSA spends $250m a year on a program which, among other goals,
works with technology companies to "covertly influence" their product
designs.
-[ED: now this budget area i'd love to see on a line item basis...]


"For the past decade, NSA has lead [sic] an aggressive, multi-pronged
effort to break widely used internet encryption technologies," stated
a 2010 GCHQ document. "Vast amounts of encrypted internet data which
have up till now been discarded are now exploitable."
-[ED: note how if they can't DPI it at the origin, they consider it
discarded.  however, as mentioned, this just means it is placed into
long term storage for later analysis.]


The breakthrough, which was not described in detail in the documents,
meant the intelligence agencies were able to monitor "large amounts"
of data flowing through the world's fibre-optic cables and break its
encryption, despite assurances from internet company executives that
this data was beyond the reach of government.

Among other things, the program is designed to "insert vulnerabilities
into commercial encryption systems". These would be known to the NSA,
but to no one else, including ordinary customers, who are tellingly
referred to in the document as "adversaries". "These design changes
make the systems in question exploitable through Sigint collection …
with foreknowledge of the modification. To the consumer and other
adversaries, however, the systems' security remains intact."
-[ED: a compromised RDRAND becomes a fancy linear generator and only
NSA (and Intel) would know your random bits are totally predictable.]


Among the specific accomplishments for 2013, the NSA expects the
program to obtain access to "data flowing through a hub for a major
communications provider" and to a "major internet peer-to-peer voice
and text communications system".
-[ED: who's seen elevated activity in the "Secret" telco rooms?
anyone?  bueller?]
"""


More information about the cryptography mailing list