Is it true that TPTB can bypass any encryption software???

I was talking to a friend about computer encryption. I mentioned that it's a good idea to encrypt your system. He told me that it doesn't matter because if push came to shove... TPTB can bypass any of the popular encryption software out there. Especially if the software was developed in the US or in any G20 nation. (ie: downfall of truecrypt) .

So is this true? Or is he out to lunch?

originally posted by: lavatrance
I was talking to a friend about computer encryption. I mentioned that it's a good idea to encrypt your system. He told me that it doesn't matter because if push came to shove... TPTB can bypass any of the popular encryption software out there. Especially if the software was developed in the US or in any G20 nation. (ie: downfall of truecrypt) .

So is this true? Or is he out to lunch?

De-encryption tools have been around . Yes , encrypted files , HDDs , etc. can be de-encrypted. It just takes a little time to find that correct encryption key and bingo....

a reply to: lavatrance

The U.S Navy invented Tor. The original Internet was developed by DARPA.

It amuses that all the Tor users believe they are immune to the prying eyes of surveillance; they could not be more wrong.

All encryption can be decrypted with the right tools.

a reply to: Revolution9

and yet, the service Tor is still used to maintain a relative level of anonymity that is not easily exposed eve by advanced software. I was told one of the only tools they have is to monitor a suspects direct packet data before it makes it to the local nodes, or some #. Basically its not like they are DE-crypting any of the data from such a service or product, they are intercepting the data BEFORE it reaches the point where the encryption and onion routing occurs. But for that to happen, they have to already have a suspect in mind and setup the interception at a certain point physically.

Or, an exit node can become compromised and unmasked through incorrect procedures. Honestly I dont know enough about the actual tech behind it, but defeating the encryption is not nearly as easy as some are making it out to be. And in the case of onion routing, there also has to e a level of physical surveillance and interception before they get what they need to pursue any course of action from the evidence they gather.

a reply to: AmericanRealist

Yes, it would take special measures and not easy, like you are saying.

a reply to: lavatrance

Back in the day when I worked in intelligence I was privy to some information. There was a LEAK (Law Enforcement Access Key) that is put into all commercial encryption software in the US. You have to make your own if you don't want to be open to access. It is why the FBI was bitching so hard about the Iphone or one of the cell phones makers making encryption that couldn't be easily accessed by them.

You would be surprised at what is actually out there. The LEAK was kept by two agencies and each agency had half the key. You could check it out from the agencies and use it, but it had to be turned back in after so much time. I did not need to use it, so I had no reason to get more detailed info on its makeup and use.

ETA: That was 20 years ago that I was so ensconced.

a reply to: lavatrance

This bloke runs a blog from Mexico which he fled to, to continue his work. he uses internet cafas to update his site. he said a couple weeks ago that he has two computers one of which is never connected to net.

One day he some stars of david popped up on it while he was using it in an internet cafa.
others who, say they are IT people have communicated with him saying they have had similar experiences etc.

you can read what he has had to say about this issue but you will have scroll way down the page or look through the blue colored article list on the right hand side to find it.

Link

I think this is true, they have back doors that they put into the encryption software to allow them to bypass it without any codes or anything. Sometimes they make deals with companies behind closed doors, or other times they have moles working undercover in the companies who install the back doors. I heard about this from a source who works for the NSA.

These days, I'm sure there are some odd places you can go to get real encryption, for example, communicating on certain smartphone apps.

a reply to: lavatrance

It really depends on what you want to encrypt. For example, if it was business accounts, bank details etc then, yes, encrypt for your own personal security. If you've invented a device that might change the world, encrypt the specs. I know some people encrypt their entire hard drives to thwart thieves too - that works.

On the other side, why encrypt anything else? Music, media, word documents etc. Seems like a waste of time having the hassle of entering master passcodes or hash keys to access something nobody cares about anyway.

If it's illegal stuff like porn, bomb plans or schemes to take down the government, I think encryption is pointless. These days you can be locked up indefinitely until you hand over the codes. This means that whilst they might take days, weeks or decades to crack an encrypted drive you'll still be locked up somewhere.

*They* can crack any encryption given the time. You just won't be on the beach somewhere lolling at them whilst they're doing it.

Does anyone here really think that the very people who invented this encryption dont know how to defeat it . Be kinda dumb if they didnt .

To have back doors into encryption suggests that security all companies are in league with governments. The fact that various governments are calling for "back doors" indicates that these do not exist at the minute. However, the UK has ruled this option out.

People and companies need decent encryption to guard against criminal and government backed hacking e.g. from China. The latter country has been merrily plundering commercial secrets for he last decade.

originally posted by: hutch622
Does anyone here really think that the very people who invented this encryption dont know how to defeat it . Be kinda dumb if they didnt .

Everyone knows how to defeat encryption if backdoors and artificial weaknesses don't exist. It's statistical. However, you need some fancy computers to do it. My guess is that these computers exist, but can only be targetted.

originally posted by: lavatrance
Is it true that TPTB can bypass any encryption software??? (ie: downfall of truecrypt) .

No, it's not true.

It's been all over the news this year that "TPTB" have been demanding that back doors be put into every encryption software to help aid law enforcement. This stems mainly from Apple and Google encrypting all new phones, and law enforcement having no way of decrypting or inspecting the contents of encrypted phones during investigations.


As far as TrueCrypt is concerned, earlier this year it was given a clean bill of health, concluding that there are no signs of back doors. Even further raising the question as to why the TrueCrypt developers shut down the project. Many think it was due to a government entity attempting to force a back door into the software.

There is an alternative: meet VeraCrypt. It takes the last version of TrueCrypt and vastly improves the encryption, making it virtually impossible to be brute-forced. And what's even better is that VeraCrypt can be used in place of TrueCrypt on TrueCrypt volumes. TrueCrypt volumes can also be easily updated to the extra security of VeraCrypt.

There are other alternatives out there in the works to replace TrueCrypt, but VeraCrypt is the best and most-available choice at the moment.


And just to give a little piece of mind, with a proper password (64-characters, upper-case and lower-case letters, numbers and symbols, with no words being available in any known dictionary), an encrypted volume would take thousands or millions of years to hack with our current state of computing technology.

a reply to: paraphi

you make a strong argument

a reply to: Kandinsky

the thing is you never ever think you need added security until it's too late.

Any encryption system can be defeated with enough time and effort

Lets say a file has a pass code of 1234 for example and it takes 1 minute to try and decrypt the file and assuming the system only accepts numbers (for the examples purpose) it will take 10,000 minutes at maximum to decrypt the file going through the keys 0000,0001,0002 etc and hoping that the keys somewhere at the start.

Now you start to add more pew pew to the mix so every time we double the number crunching power it halves the time so with 2 processors chomping away it'll take at maximum 5,000 minutes and with 4 only 2,500 minutes and i doubt the big spook agencies are short on computing cores to work at it.

Some of the standards behind encryption has been found to of been nobbled by the NSA etc to reduce their workload so a random number generator is not quite as random as it at first appears.

As for trucrypt i think they did get a visit from their local spooks and thus decided to retire but i've never been sure of the audit since the compilation tools never got checked over as well but that would of added ages to the check which was about the source code and IIRC other than a few niggles it was pretty tight.

a reply to: lavatrance

Of course...they have tech...wayyyy above what we can imagine....they have the experts where that is all they do....they have preinstalled back doors, sidedoors, and stuff we can only imagine....before we ever open the stuff we buy, download, upload, share, stream....whatever.

Its a given they get into, save, recover, observe, monitor and view everything from everyone everywhere. Nothing is totally and inbrakablely secure or safe.

The issue is on you and me and the average person...believing anything on our ends keeps them from doing so. Think about it. Really.....

For them? Tor and encriptions and us deleting our history of "viewing habits and sites?"Please...for them....it's nothing.

Welcome. Now you too have joined the real world. Nothing we have or do...or encript is safe....

It takes a LOT of power to decrypt stuff. I dont doubt that almost everything can be decrypted but for them to do it they would have to use a lot of resources. they would really want to have to to have it done, there would have to be a seriously good reason for them to do it.

originally posted by: lavatrance
I was talking to a friend about computer encryption. I mentioned that it's a good idea to encrypt your system. He told me that it doesn't matter because if push came to shove... TPTB can bypass any of the popular encryption software out there. Especially if the software was developed in the US or in any G20 nation. (ie: downfall of truecrypt) .

So is this true? Or is he out to lunch?

Already seeing misinfo in your thread, so I will put in my 2 pennies. It is very difficult to crack even the least sofisticated encryption. This is because the algorithms that modern day encryption uses would require a supercomputer to crack for even the simplest methods. For heavier encryption such at 1024bit encryption for example would require a supercomputer with the computing power of the entire universe to crack in a human lifetime. Fun fact, minimum required encryption for wireless transmissions per HIPAA is only 64bit.

I made a simple MD5 hash. See if you can crack it.
5d1f6513a0f59eb415e7430011cf1fb4

Lastly, I would like to mention that yes you can circumvent encryption protocols but the method doesn't involve cracking the encryption key. It involves taking advantage of an exploit or bug of a server to bypass the method of encryption. Look up man in the middle attacks for example or the heartbeat bug. Yes, there have been backdoors but if you are worried about that use an open source product and review the code. Many people already do reviews of opensource code but feel free to double check.

One time ciphers are unbreakable if properly created and used, but they are generally impractical.