It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
can the government crack encryption?
page: 1share:
I was just wondering what your thoughts were on whether or not the government can actually crack the various encryption programs that are out there
today.
Do you think they can? If so how? Bruteforcing? And what about intelligence agencies outside the US, such as in the UK for example.
Ive been reading quite a few books recently about the matter, and most assume that the government can brute force such algorithms quite quickly now rendering them useless, and was just wondering if you guys think theres any truth in that....
Do you think they can? If so how? Bruteforcing? And what about intelligence agencies outside the US, such as in the UK for example.
Ive been reading quite a few books recently about the matter, and most assume that the government can brute force such algorithms quite quickly now rendering them useless, and was just wondering if you guys think theres any truth in that....
Have you read Dan Brown's book Digital Fortress ? It talks about a super secret computer which can crack any encryption. It's a good
read and very imformative about the art of crytography. After reading this book it wouldn't surprise if the US government couls crack all encryption.
I wouldnt be surprised if there were backdoors built into some of the more popular Encryption program for the NSA or who ever to exploit.
Also super computers for just this type of thing wouldnt be a big shocker too me.
Also super computers for just this type of thing wouldnt be a big shocker too me.
I agree, the NSA in all likelyhood has backdoors in just about any peice of software and hardware out there. If not, the massivly parallel computers
can brute force even 256 or 512 bit encryption. The only way is a system that Clancy describes using a one time pad that is randomly coded using
atmospheric static, and used only once. Since it is random, it would be nearly impossible to break. The Allies were able to gain ground on the Enigma
system in WWII when German radio operators got sloppy and repeated codes.
Yeah i believe the NSA is about 200 years ahead of the current world mathematically. So they can basically crack anything they need to.
Originally posted by FredT
I agree, the NSA in all likelyhood has backdoors in just about any peice of software and hardware out there. If not, the massivly parallel computers can brute force even 256 or 512 bit encryption. The only way is a system that Clancy describes using a one time pad that is randomly coded using atmospheric static, and used only once. Since it is random, it would be nearly impossible to break. The Allies were able to gain ground on the Enigma system in WWII when German radio operators got sloppy and repeated codes.
or quantum cryptography has the possibilty of being unbreakable.
Originally posted by crispexi
Yeah i believe the NSA is about 200 years ahead of the current world mathematically. So they can basically crack anything they need to.
They would have an army of mathematicians working on large number theory.
I believe people in these forums give governments(US and other) too much credit. Current computers(even distributed computing networks) are not
powerful enough to crack modern encryption algorithms(256/512bit).
It was only in 2002 that 109-bit encryption(ECCp-109) was successfully defeated by bruteforce. Even then, it took 10,000 computers 549 days(24 hours per day) to do it. The next most secure version of that software uses 163-bit keys, and would need approximately 100 million times more computing power to crack.
The brute force method is essentially useless to intelligence gathering agencies. Most intelligence is highly time sensitive, it must be analyzed and acted upon quickly to be of any use. Even if it could work theoretically, the amount of time it would take to decrypt a key using brute force would render the information irrelevent.
A far more productive method of gaining access to encrypted information, is to obtain the encryption keys using other methods. Using keystroke recorders, or finding inherent weaknesses in the encryption programs themselves would be a far more effecient use of time.
It was only in 2002 that 109-bit encryption(ECCp-109) was successfully defeated by bruteforce. Even then, it took 10,000 computers 549 days(24 hours per day) to do it. The next most secure version of that software uses 163-bit keys, and would need approximately 100 million times more computing power to crack.
The brute force method is essentially useless to intelligence gathering agencies. Most intelligence is highly time sensitive, it must be analyzed and acted upon quickly to be of any use. Even if it could work theoretically, the amount of time it would take to decrypt a key using brute force would render the information irrelevent.
A far more productive method of gaining access to encrypted information, is to obtain the encryption keys using other methods. Using keystroke recorders, or finding inherent weaknesses in the encryption programs themselves would be a far more effecient use of time.
Any crypto can be brute forced given enough time, the real risk is from weaknesses in the algos that allow for early discovery of the data or the
keys. If my memory serves me right WEP encryption used on Wireless hardware had a weakeness that allowed discovery of the key after captureing
somewhere between 1 and 2 million packets. While that might seem like alot, on a high-traffic network its not that much.
As for quantum cryptography, which to the best of my understanding revolves around using light as the transfer medium thus making interception impossible without discovery, there is already a snag in that. Apparantly scientists have already found a way to stop light, hold it, and release it again. Given that I would say quantum cryptography will never get off the ground. For my money I would side with some kind of system using one time pads, and a brutal generation process for the keys. After all patterns are generally a bad thing and lead to discovery, weakness, etc.
Quantum Crypto Tutorial: Example Protocol
Scientists Stop, Hold, and release Light
As for quantum cryptography, which to the best of my understanding revolves around using light as the transfer medium thus making interception impossible without discovery, there is already a snag in that. Apparantly scientists have already found a way to stop light, hold it, and release it again. Given that I would say quantum cryptography will never get off the ground. For my money I would side with some kind of system using one time pads, and a brutal generation process for the keys. After all patterns are generally a bad thing and lead to discovery, weakness, etc.
Quantum Crypto Tutorial: Example Protocol
Scientists Stop, Hold, and release Light
It's not just the sheer computing power that breaks encryption; it's the algorithms developed by the geniuses working for the NSA ie.experts in
cryptography, large number theory.
As well, if you really think about it we hear of IBM et al development these immensely powerful supercomputers, just think what has been achieved behind closed doors. Think about the size of the NSA's budget and how important it is for them to be able to crack all encryption systems.
As well, if you really think about it we hear of IBM et al development these immensely powerful supercomputers, just think what has been achieved behind closed doors. Think about the size of the NSA's budget and how important it is for them to be able to crack all encryption systems.
www.abovetopsecret.com...
We were discussing the RSA algorithm here for a bit. Have a look see what we came up with.
We were discussing the RSA algorithm here for a bit. Have a look see what we came up with.
Don`t forget that the NSA and other organisations have people on there payroll in other Sercurity Services who operate and understand the
systems.Human spies are still the most accurate and effective methods of beating the opposition.
Quantum encryption is actually provably secure. One time pads are generated by making two particles share some quantum state. You never know what the
state is upon creation, just that the particles are indeed sharing it. All you have to do is split them apart and read off the state.
Data is basically encoded in pulses of photons of light. The process of decrypting the information virtually destroys it. In order to actually read the intercepted data you'd have to accurately measure the quantum properties (not an easy thing to do) and then transfer the exact same photon.
Data is basically encoded in pulses of photons of light. The process of decrypting the information virtually destroys it. In order to actually read the intercepted data you'd have to accurately measure the quantum properties (not an easy thing to do) and then transfer the exact same photon.
1024-bit encryption is 'compromised'
Upgrade to 2048-bit, says crypto expert
According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
The Financial Cryptography conference earlier this month, which largely focused on a paper published by cryptographer Dan Bernstein last October detailing integer factoring methodologies, revealed "significant practical security implications impacting the overwhelming majority of deployed systems utilising RSA as the public key algorithm".
Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn.
These costs would be significantly lowered with the use of a chip fab. As the panel pointed out: "It is a matter of public record that the National Security Agency [NSA] as well as the Chinese, Russian, French and many other intelligence agencies all operate their own fabs."
And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each.
"Would the NSA have built a device at less than half the cost of one of its satellites to be able to decipher the interception data obtained via many such satellites? The NSA would have to be derelict of duty to not have done so," he said.
The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.
None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.
What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".
"The most sensible recommendation in response to these findings at this time is to upgrade your security infrastructure to utilise 2,048-bit user keys at the next convenient opportunity," he advised.
But a comment from well known cryptographer Bruce Schneier casts doubt on Bernstein's findings in practical application.
"It will be years before anyone knows exactly whether, and how, this work will affect the actual factoring of practical numbers," he said.
But Green, much to the clamour of "overreaction" from the Slashdot community, added: "In light of the above, I reluctantly revoked all my personal 1,024-bit PGP keys and the large web-of-trust that these keys have acquired over time. The keys should be considered compromised."
Whatever the practical security implications, one sharp-witted Slashdot reader pointed out: "Security is about risk management. If you have something to protect that's worth $1bn for someone to steal, and the only protection you have on it is 1,024-bit crypto, you deserve to have it stolen."
If you doubt their capabilities re-read this part
"And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each"
Upgrade to 2048-bit, says crypto expert
According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
The Financial Cryptography conference earlier this month, which largely focused on a paper published by cryptographer Dan Bernstein last October detailing integer factoring methodologies, revealed "significant practical security implications impacting the overwhelming majority of deployed systems utilising RSA as the public key algorithm".
Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn.
These costs would be significantly lowered with the use of a chip fab. As the panel pointed out: "It is a matter of public record that the National Security Agency [NSA] as well as the Chinese, Russian, French and many other intelligence agencies all operate their own fabs."
And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each.
"Would the NSA have built a device at less than half the cost of one of its satellites to be able to decipher the interception data obtained via many such satellites? The NSA would have to be derelict of duty to not have done so," he said.
The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.
None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.
What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".
"The most sensible recommendation in response to these findings at this time is to upgrade your security infrastructure to utilise 2,048-bit user keys at the next convenient opportunity," he advised.
But a comment from well known cryptographer Bruce Schneier casts doubt on Bernstein's findings in practical application.
"It will be years before anyone knows exactly whether, and how, this work will affect the actual factoring of practical numbers," he said.
But Green, much to the clamour of "overreaction" from the Slashdot community, added: "In light of the above, I reluctantly revoked all my personal 1,024-bit PGP keys and the large web-of-trust that these keys have acquired over time. The keys should be considered compromised."
Whatever the practical security implications, one sharp-witted Slashdot reader pointed out: "Security is about risk management. If you have something to protect that's worth $1bn for someone to steal, and the only protection you have on it is 1,024-bit crypto, you deserve to have it stolen."
If you doubt their capabilities re-read this part
"And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each"
That's why im going to make my own kind of encryption based on fractals. I might distribute it for free on the net, or I might just keep it for
personal use. By the very nature of fractals, and the way I will implement the encryption, I think it would be impossible to crack the encryption
without the password.
If the Government cant crack the encryption, they are wasting a whole lot of money on the Eschelon thingy
well any1 here wanna help me make a quantum encryption?.......well youll have to supply the supercomputers make the code and ill design the characters
I read a book on the history of cryptography. (Crypto:Secrecy and privacy in the new code war - excellent read) The guy who invented PGP was suprised
that the NSA were not concerned about being unable to crack it. From what he had heard they had other techniques, apart from bruteforce to break the
code and were well ahead of the people outside of the NSA.
Don't forget these guys had discovered the RSA system of public keys back in the 60's! almost 15 years before Diffie. He learned his skills reading stuff from the 1940's as it was the most recent declassified material.
If there is cyptography that has not been broken by NSA you can bet your life that some of the best minds in the world are on the task....
Don't forget these guys had discovered the RSA system of public keys back in the 60's! almost 15 years before Diffie. He learned his skills reading stuff from the 1940's as it was the most recent declassified material.
If there is cyptography that has not been broken by NSA you can bet your life that some of the best minds in the world are on the task....
Originally posted by Netchicken
If there is cyptography that has not been broken by NSA you can bet your life that some of the best minds in the world are on the task....
If they can't then they'll simply insert a backdoor into the algorithm, simple and very effective.
new topics
-
Biden Nationalizes Another 50,000+ Student Loans as He Heads for the Exit
US Political Madness: 46 minutes ago -
An Interesting Conversation with ChatGPT
Science & Technology: 10 hours ago
top topics
-
An Interesting Conversation with ChatGPT
Science & Technology: 10 hours ago, 7 flags -
Biden Nationalizes Another 50,000+ Student Loans as He Heads for the Exit
US Political Madness: 46 minutes ago, 1 flags
active topics
-
The Truth Behind the Manchester Airport "Police Assault" Video
Social Issues and Civil Unrest • 52 • : SprocketUK -
Biden Nationalizes Another 50,000+ Student Loans as He Heads for the Exit
US Political Madness • 1 • : bluesman023 -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7933 • : PorkChop96 -
Can someone 'splain me like I'm 5. Blockchain?
Science & Technology • 80 • : IndieA -
Russias War Against Religion in Ukraine
World War Three • 49 • : Imhere -
US Federal Funding set to Expire December 20th. Massive CR on the way.
Mainstream News • 36 • : WeMustCare -
Salvatore Pais confirms science in MH370 videos are real during live stream
General Conspiracies • 242 • : Freeborn -
An Interesting Conversation with ChatGPT
Science & Technology • 17 • : Athetos -
Drone Shooting Arrest - Walmart Involved
Mainstream News • 33 • : RustEShackelFord -
World's Best Christmas Lights!
General Chit Chat • 15 • : TheInvisibleRedneck