Feeds

back to article That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?

Fresh revelations from whistleblower Edward Snowden suggest that the NSA can crack TLS/SSL connections, the widespread technology securing HTTPS websites and virtual private networks (VPNs). Although reports from the New York Times and its allied publications held off on the specifics, it may all mean that US spooks can reliably …

COMMENTS

This topic is closed for new posts.

Page:

Bronze badge

Well, I guess it would happen sometime, but I assumed we would have known about it!

0
0
Bronze badge

"I assumed we would have known about it!"

Why would we have known about it?

The alphabet soup agency that achieved this sort of thing isn't likely to crow about it. The whole point of cracking someone's cypher is that you work hard to prevent people from discovering that you've done it, otherwise they change the keys or the cypher, or they do something else entirely.

Look at the efforts expended in WWII to conceal the British Ultra decrypts - planes were routinely sent up to be seen "spotting" ships that the British knew would be there, so the Axis powers didn't realise it was because of decrypted Enigma that their plans were well-known.

19
0
Silver badge

re: Why would we have known about it?

Because somebody in the US would have been bribed/blackmailed into handing it over to criminal gangs - and so billions would be being stolen from online bank accounts.

Or the Russians/Chinese would also have cracked it and everyone in the world would have boxes that decrypted American military communications leading to defeat at the hands of apparently insignificant 3rd world forces.

The army would then have turned up at NSA headquarters with a bunch of tanks asking why the NSA had let their soldiers die by not telling the army that their codes were crap.

2
0
Silver badge

Re: re: Why would we have known about it?

"The army would then have turned up at NSA headquarters with a bunch of tanks..."

I'd pay to see that.

11
0
h3
Bronze badge

Re: re: Why would we have known about it?

The British Army almost took over the UK in the late 70's in a similar manner to the Egyptian situation.

(Well they were planning to and they never did).

2
2
Silver badge

Re: re: Why would we have known about it?

As a 63-yr old, I lived through the Wilson & Callaghan governments, when Dennis Healey was our very experienced Chancellor - experienced 'cos an emergency budget was an almost fortnightly event, and said 'governments' were little more than a proxy for dictation by the TUC - many of whose dinosaurs have subsequently been shown to have received 'funding' from Moscow, and the end result was the decimation of much of British industry as a result of extreme left union activity with Britain's economic policies dictated by the IMF, to whom Healey had put Britain deeply in hock.

I know management weren't entirely faultless either, but I anticipate a plethora of downvotes from kiddies too young to have been there, and who have swallowed the liberal-left establishment's distortion of history, hook, line & sinker.

I can reliably say that had the army taken over, it would not have been an unpopular move.

15
15
Silver badge

It doesn't have to happen sometime

The idea that a crack will eventually be discovered comes from a supposition that some algorithm can be found.

Number/computational theory can be used to prove that some problems don't have solutions (for example, there is no O(n) or O(1) sort).

I don't know what the theory is behind encryption, but it isn't inevitable that a cheap solution can be found.

Perhaps the encryption has been "cracked" and a cheaper solution has been found to the extent that messages of interest can be decrypted in minutes or hours. That is way different from the encryption being "shattered".and decryption being so fast that huge traffiic volumes can almost be treated as clear text.

0
0
Bronze badge

Re: re: Why would we have known about it?

@Ted Treen Just to be clear, I downvoted you and I am younger, but, being 50 I DO remember the Heath , Wilson and Callaghan governments. Rule by the thugs that were tourturing suspects in Northen Island would not have been welcome, neither is the fascist-right's historical distortions.

22
17

Re: It doesn't have to happen sometime

Good point Charles, I think that you highlight the fundamental requirement here, not too broken, just broken enough. If it were too cheap, why simply everybody would have one!

If I wanted to do it, and I knew who I wanted to do it to, and lets say I could break or had compromised certain symmetric ciphers, and I had a really good reason like, oh I don't know... I wanted their stuff/they were mean/nothing good on TV.... I'd probably want to look at the initiation to someone's connection to one of the alluded to ' big four'. Unless the password the user enters is encrypted before being sent using a non-vulnerable mechanism, you would only have to do the work needed to get the password. This would not risk leaving an audit trail or digital evidence on the target's Computer.

Of course it doesn't really even matter if you broke the crypto, you might have pinched the web servers private certificate, especially if they have one of those nice wildcard certificates, and that makes it easier in terms of work rate, or you could just go popping boxes. However, breaking the crypto on then authentication process and nicking the credentials sounds less risky if you stored all the log in sessions, and you'd need much less storage than recording everything.

You now have credentials, and you can log in to that service...If you had a trusted and capable man/woman/ladyboy/educated cocker spaniel or similar working for the service provider, they could be aware of who you were looking at and clean up server side for you.

Once you are in, you can peruse the accounts, insert yourself into conversations, map their social networks, introduce them to new 'freinds' at just the right time in their lives. Just think Alan Partridge just after his divorce in the travel tavern, looking at ladyboys...

Real world maintaining this sort of persistent access to a communication means, and using it for entrapment was just the sort of shady shenanigans the tabloids got up to with Steve Coogan and others to get hold of really important news! I for one was embettered by these revelations and was quite surprised that ES,GG etc didn't take this to Teh NoTW... Oh, hang on.

Quite worrying if you consider that we predicate a lot of the security that we use on TLS, and we may or may not protect the credentials in transit.

Maybe we should have the capability to have two computers using a successor to TLS use a DH key exchange like mechanism to establish a shared secret.

They could then use that with a custom and rotatable cipher to encrypt the data, this could be one from a choice of many and which one to use would also be decided using a shared secret generated using our good friend DH. Maybe we could even have reasonable ciphers generated on the fly, that were somewhat resistant to automated cryptanalysis?

Anyway, rambling food for thought... Now I must go and see Alpha Papa. :D

PS How about a kick starter for an all in one trusted Pi based pocket HSM, data diode and live Linux distro all in one handy pocket sized brick?

0
1
Bronze badge

Re: re: Why would we have known about it?

@Ted Green

Another downvote from a middle aged geezer! I grew up in the 60's, 70's and 80's (took a lot of growing up, still working on it); it's hard to argue that the unions were in charge when you see what they're like now, wheras we are still ruled by a priveleged few from a small number of public schools.

The unions weren't faultless, but the way that British industry was managed and led was just atrocious, just look at the motor industry; a classic case of clueless management who thought that being British meant the world owed them a living, they thought that winning WW2 meant they didn't have to listen to upstart management ideas from Americans about quality or German ideas about managing in partnership with unions. Today the UK makes great cars, and in large numbers too, but the companies are all foreign owned (American, German and Japanese).

18
5
Silver badge

Indeed.

Loose lips sink ships...

0
0
Trollface

Re: It doesn't have to happen sometime

"for example, there is no O(n) or O(1) sort"

Radix sort is O(n). Algorithms 101.

"I don't know what the theory is behind encryption"

but I'll make comments about it anyway, because this is the internet and that doesn't require informed debate.

1
2
Silver badge

Re: re: Why would we have known about it?

"Rule by the thugs that were tourturing suspects in Northen Island would not have been welcome"

These "suspects" being the sort of scum that would happily blow up a bus of kids, I don't think anyone other than bleeding heart liberal idiots like you gives a flying fuck if the IRA scum got their fingernails ripped out.

7
7
PJI
Bronze badge
Stop

@Ted Treen

I'm 63 too. I was a student in London then, having been a policeman and a bank clerk. So I had a wide view, despite our relative youth. I can say quite definitely that you are spouting rubbish. You exaggerate the frequency and, that being a much more liberal time than today and rather close to the Prague Spring and its aftermath and other events in people's memories at the time, a military coup, apart from being unprecedented in GB (and do not forget the Irish troubles were getting into their stride) would not have been welcomed. Far from it; pacifism was growing.

An interesting point is that the Americans were imagined to be in there somewhere. They classed us as a socialist and so evil country,while funding and arming the IRA.

There were certainly difficulties (economic, union, oil crises) that led to Thatcherism. But it later emerged that the productivity increased during the notorious 3 day week and hospitals and so on did not close down etc.. Things were not wonderful. But for the average person, they were far from your implications and the society would not have welcomed a military intervention.

And I do remember a sugar shortage and even the local baker not havi genough bread. But the duration of that was short.

9
5
PJI
Bronze badge

Re: re: Why would we have known about it?

Whatever else I think of Wilson, I am infinitely grateful that he refusedAmerican attempts to I glove us in Vietnam. If only modern government had as much spine and independence of thought.

5
0
Silver badge

Dear, Dear, Mr Dyer

By 'suspects' one assumes you are talking about the misty-eyed Sons of Erin - the noble freedom fighters struggling valiantly against the evil forces of foreign imperialist occupation...

Certainly you can't mean the murdering bastards who bravely kidnapped and murdered young mothers, and despatched many an innocent child through the unannounced bomb and so on...

Fascist right? - by your age now, you would have been around 10 at the time of Heath's government - it appears your political maturity ceased developing at around that time.

11
6
Silver badge
Facepalm

@Anonymous Blowhard

Ted Green - who he?

Ted Treen

0
0
Anonymous Coward

Re: re: Why would we have known about it?

The IRA were indeed a bunch of turds. But the problem with the 1970s was that our own security forces had a nasty little habit of beating the crap out of the wrong people. Or imprisoning people for the unspeakable crime of being Irish on a train the day after a bombing (the Guildford Four spring to mind).

The day we can know, with 100% certainty, whodunnit, you can get the pliers out. But until then, I prefer the rule of law. History has a habit of proving that 100% one day looks like 95% the next and before you know it is down at rather-dubious.

13
1
Silver badge
Holmes

Re: re: Why would we have known about it?

@Anonymous Blowhard

I don't know about any of this but the idea that managing "in partnership with unions" is a good idea is readily disproven, at least for some kinds of "partnership". One just has to check what happened to the north american auto industry where the UAW reigns supreme. It's dead. It only exists because the Obama government pumps tax money into it (and then you have the "cash for clunkers" hidden subsidy, which is another effort at splaying Attila of economics). Southern automotive factories are doing well though. Well, at least they did until "Government Motors" came unto the scene. It's hard to fight your own government.

The moment a violent strike occurs, in which "scabs" are being turned away, the hiring of replacement workers is being "discouraged", and the company's capital is held hostage if not degraded, you are in mobster territory.

"Today the UK makes great cars, and in large numbers too, but the companies are all foreign owned"

That is NOT a problem. Ultimately, the ownership must be measured at shareholder level. I guess quite a few investment pools from the UK are holding shares.

Sherlock icon in replacement of a nonagressive shrug.

4
0

re: Why would we have known about it?

@Ted Treen

Having been a liberal activist from the mid-seventies, and being at university during the three day week, I cannot think of any of my many friends of all political colours, and indeed serving military officers, of one who would have welcomed a military coup to solve the countries problems. In fact, I suspect it would have destroyed the country, and divided our military and police forces, as it would today.

1
0
Silver badge

@Ted Treen

By 'suspects' one assumes you are talking about the misty-eyed Sons of Erin - the noble freedom fighters struggling valiantly against the evil forces of foreign imperialist occupation...

I'm guessing he was talking about the Guildford Four. Of course, the kind of conservatives who are blindly thinking everything is a liberal conspiracy are the same kind of people that will have both confirmation bias and selective memory on what really happened back then.

It is noticeable that people that are around your same age are basically saying you're full of shit, which speaks loads of how off the mark you are...

2
2
Silver badge

Re: re: Why would we have known about it?

"Because somebody in the US would have been bribed/blackmailed into handing it over to criminal gangs - and so billions would be being stolen from online bank accounts."

Haven't you been keeping up with current events?

Google: 2012 total losses to online bank hacking

0
0
Silver badge
Boffin

Re: Otto is a bear re: Why would we have known about it?

"....Having been a liberal activist from the mid-seventies, and being at university during the three day week, I cannot think of any of my many friends of all political colours, and indeed serving military officers, of one who would have welcomed a military coup to solve the countries problems. In fact, I suspect it would have destroyed the country, and divided our military and police forces, as it would today....." Strangely, there were plenty of people that thought a military coup (and resultant civil war) couldn't happen in "moden" Spain in 1936, or even more modern Portugal in 1974, or the series of coups in the late Eighties and collapse into civil war in the Nineties in the much more modern former Yugoslavia. All involved splits in loyalty in the police and in the military. It may not have been welcomed, but if the course of events had led to a coup then it would not have been beyond belief that many serving officers and men would have followed orders in the hope of restoring order and a "better" economic solution.

0
0
Bronze badge

Re: Dear, Dear, Mr Dyer

No, Mr Treen, I'm talking about suspects, who are innocent until proven guilty, not guilty, and we're going to get them to admin it. There was violence and injustice on both sides, the torture was more fuel on the fire, not a solution.

1
0
Bronze badge

Re: @Ted Treen

@Daniel B., actually I was avoiding mentioning the Guildford Four, because they were stitched up by the Police, not the army. There were other incidents of torture, as Ted admits, committed by the army in Northern Ireland.

I'm sad to say that too many people on every side of every conflict mistake revenge for justice.

1
0
Silver badge

Re: re: Why would we have known about it?

>I can reliably say that had the army taken over, it would not have been an unpopular move.

I was there, and I can safely say that any coup would have relied on 'useful' people like you.

And you clearly have no idea what a military dictatorship is like for most of the people living under it.

>I know management weren't entirely faultless either

No, you don't. You think management are true blue patriots who make occasional regrettable but undestandable mistakes, while the workers are all rabid prosperity-hating trots.

Meanwhile, the real infiltration was happening in the intelligence services and in the upper classes.

Burgess, Philby, Maclean all defected. Blunt managed to get himself a nice little pardon because he knew the royals. The fifth man remains unknown.

Welcome to utopia.

Still, I expect things are better today, and the spooks are much more trustworthy now, and only have our best intentions at heart. Obviously.

3
1
FAIL

Re: re: Why would we have known about it?

@Ted Treen

Ho-Hum, here we go again. It's all the fault of the Unions. Yup. Union activity destroyed Manufacturing. Ah-huh. Just like that other (even MORE Union dominated Country...) Germany. Yup.

Er...hang on...

2
2

Re: Ted Treen

"As a 63-yr old, I lived through the Wilson & Callaghan governments, when Dennis Healey"

Blah, Blah Conservatives this, Blah Blah Labour that. Blah Blah blah Management, Blah blah blah Unions.

Both the union wars of the seventies and the decline of the British motor industry can be traced to the us-and-them attitude gleefully entered into by all parties as a method of gaining the attributes of power while passing all responsibility to others. If you think that was all in the old days then you haven't paid much attention to the was modern politics works. Bad things have happened but when was the last time a politician or leader of industry was found to have been responsible for any of them? There is always someone else to take the blame.

2
0
Facepalm

Re: re: Why would we have known about it?

Let's see.

In the 1979 election the Conservatives won 44% of the popular vote. I'm going to assume that a military coup would have been less popular than voting in a new government democratically.

Therefore, your "reliable" assertion that a coup would have had popular support is poppycock. You don't have to be a liberal-left kiddy to downvote a poor argument.

0
0

Re: re: Why would we have known about it?

@destroy Absolutely. Blowhard is not entirely wrong (who is) but there are many examples of UK businesses killed by union intransigence. The Leyland business was poorly managed but what a dreadful place to have been a manager. It died because union leaders progressed by bashing managers and what managers want to work in that environment? Only those which cannot be gainfully employed elsewhere.

Think of the Sunderland dock yards, once a leading builder of ocean going iron ships and now gone. Why? Because unions would not adapt their practices and accept welding as an alternative to riveting after WWII. The liberty ships had shown the viability and economy of welding but it would likely have meant job losses on Weir-side so were resisted vigorously. A classic case of winning the battle but losing the war.

1
0
Gold badge

Re: re: Why would we have known about it?

Um...the NSA is is part of the American military...

0
0
Anonymous Coward

Re: It doesn't have to happen sometime

In my experience, Radix sort isn't commonly taught in algorithms courses (a couple of the well-established, top 10 universities).

0
0
Silver badge
Boffin

Re: Pottie Re: re: Why would we have known about it?

"...the NSA is is part of the American military...." Not quite. It is part of the Department of Defence and reports to the Director of Nation Intelligence, and has a military officer as head (the Director), but his deputy and the majority of staff are civillians, not enlisted soldiers, and do not hold military ranks. Indeed, the NSA is reputedly the largest recruiter of civillian mathematicians in the World. Legally, they are civil servants, not soldiers.

0
0
Anonymous Coward

Look at NSA-approved crypto

If the NSA can crack an algorithm, they assume it is possible for others to do so as well and so they won't use it.

For protecting classified information, NSA requires Type 1 cryptography be used. Type 1 is divided into Suite A and Suite B. Suite A algos are NSA-developed and classified. Suite B algos are public, and approved only if properly implemented.

Presently, the ONLY algo approved for Type 1/Suite B is AES

Source: http://en.wikipedia.org/wiki/Type_1_product

4
0
Anonymous Coward

Re: Look at NSA-approved crypto

I keep seeing this argument used, and it's about time someone challenged it.

AES cannot be assumed to be secure "because it's approved for use by the NSA".

The NSA have no reason to not approve it for use if they can crack it, they already know (and are cleared to know) the contents of all US secure communications. So claims about it must be unbreakable because they approve it, are ridiculous.

More interestingly the mere thought that we keep seeing expressed about how their approval "shows it must be secure" is a nice way for them to have governments whos communications they shouldn't be seeing use it.

Maybe that's why the Guardian (and co) are using face to face meetings (including associated flights to other countries) to now communicate with sources and journalists.

6
2
Bronze badge

Re: Look at NSA-approved crypto

That is not an impossible angle.

But you do not address the point made in the first post: The NSA will have to assume that any encryption they can break - others can break.

We can alter your argument a little and say that anything they approve to be encrypted using this encryption is stuff they don't mind the people they're assuming know how to crack the encryption know about.

The stuff they want to really keep secret they encrypt using their own, the stuff they want to keep secret from some/most they will encrypt with AES. If the argument is angled like that, then it's possible the NSA wants the public to think AES is unbroken, whilst secretly knowing that it is broken, and are willing to pay a price for this privilege.

This would of course imply them having secrets that they willingly "share" with (what I have to assume should be regarded as) enemies.

3
0
Gold badge
Meh

Re: Look at NSA-approved crypto

"AES cannot be assumed to be secure "because it's approved for use by the NSA"."

It can be assumed secure because it's an open standard that's been reviewed by a lot of people who are not with the NSA.

Never trust a crypto algorithm that is not published. "Security by obscurity" is an immediate fail flag.

Look up the "Clipper" chip BS.

12
0
Silver badge

Re: Look at NSA-approved crypto

If the NSA knew of or suspected a weakness in AES, they wouldn't approve it for use, because they wouldn't want our government using something that someone else might know how to break.

Remember how the NSA fiddled with DES after IBM came up with it back in the 70s, and everyone assumed for years that they'd weakened it so they'd be able to crack it? Some 15 years later when the research world 'discovered' differential cryptanalysis, it turned out that the NSA had in fact strengthened DES against that particular attack.

Demonstrating that they were at least 15 years ahead of the research world at that time. Who knows how far ahead they are now? But unless they've got reason to know where the capabilities of the Russians, the Chinese and so on currently are and are likely to be over the next decade, they can't approve something they know of weaknesses in unless they don't care if their adversaries might also know of the same weaknesses.

I guess it comes down to whether you believe the NSA feels it is more important for US government encryption to be secure, or for the NSA to be able to spy on as much as possible by hoping everyone uses their approved but known broken encryption standard. If the NSA can't crack AES with a sufficiently long key, and terrorists use it for communication, that may not be a problem since the NSA may be able to hack into their computers and steal the key, take advantage of weaknesses in the implementation of AES that render it weaker than it would otherwise be, and so on.

2
0
Anonymous Coward

Re: Look at NSA-approved crypto

But you do not address the point made in the first post: The NSA will have to assume that any encryption they can break - others can break.

I can address that for you if you want.

1) they list it as "approved" because they are ok with its use by their own agencies to feed disinformation to other governments who they think might be able to break it?

2) they list it as approved because they know (from breaking the communications of their competitors) that only they can break it?

Take your pick.

1
0
Anonymous Coward

Re: Look at NSA-approved crypto

It can be assumed secure because it's an open standard that's been reviewed by a lot of people who are not with the NSA.

So its been reviewed by lots of people who haven't had access to, and who don't have access to the depth of research (decades worth of techniques, which are only known about inside the NSA) that is available to NSA cryptanalyists.

I like how there's a post here stating about how the NSA strengthed DES because they were 15 years ahead of what everone else knew at the time, yet you all assume they're not still at least 15 years ahead in being able to take on AES.

AES cannot be assumed to be safe, just because the NSA approve it.

0
0
Anonymous Coward

Re: Look at NSA-approved crypto

Now I've addressed your points, how about you address one of mine.

If AES-256 is secure and the NSA can't crack it, how come the Guardian have taken to flying people all over the world for face to face meetings?

Why have the Guardian publicly stated that no Journalist should entrust anything to online communications of any kind, and stated that all online communications should be assumed to be compromised?

If AES-256 is secure the Guardian would know that, Mr Snowden would have known it. The Guardian could have implemented an AES-256 system for communicating with people in remote locations... couldn't they?

0
0
Anonymous Coward

Re: Look at NSA-approved crypto

"It can be assumed secure because it's an open standard that's been reviewed by a lot of people who are not with the NSA."

I think there is some confusion here; both of you are making a similar argument. AES could be secure, but how about the implementation? If you are using an appliance that has AES built-in, sure AES is being used, but how secure was the implementation. The NSA could have influenced the implementation of it mainly at the RNG. Make the RNG weak and that severely hurts the algorithm.

We don't know what the NSA has been able to do and with whom.

0
0
Bronze badge

Re: Look at NSA-approved crypto

@DougS, you're right. But it also depends on their relative levels of arrogance, complacency and paranoia.

Arrogance and complacency: We were 15 years ahead in the 70's, we must be 20-30 years ahead now. We [can't find a flaw | have found a flaw] in AES, no-one else can find a flaw, therefore we are safe telling eveyone AES is OK.

Paranoia: If we can do it, they can do it. If we can't do it, they can still do it.

Of course, Snowden has dented their arrogance and fueled their paranoia, but they are probably in denial, and it's on operations, not on the crypto theory. If you see a large order for rubber hosepipes, they've figured out their next move.

0
0
Silver badge

@obnoxiousGit

You don't seem to realize that your two points are in conflict.

1) they list it as "approved" because they are ok with its use by their own agencies to feed disinformation to other governments who they think might be able to break it?

2) they list it as approved because they know (from breaking the communications of their competitors) that only they can break it?

What if "from breaking the communications of their competitors" that they "know" only they can break it, but it turns out the competitors are feeding THEM disinformation and the fact they can break AES or whatever is a very well kept secret.

Remember how closely the Allies guarded the secret that they'd broken Enigma. There were often some tough decisions where soldiers were knowingly sacrificed to keep the secret, rather than change strategies and keep them safe but risk having Germany figure out by those actions that we'd broken Enigma.

If China, for instance, had broken AES they would only act on that in a way that might possibly alert the US/NSA to that fact in the most dire circumstances. They wouldn't use that ability to gain a small edge in trade negotiations.

The NSA can only know for sure if others HAVE broken an encryption system, they can't know others have not. It is sort of like proving God. It is possible to prove there is a god (if he decided to make himself known and submit to various tests of omnipotence like turning off the sun, stopping gravity or whatever else scientists came up with) But it is impossible to prove there is no god.

0
0
Bronze badge

Re: Look at NSA-approved crypto

"Why have the Guardian publicly stated that no Journalist should entrust anything to online communications of any kind, and stated that all online communications should be assumed to be compromised?"

This might be down to the quite scary amount of brute-force which can be applied.

If you're working on the NSA-story and you send information encrypted online, then it is highly likely to be intercepted and stored somewhere. Now if they cannot "easily" decrypt it, then they will have the data and be able to work on getting hands on the decryption key(s), or finding weaknesses in the implementation. Since not all the people who work at the Guardian are likely to be specialists trained in encryption -and a crash-course probably wont suffice, it's might simply be too insecure to do online.

Sure this could still be done with face-to-face meetings, but in those cases the NSA doesn't already have the info to decrypt. They might wind up with a decryption key and none or only some of the data.

I will grant you that your point has merit, and you could be close to (or at) the truth. I am merely trying to defend the opposite view. I really have no way of knowing what is or isn't secure in encryption.

0
0
ja

Re: Look at NSA-approved crypto

If they can break it, they must assume that someone else will be able to soon enough for it to be a problem. Remember Venona?

There seem to be a lot of flies in this ointment. Have they broken commercial cyphers, are they leveraging exploits or are they attacking important traffic by brute-force? Probably a little bit from each column.

0
0
Anonymous Coward

Re: @obnoxiousGit

@DougS

You don't seem to realize that your two points are in conflict.

I understand completely the two points I gave you conflict, the point was there could be any number of reasons why the NSA would approve an algorithm that they know they can break.

0
0
Anonymous Coward

Re: Look at NSA-approved crypto

@Eguro

I really have no way of knowing what is or isn't secure in encryption.

That's the truth right there.

None of us have anyway of knowing what is or isn't secure anymore, assumptions that AES 'must be' because the NSA approve it are in my opinion flawed.

In the abscence of knowing if AES is secure, it must be assumed not to be.

1
0

Re: Look at NSA-approved crypto

One problem I can see is that, given much encryption is now hardware-accelerated, is the result of an AES encryption operation by your Intel chip the same as what would happen if you were to carry out the operation using only software adhering to the published standard?

0
0
Bronze badge

Re: Look at NSA-approved crypto

The Grauniad can't manage to install spell checking, how are they going to manage AES-256? Don't be fooled, flying people around the world is theatre, not journalism.

2
0

Page:

This topic is closed for new posts.