We need more details
|
| Author | Content |
|---|---|
| penguinist Sep 06, 2013 7:59 AM EDT |
Quoting:Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Specifically what encryption standards are compromised? all ssl? all ssh? |
| Bob_Robertson Sep 06, 2013 8:32 AM EDT |
Assume nothing you do is private from them. If they can't decrypt it right away, they save it and decrypt it in Utah as long as it takes. Keep in mind, Penguinist, that they felt the need to define encryption as "digital scrambling" to bring it down to the comprehension level of their readers. This article was not written for you and me. |
| penguinist Sep 06, 2013 11:21 AM EDT |
I have to say that I am angry, even outraged, that my elected government has betrayed our right to privacy so completely and so totally. Just how far this goes, and which companies are a party to this, is going to be a big question that must see the light of day. Bob_R, I am not ready to just back away from this and accept it as a fait accompli. We must be sure that we don't signal that this is an acceptable state of affairs. The rights of people and businesses worldwide to their privacy and the security of their data must be preserved. We owe it to the future to see this through to an open discussion. I ran across this today: http://comments.gmane.org/gmane.comp.security.cryptography.r... I didn't know that closed source Intel code was sitting in our linux kernel doing random number generation. This also needs to see the light of day. I'd say that if Intel can/will not show this code, then it should be replaced with improved and open code. We certainly don't need our linux kernel to be a willing participant in this. |
| Bob_Robertson Sep 06, 2013 11:55 AM EDT |
> The rights of people and businesses worldwide to their privacy and the security of their data must be preserved. We owe it to the future to see this through to an open discussion. I agree. I realize this could be interpreted as a "political" statement, I will make it anyway. If it vanishes, I will consider it the will of the moderators and accept it. Quoting: “Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.” The busybodies, the "polypragmatoi", the career bureaucrats, and the true believers, will never stop. They are not willful "enemies" of Liberty, of the Rights and Privacy of everyone, they merely believe that such Rights do not exist. A bureaucracy has only two measures by which to tell if they are successful or not: Bigger staff, bigger budget. That's it. The goals, mission, tasks, are all secondary to their primary purpose: To continue, and to grow. The NSA is an extremely successful bureaucracy. They have made themselves utterly indispensable by insinuating their "job", that of collecting any and all signals intelligence, into every aspect of the Military Industrial Complex. Your privacy threatens their job, therefore your privacy is sacrificed. Period. You have none. |
| jdixon Sep 06, 2013 12:00 PM EDT |
> I have to say that I am angry, even outraged, that my elected government has betrayed our right to privacy so completely and so totally. What bothers me is that they're being open about it. They've always done this, but before they kept it secret because they knew it was wrong. Now they don't see anything wrong with it. Obviously they don't expect the public to actually care or do anything about it. Unfortunately, I agree. There is no limited government party, and only a handful of candidates to appeal to in the US, and most people don't seem to care. |
| krinpaus Sep 06, 2013 12:07 PM EDT |
I would suggest one includes The Guardian (UK) newspaper as a source of information on these subjects, and Bruce Schneier's blog, especially one entry titled "The NSA Is Breaking Most Encryption on the Internet". Note that inside this noted entry are links to two essays Schneier penned for The Guardian. (In one essay Schneier notes what his tactics are-but not quite all...) http://www.theguardian.com/commentisfree/2013/sep/05/governm... http://www.schneier.com/blog/archives/2013/09/the_nsa_is_bre... http://www.theguardian.com/world/2013/sep/05/nsa-how-to-rema... |
| Bob_Robertson Sep 06, 2013 12:15 PM EDT |
And anything and everything by James Bamford, including the one I mention often, "The Puzzle Palace". It was his article last year on the Utah datacenter that started this latest round of interest in the NSA's activities. |
| nmset Sep 06, 2013 12:32 PM EDT |
One should perhaps verify such allegations. The simplest way is to encrypt some data made available on a website, and the NSA should post back the decrypted content. They would then be credible and we would know it's not FUD. Any volunteer ? |
| djohnston Sep 06, 2013 1:19 PM EDT |
Quoting:I didn't know that closed source Intel code was sitting in our linux kernel doing random number generation. Neither did I. Thanks for the link. As for the rest, the American public is largely apathetic. In addition, I believe it would take a huge public groundswell against Congress for those critters to even consider taking any real actions. However, the second link from Bruce Schneier that krinpaus posted gives one some hope. If anyone knows about digital security, it's Bruce. And, I tend to believe that some of what the NSA is claiming is not really true. After all, you have to take anything government entities say with a grain of salt. I'll just quote a portion from a newsletter I received today. Quoting:I have to tell you, though, I'm deeply suspicious some of the NSA's assertions. |
| Bob_Robertson Sep 06, 2013 3:33 PM EDT |
> After all, you have to take anything government entities say with a grain of salt. They lie. Institutionally, chronically, about everything no matter how trivial. And to admit that there are things they can't break would be just as destructive to their cause as publishing a list of the things they can break. So of course they're going to claim that nothing is beyond their power. It's called "covering fire", so that no one knows exactly what they can do. |
| montezuma Sep 06, 2013 8:10 PM EDT |
This whole issue seems to be about cheating with encryption rather than breaking codes. There are well known mathematical theorems on how long it takes to break encryption of a certain key length. The NSA cannot get round those fundamental limits despite their massive resources. What they can do however is insert backdoors in proprietary code which is hidden from public view. Open source is a harder proposition and I would guess PGP is still safe but that is a guess given how devious the NSA is. If you are paranoid I suggest the following: 1) Read up on encryption. You need math skills. 2) Code up your favourite algorithm with a long key on a machine not connected to the internet 3) Exchange keys with your recipient via a trusted and non suspect third party in person only and in a national park ;-) Edit: One flaw here is if they have inserted backdoors into the gcc compiler.... |
| BernardSwiss Sep 07, 2013 1:54 AM EDT |
Off topic, but what the hey... 'Hello, NSA? I have lost an email, can you help me find it?'--Dutch-Iranian filmmaker trolls NSA http://boingboing.net/2013/09/01/hello-nsa-i-have-lost-an-e.... (It's a sad thing, when this sort of thing seems like our best (only) realistic counter-measure...) |
| shem Sep 07, 2013 3:04 AM EDT |
[tinfoil-hat]djohnston wrote:But because GPG is open-source, the software code is available for anyone to view, inspect, and modify. If there were any backdoor access for the NSA, thousands of people would see this. But! How many of us are compiling and installing everything from source‽‽‽ (Edit to add: And how many of us reviews and understands the source-code, before compiling it ourselves...) [/tinfoil-hat] ;) |
| Bob_Robertson Sep 09, 2013 8:40 AM EDT |
The last time I read, understood, and compiled from source anything to do with encryption beyond my own trivial implementation of RSA in BASIC from a Byte article in 1983, was PGP 2.6.2. |
| jdixon Sep 09, 2013 10:16 AM EDT |
> The last time I read, understood, and compiled from source anything to do with encryption beyond my own trivial implementation of RSA in BASIC,,, I thought I was the only one who did that. :) |
| gus3 Sep 09, 2013 1:31 PM EDT |
Maybe Bob_Robertson and jdixon are the same person. |
| jdixon Sep 09, 2013 4:25 PM EDT |
I live in West Virginia, I think Bob lives in North Carolina. :) |
| theboomboomcars Sep 09, 2013 4:54 PM EDT |
But we all know you are hust trying to throw the NSA off by living in 2 places at the same time. |
| jdixon Sep 09, 2013 7:03 PM EDT |
> ...by living in 2 places at the same time. Gee, and there goes my cover. Thanks. :) |
| Bob_Robertson Sep 10, 2013 8:44 AM EDT |
While JD and I have certainly chewed over much of the same philosophical ground, we are certainly not the same person. Indeed, I did live in NC, until the vindictive harpy stole my children and prosecuted me into insolvency for daring to take better care of those children than she. I am now in New Hampshire with the Free State Project. |
| jdixon Sep 10, 2013 10:58 AM EDT |
> ...until the vindictive harpy stole my children and prosecuted me into insolvency for daring to take better care of those children than she. I'm sorry to hear that. :( |
| montezuma Sep 10, 2013 11:59 AM EDT |
Live free or die in NH eh Bob? ;-) LOL I am not either Bob or jdixon. Instead I am a raging liberal from NYC. Linux sure is diverse. |
| Bob_Robertson Sep 10, 2013 1:50 PM EDT |
Voluntary interaction is very inclusive. :^) |
| JaseP Sep 11, 2013 7:04 PM EDT |
Quoting: ...until the vindictive harpy stole my children and prosecuted me into insolvency for daring to take better care of those children than she. Same thing happening here... She must've gone to vindictive harpy school with my ex... |
| jdixon Sep 12, 2013 6:40 AM EDT |
> Same thing happening here... She must've gone to vindictive harpy school with my ex... It's called high school and/or college around here. And if you think it's not being deliberately taught, then I have a bridge to sell you. |
| Bob_Robertson Sep 12, 2013 8:59 AM EDT |
> And if you think it's not being deliberately taught.... Oh it certainly is, and by repetition gets ingrained even in those who think they reject it. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!