Open Source Privacy Tools NSA Can't Crack: OTR, PGP, RedPhone, Tor And Tails

Status
Not open for further replies.

yumri

Distinguished
Sep 5, 2010
703
0
19,160
69
I highly doubt that the NSA cant hack them it is more likely they are just working on it and cannot do it correctly in all cases as of yet. This is because the NSA hires the best and the brightest of the hackers in the nation that will work for them of course within the restrants of the employment agreement.
Anyways the NSA is infamous for haveing massively overkill computers set one onto a algithim for a private and public key and give it a few hours as if they are with a computing computer not just a storeage computer they are able to crack it. In that because they are open source the ways which they work can be used against them if needed just it will take alot longer than unenypted messages or even MD5 or SHA-256 encyptioned messages as they are easier for computers to crack.
 

derekullo

Distinguished
Tomshardware ran an article a few years ago about the biggest danger to encryption is not from graphics cards or processors, but from cheap services like the amazon cloud. I'm sure the NSA has their own cloud or at the very least has a large block of servers rented from amazon for their own personal use.
 

yumri

Distinguished
Sep 5, 2010
703
0
19,160
69
@derekullo with how well they are funded i will not be surprised if they hand their own inhouse compute server farm for it to keep the results out of the hands of whoever or whatever the cloud service might sell or leak them too.
 

David Trimble

Honorable
Mar 12, 2013
2
0
10,510
0
False sense of security, encrypted traffic is stored and if needed it's put through the NSA's massive array of super computers. Brute force with out shortcuts would take much longer but shortcuts exists and thus reduce the time to de-crypt greatly. Personally as a sys admin if I saw a lot of encrypted traffic constantly it would raise a red flag. Bouncing around traffic and encrypting it buys you time, but if they want to crack current encryption, sometimes the time is very short, other times it's minute to hours. This article encourages individuals to use software that has flaws and in the end the user has a false sense of security. The hope is, eventually as more services provide heavy encryption it will require more and more processing power and it will become too expensive. With today's computing standards this is a possibility. But if quantum computer evolve, encryption will be much more vulnerable. In the end, it's a gamble to put anything online, you can only reduce the risk if you want to keep something totally private.
 

yumri

Distinguished
Sep 5, 2010
703
0
19,160
69
@Divid Trimble i feel like you have more real world expence with this kind of stuff than i do so people please listen to this guy / girl / thing as he / she / it is knowelgable in this area or at least get talk like he / she / it is. Only thing which i will add is that closed systems that are not connected to the internet in any way are the safest systems also are physical media that is removed from the system like a CD or DVD for the most security and only working with it on a disconnected system when needed to be worked with. If you are that paranoid you probably already know that but it is just a word to the masses about security and how to avoid detection as no security protocal hackers can hack you when you are disconnected from the network ... unless you save onto the computer and leave it there when you reconnect to the network again.
 
G

Guest

Guest
Stop wearing tin-foil hats. The NSA can't crack AES or PGP (or GPG). It doesn't matter if they have the best people, penta-flops computing farms and near unlimited budget. It's not mathematically possible to break these types of encryption with current or future technology in a reasonable time (less than 100 years). AES is quantum computing proof, so that should tell you something.

If your information is so valuable, they can simply "convince" you to give them the codes.
 

palladin9479

Distinguished
Moderator
Jul 26, 2008
3,238
0
20,860
45
NSA can not "crack" modern encryption protocols, the math behind them makes it an impossibility. If you encrypted a chunk of data using one of the modern algorithms then it is safe provided the key is kept unavailable. The moment the encryption key is made available, then you might as well have no encryption at all.

Which goes to the most basic and important rule of cryptography, the key is always the weakest link. All encrypted messages have a key, how secure that key is will determine the security of the message. It is always in the end users best interest to maintain 100% accountability and physical control over the key. Don't use any service that stores the keys remotely as they can be compelled to hand over the key to any interested party or just decrypt the data themselves and hand that over.
 

ZolaIII

Honorable
Sep 26, 2013
176
0
10,690
1
Let's start from the beginning. Why would NSA check everything & everyone on so massive scale? Their is no justification for it. It's against our basic human rights and it's not constitutional. Still no one did fight a real legal fight against them?
Their no such a thing as uncrakable encryption it's a simple question of computing power & available time. So problem is not controlling the output of highly risk person's but wasp majority of normal citizens. As the computing power will rise same way will rise & encryption length.
 

Christopher1

Distinguished
Aug 29, 2006
651
0
19,010
5
Tomshardware ran an article a few years ago about the biggest danger to encryption is not from graphics cards or processors, but from cheap services like the amazon cloud. I'm sure the NSA has their own cloud or at the very least has a large block of servers rented from amazon for their own personal use.
Except that even with all the computing power on the planet, it would take decades to crack 1024-bit encryption, let alone encryption stronger than that.
So, in the real world, using encryption is pretty much an adamantium-locked box, absent some weaknesses in the encryption schema.
 

Dark antz1

Reputable
Apr 28, 2014
151
0
4,760
33
Wow! Alot of ignorant comments on this thread of people who have noooo idea how encryption or there products work... or for that matter how computers work. These products offer a very strong tool to protect your privacy on the internet. I myself use Tails on a pen drive and Tor. If used correctly and with the in depth knowledge they provide then you can remain invisible on the net.
The weaknesses are are well categorised on their respective websites and you need to know the user as well as the end terminal to even have a chance to compromise the connection of Tor.
As for encryption, as many have already said, you cant brute force decrypt modern day encryption methods. If that were possible then government secrets wouldn't be able to be kept. Pick up a book or at least use Google...
 

coolitic

Honorable
May 10, 2012
648
0
10,990
4
I like how the NSA has to specifically target people for TOR. This means they can focus on actual terrorists rather than mass surveillance,
 

ddpruitt

Honorable
Jun 4, 2012
1,109
0
11,360
45
No encryption is "impossible" to break other than something akin to a onetime pad. Anybody who makes such a statement is a moron who doesn't know what they are talking about. All current encryption systems rely on mathematical operations that are difficult and time consuming to reverse. This is before you even get into implementation issues, every method listed here has had implementation weaknesses in the past. Keep in mind that the NSA is the largest employer of mathematician in the US for a reason.

Now I'm not saying taking precautions isn't helpful, however bad security is worse than no security. You need to understand the limitations of the system you are using.
 

WeeblieX

Reputable
Dec 30, 2014
1
0
4,510
0
NSA can not "crack" modern encryption protocols, the math behind them makes it an impossibility. If you encrypted a chunk of data using one of the modern algorithms then it is safe provided the key is kept unavailable. The moment the encryption key is made available, then you might as well have no encryption at all.
NSA is assumed to not being able to crack modern encryption protocols but can't confirm it. Publicly known math is insufficient to break the algorithms but we have no way of knowing if NSA has hidden tricks up its sleeve. As an example; NSA kept differential cryptanalysis secret for over a decade.

It may very well be that they've already discovered a method to do prime factorization in polynomial time and hence break RSA. Or paid someone to keep their mouth shut due to the massive ramifications it would have on the economy if it became wide spread knowledge.

And this is not even counting that breaking the algorithms might as well be unnecessary. Side channel attacks are becoming extremely common. Why bother breaking the math if I can just steal your key through other means such as timing attacks or exotic power analysis?
 

palladin9479

Distinguished
Moderator
Jul 26, 2008
3,238
0
20,860
45


There are no "tricks" or secret alien technology that enable NSA to magically "crack" modern encryption. It would take all the computational power on the plant to crack a modern key in anything that resembles a reasonable amount of time. That's not all the super computers, that's all the computing power, including every handheld and home device. The math behind it is so astronomical as to create the statistical impossibility of it happening, it's more likely a large asteroid will crash into the planet and kill everyone. This leaves attacking the key as the only real attack vector and the reason why the NSA has secret agreements with major online venders (Amazon / Google / ect..).

Now people need to grasp the concept that nothing is "encrypted forever". All implementations have an expiration date based on the available computational power that's reasonably available. This doesn't make the data vulnerable, it merely means you need to routinely re-encrypt it, expire old key, create new key and do frequent security reviews to ensure your using strong enough encryption. Computer power may be increasing but encryption strength is increasing at an ever greater speed, and it always will.
 

jakeburlock

Reputable
Dec 31, 2014
1
0
4,510
0
Tor is totally not secure at all. What usually ends up happening is the government flags you BECAUSE you are using Tor.
 
Feb 8, 2015
1
0
4,510
0
Uh...

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

TL;DR: 256-bit keys will take more than 10000 years to crack with all the computers of the world as of today.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS