34 new of 38 responses total.
I heard about this computer. Supposedly the secret service and cia use it to check up on certain netusers. National security my ass.
The NSA is a branch of the CIA, the communications and elint branch, really. Because of this they are bound to operate under the CIA charter. They CIA charter makes it illegal for them to operate inside the United States, undertake operations against US citizens, or make arrests. Not that this ever stoped them before... Case anyone cares, their Washington adress isn't there home. They really run out of Ft. Meade, which is an Army base. Was does this bother me...
thatz scary, I think I'm going to lock the doorz (N.S.A.)[Ciz a bunch of overpowered freaks anyway.. What are they doing with the monies we give them.? Use it to take away our privacies? I say we rebel...!! .end
I have heard something along these lines, and it is not surprising. Until one-time key pads and such are usable (i.e. mathematically impossible to break), then any government with enough money can just build a faster and better machine to break any cryptography that gets in their way. DES can be broken very easily by the FBI, so it is not surprising that NSA decided to take on PGP.
One-time pads are already impossible to break.
But still: if it is so #%#%& easy for them to break, then why is the government scared of incription? There must be something that's unbreakable, or the government wouldn't care.
Ok, seeing as this thread isn't long dead, I will take this one on: short answer: Speed. Speed is very important if you are going to play puppet master to a country. Never forget that this country's intelligence agencies are responsible for the infamous COINTELPRO operations. The only truly safe system is one time pads based on something completely random like atmospheric noise, and the simple fact is that one time pads are rather difficult to deal with, so for now I play by Moscow rules...
By the way, I find it hard to believe that even the NSA could get a computer with 512,000 Cray CPU's, for two reasons. First, it would soak their budget for like two years, leaving them no money to buy donuts or porno mags, and second, I don't think Cray has that kind of manufacturing capability. Cray afterall, is a company with a history of supply problems and near bankruptcies...
I am doing a project on privacy, and i have never heard of one-time pads before. I was wondering if someone who understands them well could inform me, or send me the URL of a web site to check out (glyciren@geocities.com). Thanx
One time pad just means that for each new communications session, a new passcode (encryption function) us used. For these to eb random, you need to make sure that the passcode ISN'T generated by the computer. Random power fluctuations, atmospheric noise, solar flares, etc are all good things to base true random number generators on (as opposed to pseudo-random generators, which base their output on the computers internal clock or something similiar. Time is the absolute worst thing to use as a password, for obvious reasons. It seems that the NSA does in fact have the capability to crack PGP, though they haven't revealed how quickly they can do it. Craig N., otherwise known in hacker circles as MinorThreat, writer of the famous wardialer program ToneLoc, had a PGP key that was compromised by the NSA when he went to trial. Full details can be found on his website, http://www.paranoia.com/~mthreat. This doesn't mean you shouldn't encrypt your communications, though. It simply means that you should use the maximum allowable key-length. I begin to wonder why we trust the NSA. They have even helped compromise internal government communications. :-[
RE: #9 I have always believed that every thing is crackable, and I still stand behind that. One time pads may be extremely complex, and random, thus making them very hard to crack, but consequently making them hard to handle/use. They are not uncrackable. It may be beond our current resources, but it is not uncrackable. RE: #10 Because they can't devote the time to crack every encrypted message. They also know that eventually encryption will eventually surpass their current computing power, and they will have to make a new system. RE: #12 Guess they'll have trouble upgrading, cuz cray is now aout of buisness. They'll have to start all over again... RE: #15 How do we know they haven't compromised other nations communications. we just havent heard about it yet. --Occam
I belived that there is no real privacy act because every g@# damn nation are to nosy about everybody's privacy....
yeah, true, it is kind of amusing to see how business-like all these intelligence organizaitons are about other people spying on them :-) Occam, you are right about crypto surpassing computing power, but we have absolutely no way to know exactly how much cracking power the NSA, or who knows maybe even more secretive organizations have. Therefore, I say go opcver the deep end with your cryptography. You missed my point, however. The _job_ of the NSA is to spy on other counties. That's what they get billions in tax money for. Therefore, I sure hope that they actually manage to crack other governments communications. But, it is important to note that it is not the NSA's place to spy on the government of the United States, however. To much power may be vested in the NSA. Who watches the watchers. ?
Jus two quick points - the real question about the NSA is what sort of advances in cryptanalitic techniques they may have made. Once you get nito larger keys, even 128bit keys, brute force cracking becomes impractical, no matter what your budget it. Besides, I thought that part of the NSAs mandate was to worry about the security of internal government communications. As such, I don't see how anyone could tell if they were spying on communications. Hell, it took academic cryptographers something like 15 years just to figure out why the NSA tweaked DES's S-boxes back when DES was being made a standard. (They made them more secure againtst cryptanalitic techniques that no one outside of the NSA even knew about at the time.)
oh yeah... I forgot to put what I intended to into my last reply :-) (Funny how my brain works) One time keys _are_ uncrackable, just so long as you don't put any checksum type information into the encoded message. I won't even bother explaining this further (though I can if anyone doesn't get it).
okay, sorry, I gotta post one more thing (yeah, it would have been good if on one hand I had posted this all at once, and on the other my conf settings hadn't gotten fried recently, causing me to reread this stuff :-) my (hopefully) final point is (drumroll, please): CRAY IS NOT OUT OF BUSINESS. I want to know where in the world people get the idea that htey are. Cray is very much alive and number-crunching. As I recall, it was bought in 1996 by SGI for $740 million or so, and is still producing computers today if anyone is actually confused about this, check out cray.com -- duh!)
The NSA may well be engaging in domestic spying through project echelon which is a network of snoping stations in England and New Zeland <sp?> that share a common database with NSA computers. Check out Covert Action Quarerly online for more info, or put echelon into a search engine.
How is it possible to break PGP? I thought that it would require brute, brute force because you need to find the two prime factors of a really big, phat number.. I heard that they would need something like thre trillion times the expectancy of the universe to crack a single code... Any ideas? Thanx
Actually, I just thought of something else - What is the chance of the number that PGP chooses not being prime? I heard that it doesn't actually perform a complete analysis - takes too long. So if the number isn't a prime, it's far easier to crack.
Depends on the length of the key I think a 2048 bit length key is pretty safe (SRW can you confirm this or MDW?) but shorter keys are crackable in realistic amounts of time.
I do not have to worry about the nsa cracking a pgp message I use virtual matrix encryption 1 million bit keys
ok...first of all i want to say for all of yo (smart) hackers and phreakers out there on this BBS it is very stupid to tell about recent hacks you have made..i mean in detail..noone cares (except for the FBI) that you decrypted some passwords at so-and-so..i mean...ive had my share of hacks that are so good you want to brag and boast but..feds do read BBS's ya know...
what is virtual matrix encryption can u email me with some more information?
re #28 a bunch of bs don't believe the hype. If you really want to learn about servers and networked computers get a copy of Linux or BSD for ylour Windoze bix and be prepared for the steep learning curve. There is no easy way to learn sys admin.
The last official crack of a RSA encryption was a RSA-512 (bits) message cracked in about 15 days in 1000 workstations using the general number field sieve (GNFS) algorithm. It took 8000 MIPS-years. I think this should give an idea about what NSA can do with (nearly) unlimited computation resources and (perhaps) better algorithms than GNFS. By the way, if they can develop a funtional quantum computer they should trivially break _any_ message encrypted with RSA or Diffie-Hellman. I think making a good quantum computer is a matter of sciencie-fictiona today, however.
Some thoughts: The ability to brute force PGP encrypted messages would depend not only on computational power, but also on the length of the PGP keys involved. A message encrypted with 1024 bit keys would probably take a lot less time than one encrypted with 4048bits. Someone mentioned that the NSA budget would be soaked up by such a purchase. While this is possibly true, we don't know whether intelligence organizations like the NSA have revenue streams other than what they get from the federal government. It sounds a bit "Hollywood" to assume that they run businesses, etc, but it wouldn't surprise me if they had multiple revenue streams whose profitability exceeds what the government gives them.
This topic looks like its almost dead, but heh in regards to 21 cray not being out of buisness thats true, they have just finished building a new one for sandria weapons testing labs. Built using AMD opertron chips from what ive been reading. As far as PGP is conserned of course they can break it, its commercial cryptography and as such they wouldnt give it away to everyone for free unless they had a way round it. As it stores the keys to the encryption in a local keypair on the machine I would imagine it wouldnt take much to reverse engineer the software to decrypt documents with the owners own cypto keyring (keypair).
its possible to break 512bit RSA key, DES is also not good, only PGP looks better, but is there any other safe encoding system? and software that will let me encode file or floppy?.
First off, why encrypt? If They want to see something, they will. If you don't encrypt, but instead spread the information you are protecting, they will never be able to do anything about it. Data is destroyed, but you can't erase the human memory. Of course, there ARE -some- exeptions to this. Second, if you insist on encrypting, go to www.lavarnd.org. the best basis is the white noise created by a webcam with the lenscap on.
i have some data that should be encrypted, and can't be putted on some serwer unencrypted, they are just for my use. so how can i encrypt a floppy or files in it? second problem is where to put the key. if its on my computer, it isnt safe and i dont want to have my friends addresses and/or telephone numbers not encrypted. any open source software?
resp:35 http://www.afn.org/~afn21533/tinyaes.zip ftp://ftp.sac.sk/sac/security/tinyfish.zip ftp://ftp.demon.co.uk/pub/mirrors/garbo/pc/crypt/idea3a.zip These are easy to use, run in DOS or Windows and implement well-known, well-tested ciphers. The codes are written in Intel Assembly language, so verifying them will be painful, but if you trust the author and the webpage, then that is a non-issue (just use the prebuilt exe files). The enciphered file is indistinguishable from noise. You can read a little blurb about these at http://home.att.net/~short.stop/freesoft/encrypt.htm The ciphers themselves are described at: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm I recommend that you read Bruce Schneir's classic work, as well as the novel _Cryptonomicon_.
http://www.afn.org/~afn21533/rgdprogs.htm <=== Interesting brief descriptions of ciphers and implementations of them (typicallly in C or Intel assembler)
hi Thanks, this looks interesting. I am wondering what can be done to make these things more easy to use: it should be not a problem to integrate pgp and mail client, but what to do when you want to encrypt some local files or a partition? This would be done to make it unreadable when someone gets the computer (and in some case, unauthorized person would also get anything thats near computer, and/or the owner). Where to keep the key? It will no longer be a password, more like some random stuff, not something possible to remember and write from keyboard all the time. Where to keep the encrypted data? What do you think is the safest scenario, and also pretty easy to implement? Having a pendrive with encrypted filesystem where files would be kept and modified would be good, no need to copy from safe place, decrypt, use/modify, crypt, store and get rid of anything that is left on hard drive. btw You seem to be the only one (?) active here now
You have several choices: