|
|
| Author |
Message |
| 25 new of 38 responses total. |
agent86
|
|
response 12 of 38:
| 
Nov 24 08:47 UTC 1997 |
By the way, I find it hard to believe that even the NSA could get a computer
with 512,000 Cray CPU's, for two reasons. First, it would soak their budget
for like two years, leaving them no money to buy donuts or porno mags, and
second, I don't think Cray has that kind of manufacturing capability. Cray
afterall, is a company with a history of supply problems and near
bankruptcies...
|
thwarted
|
|
response 13 of 38:
|
Feb 18 06:47 UTC 1998 |
View hidden response.
|
glyciren
|
|
response 14 of 38:
|
Apr 24 00:41 UTC 1998 |
I am doing a project on privacy, and i have never heard of one-time pads
before. I was wondering if someone who understands them well could inform
me, or send me the URL of a web site to check out (glyciren@geocities.com).
Thanx
|
morpheus
|
|
response 15 of 38:
|
May 27 19:54 UTC 1998 |
One time pad just means that for each new communications session, a new
passcode (encryption function) us used. For these to eb random, you
need to make sure that the passcode ISN'T generated by the computer.
Random power fluctuations, atmospheric noise, solar flares, etc are all
good things to base true random number generators on (as opposed to
pseudo-random generators, which base their output on the computers
internal clock or something similiar. Time is the absolute worst thing
to use as a password, for obvious reasons.
It seems that the NSA does in fact have the capability to crack PGP,
though they haven't revealed how quickly they can do it. Craig N.,
otherwise known in hacker circles as MinorThreat, writer of the famous
wardialer program ToneLoc, had a PGP key that was compromised by the
NSA when he went to trial. Full details can be found on his website,
http://www.paranoia.com/~mthreat. This doesn't mean you shouldn't
encrypt your communications, though. It simply means that you should
use the maximum allowable key-length.
I begin to wonder why we trust the NSA. They have even helped
compromise internal government communications. :-[
|
occam
|
|
response 16 of 38:
|
Feb 6 04:06 UTC 1999 |
RE: #9 I have always believed that every thing is crackable, and I still
stand behind that. One time pads may be extremely complex, and
random, thus making them very hard to crack, but consequently making them
hard to handle/use. They are not uncrackable. It may be beond our
current resources, but it is not uncrackable.
RE: #10 Because they can't devote the time to crack every encrypted
message. They also know that eventually encryption will eventually
surpass their current computing power, and they will have to make a new
system.
RE: #12 Guess they'll have trouble upgrading, cuz cray is now aout of
buisness. They'll have to start all over again...
RE: #15 How do we know they haven't compromised other nations
communications. we just havent heard about it yet.
--Occam
|
mouze
|
|
response 17 of 38:
|
Apr 15 16:50 UTC 1999 |
I belived that there is no real privacy act because every g@# damn nation are
to nosy about everybody's privacy....
|
morpheus
|
|
response 18 of 38:
|
Apr 26 02:41 UTC 1999 |
yeah, true, it is kind of amusing to see how business-like all these
intelligence organizaitons are about other people spying on them :-)
Occam, you are right about crypto surpassing computing power, but we have
absolutely no way to know exactly how much cracking power the NSA, or who
knows maybe even more secretive organizations have. Therefore, I say go opcver
the deep end with your cryptography.
You missed my point, however. The _job_ of the NSA is to spy on other
counties. That's what they get billions in tax money for. Therefore, I sure
hope that they actually manage to crack other governments communications. But,
it is important to note that it is not the NSA's place to spy on the
government of the United States, however. To much power may be vested in the
NSA. Who watches the watchers.
?
|
hc
|
|
response 19 of 38:
|
Apr 26 21:13 UTC 1999 |
Jus two quick points - the real question about the NSA is what sort of
advances in cryptanalitic techniques they may have made. Once you get nito
larger keys, even 128bit keys, brute force cracking becomes impractical, no
matter what your budget it.
Besides, I thought that part of the NSAs mandate was to worry about the
security of internal government communications. As such, I don't see how
anyone could tell if they were spying on communications. Hell, it took
academic cryptographers something like 15 years just to figure out why the
NSA tweaked DES's S-boxes back when DES was being made a standard.
(They made them more secure againtst cryptanalitic techniques that no one
outside of the NSA even knew about at the time.)
|
morpheus
|
|
response 20 of 38:
|
May 5 00:51 UTC 1999 |
oh yeah... I forgot to put what I intended to into my last reply :-)
(Funny how my brain works)
One time keys _are_ uncrackable, just so long as you don't put any checksum
type information into the encoded message. I won't even bother explaining this
further (though I can if anyone doesn't get it).
|
morpheus
|
|
response 21 of 38:
|
May 6 06:55 UTC 1999 |
okay, sorry, I gotta post one more thing (yeah, it would have been good
if on one hand I had posted this all at once, and on the other my conf
settings hadn't gotten fried recently, causing me to reread this stuff :-)
my (hopefully) final point is (drumroll, please): CRAY IS NOT OUT OF BUSINESS.
I want to know where in the world people get the idea that htey are. Cray is
very much alive and number-crunching.
As I recall, it was bought in 1996 by SGI for $740 million or so, and is still
producing computers today if anyone is actually confused about this, check
out cray.com -- duh!)
|
raven
|
|
response 22 of 38:
|
Jul 21 19:54 UTC 1999 |
The NSA may well be engaging in domestic spying through project echelon
which is a network of snoping stations in England and New Zeland <sp?>
that share a common database with NSA computers. Check out Covert
Action Quarerly online for more info, or put echelon into a search
engine.
|
gravitia
|
|
response 23 of 38:
|
Oct 2 19:31 UTC 2000 |
How is it possible to break PGP? I thought that it would require brute,
brute force because you need to find the two prime factors of a really big,
phat number.. I heard that they would need something like thre trillion times
the expectancy of the universe to crack a single code... Any ideas?
Thanx
|
gravitia
|
|
response 24 of 38:
|
Oct 4 01:27 UTC 2000 |
Actually, I just thought of something else - What is the chance of the number
that PGP chooses not being prime? I heard that it doesn't actually perform
a complete analysis - takes too long. So if the number isn't a prime, it's
far easier to crack.
|
raven
|
|
response 25 of 38:
|
Oct 5 20:03 UTC 2000 |
Depends on the length of the key I think a 2048 bit length key is pretty
safe (SRW can you confirm this or MDW?) but shorter keys are crackable in
realistic amounts of time.
|
manthac
|
|
response 26 of 38:
|
Dec 29 18:23 UTC 2000 |
I do not have to worry about the nsa cracking a pgp message I use virtual
matrix encryption 1 million bit keys
|
drdoom
|
|
response 27 of 38:
|
Dec 31 02:09 UTC 2000 |
ok...first of all i want to say for all of yo (smart) hackers and phreakers
out there on this BBS it is very stupid to tell about recent hacks you have
made..i mean in detail..noone cares (except for the FBI) that you decrypted
some passwords at so-and-so..i mean...ive had my share of hacks that are so
good you want to brag and boast but..feds do read BBS's ya know...
|
sifer
|
|
response 28 of 38:
|
Jan 6 22:47 UTC 2001 |
what is virtual matrix encryption can u email me with some more information?
|
raven
|
|
response 29 of 38:
|
Jan 6 23:59 UTC 2001 |
re #28 a bunch of bs don't believe the hype. If you really want to learn
about servers and networked computers get a copy of Linux or BSD for
ylour Windoze bix and be prepared for the steep learning curve. There
is no easy way to learn sys admin.
|
daryl
|
|
response 30 of 38:
|
Apr 21 19:32 UTC 2001 |
The last official crack of a RSA encryption was a RSA-512 (bits) message
cracked in about 15 days in 1000 workstations using the general number field
sieve (GNFS) algorithm. It took 8000 MIPS-years. I think this should give an
idea about what NSA can do with (nearly) unlimited computation resources and
(perhaps) better algorithms than GNFS. By the way, if they can develop a
funtional quantum computer they should trivially break _any_ message encrypted
with RSA or Diffie-Hellman. I think making a good quantum computer is a matter
of sciencie-fictiona today, however.
|
skeptik
|
|
response 31 of 38:
|
Oct 15 19:56 UTC 2001 |
Some thoughts: The ability to brute force PGP encrypted messages
would depend not only on computational power, but also on the length
of the PGP keys involved. A message encrypted with 1024 bit keys
would probably take a lot less time than one encrypted with 4048bits.
Someone mentioned that the NSA budget would be soaked up by such
a purchase. While this is possibly true, we don't know whether
intelligence organizations like the NSA have revenue streams other
than what they get from the federal government. It sounds a bit
"Hollywood" to assume that they run businesses, etc, but it wouldn't
surprise me if they had multiple revenue streams whose profitability
exceeds what the government gives them.
|
danny
|
|
response 32 of 38:
|
Mar 1 08:38 UTC 2004 |
This topic looks like its almost dead, but heh in regards to 21 cray not being
out of buisness thats true, they have just finished building a new one for
sandria weapons testing labs. Built using AMD opertron chips from what ive
been reading. As far as PGP is conserned of course they can break it, its
commercial cryptography and as such they wouldnt give it away to everyone for
free unless they had a way round it. As it stores the keys to the encryption
in a local keypair on the machine I would imagine it wouldnt take much to
reverse engineer the software to decrypt documents with the owners own cypto
keyring (keypair).
|
zyraf
|
|
response 33 of 38:
|
Jul 1 14:41 UTC 2004 |
its possible to break 512bit RSA key, DES is also not good, only PGP looks
better, but is there any other safe encoding system? and software that will
let me encode file or floppy?.
|
foxworth
|
|
response 34 of 38:
|
Jul 1 18:15 UTC 2004 |
First off, why encrypt? If They want to see something, they will. If you
don't encrypt, but instead spread the information you are protecting, they
will never be able to do anything about it. Data is destroyed, but you can't
erase the human memory. Of course, there ARE -some- exeptions to this.
Second, if you insist on encrypting, go to www.lavarnd.org. the best basis
is the white noise created by a webcam with the lenscap on.
|
zyraf
|
|
response 35 of 38:
|
Jul 30 14:18 UTC 2004 |
i have some data that should be encrypted, and can't be putted on some serwer
unencrypted, they are just for my use. so how can i encrypt a floppy or files
in it?
second problem is where to put the key. if its on my computer, it isnt safe
and i dont want to have my friends addresses and/or telephone numbers not
encrypted.
any open source software?
|
maus
|
|
response 36 of 38:
|
May 7 00:44 UTC 2007 |
resp:35
http://www.afn.org/~afn21533/tinyaes.zip
ftp://ftp.sac.sk/sac/security/tinyfish.zip
ftp://ftp.demon.co.uk/pub/mirrors/garbo/pc/crypt/idea3a.zip
These are easy to use, run in DOS or Windows and implement well-known,
well-tested ciphers. The codes are written in Intel Assembly language,
so verifying them will be painful, but if you trust the author and the
webpage, then that is a non-issue (just use the prebuilt exe files). The
enciphered file is indistinguishable from noise.
You can read a little blurb about these at
http://home.att.net/~short.stop/freesoft/encrypt.htm
The ciphers themselves are described at:
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
I recommend that you read Bruce Schneir's classic work, as well as the
novel _Cryptonomicon_.
|