3
   

Encryption, NSA, and terrorism

 
 
Robert Gentel
 
  2  
Reply Thu 10 Dec, 2015 12:05 pm
@maxdancona,
maxdancona wrote:
If the NSA, with its hundred billion dollar budget, wants your secrets bad enough, they can put a bug in your home, or a hardware keyboard logger, or just pick you up secretly and take you to Guantanamo.


http://imgs.xkcd.com/comics/security.png
0 Replies
 
puzzledperson
 
  1  
Reply Thu 10 Dec, 2015 04:48 pm
@BillRM,
You keep confusing cryptanalysis with password guessing. Nobody is talking about guessing anything here. You also keep saying we need more understanding about the fact that hybrid systems consist of two parts, but that's been obvious since Robert Gentel's initial comment and was acknowledged by me in my first reply here.

If you don't understand why all zeroes (and lots of other 128 bit strings) would never be allowed as a key used to encrypt a body of text, I'll try to be patient and explain it multiple times -- but only if you ask me nicely and stop being such a contrarian pain in the ass.
0 Replies
 
puzzledperson
 
  1  
Reply Thu 10 Dec, 2015 05:11 pm
@maxdancona,
maxdancona wrote: "What exactly are you worried about PuzzledPerson?"

Lots of things, but the NSA isn't one of them. The only encryption I use is the kind built into protocols like https. I simplify find the subject of intrinsic interest and am responding (as I often do) to things receiving a lot of news coverage. CNN seems convinced that weakening encryption standards is essential to national security, but it might just end up empowering white collar criminals.

Let's try and stay on topic. It's obvious that a 128 bit key does not imply 3.4 times 10 to the 38th power possibilities. For public keys, the fact that they are based on large prime pairs cuts down the possibilities considerably, since most of those 3.4 times 10 to the 38th strings are not large primes. For the secret keys used to encrypt the body of text, the possibilities are reduced by the need for strong encryption systems to make cryptanalysis difficult. The only question is how much this and other technical considerations reduces the possibilities in each case, and makes my brute force decryption scheme feasible with supercomputers over a reasonable amount of time.

This is obviously a technical question. If you don't know the answer, you might at least admit the validity of the question, and stop trying to divert the discussion into personal channels.
maxdancona
 
  1  
Reply Thu 10 Dec, 2015 05:16 pm
@puzzledperson,
Why are you being such a jerk to those of us who are offering our expertise to answer your questions? And why should I keep answering your questions if you are going to be rude? There are people who pay me good money for my experience in this topic without being rude.

You are lucky to get at least two of us with professional experience on this topic. I get nothing out of this, other than trying to be nice.

puzzledperson
 
  1  
Reply Thu 10 Dec, 2015 05:37 pm
@maxdancona,
I'm not being a jerk, I'm responding to two jerks. Bill obviously has no expertise to offer, and it's becoming clear that you probably don't either. No complaints about Robert Gentel in this thread: he answered what he knew, admitted what he didn't know, and wasn't trying to push me around, impute felonious motives to me, or pretend that I didn't understand something I had clearly acknowledged explicitly.

I'm tired of being stupidly attacked by defective pseudo-sentients every time an online discussion lasts for any appreciable time. You've conditioned this response, now stop whining about it. Also, stop defending each other's defective behavior, and stop responding with hostility when someone disagrees, asks a question you don't know the answer to, offers an opinion different from the one you or another of your kind nominally holds, or simply exists as a sentient being and posts a comment as such. And stop blaming your victim for standing up for himself or for complaining about your misbehavior.
puzzledperson
 
  1  
Reply Thu 10 Dec, 2015 08:06 pm
@puzzledperson,
I wrote: "...since most of those 3.4 times 10 to the 38th strings are not large primes..."

No doubt I should have talked about the product of two large primes or numbers bearing a particular mathematical relationship to such a product. The essential point remains: that for a public key of 128 bits, many of the 2^128 possible numbers will not be possible or satisfactory as keys.

I found the following in a paper by the SANS Institute called Prime Numbers In Public Key Cryptography, dated 2003 (note that the age of the paper gives context to the recommedations):

Contemporary pundits are recommending an RSA key of at least 1024 bits; i.e., the value of M should be at least a 1024 bit number. This size recommendation can only increase as technology continues to provide access to ever more powerful computers. [18] provides a comprehensive analysis of various factors contributing to effective key size choice. In addition, the authors propose a formula for estimating the increase in minimum key size over time. The requirement increases linearly for symmetric keys and exponentially for asymmetric keys. Their work projects that in 2010 symmetric algorithms will require at least 80-bit keys and asymmetric, RSAbased algorithms will need 1450-bit keys. These numbers seem inadequate measured against contemporary literature (the paper [18] is three years old). Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Chapter 11 of Denning’s work [9] contains an excellent discussion of the relationship between key size and attack difficulty. Schneier [2] also addresses this subject in chapter 7, which ends by providing the advice to select “keys that are longer than you imagine necessary”.

0 Replies
 
BillRM
 
  0  
Reply Thu 10 Dec, 2015 08:14 pm
@puzzledperson,
Quote:
I'm not being a jerk, I'm responding to two jerks. Bill obviously has no expertise to offer, and it's becoming clear that you probably don't either. N


My my after I take my time to help you so I am a jerk? Another report to Robert it would seems. At least you had not charge me with being a child molester but just a jerk for some unknown reason.

glitterbag
 
  0  
Reply Thu 10 Dec, 2015 08:17 pm
@BillRM,
BillRM wrote:

Quote:
I'm not being a jerk, I'm responding to two jerks. Bill obviously has no expertise to offer, and it's becoming clear that you probably don't either. N


My my after I take my time to help you so I am a jerk? Another report to Robert it would seems. At least you had not charge me with being a child molester but just a jerk for some unknown reason.




Actually, you are both.
BillRM
 
  0  
Reply Thu 10 Dec, 2015 08:19 pm
@glitterbag,
Thanks for adding to the posts I am reporting.
0 Replies
 
glitterbag
 
  0  
Reply Thu 10 Dec, 2015 09:08 pm
@puzzledperson,
Regarding James Bamford, I just erased about 5 papagraphs I had written about him and his first novel, "the Puzzle Palace". I was still at NSA at the time and Bamford book was so flawed and filed with flights of fancy I couldn't finish more than a quarter into the book.

I can't bring myself to buy or borrow anymore of his novels. Sadly, he is thought of as an expert, he associates with other speculators to guess what might be going on, but he does it with a semi-bored nonchalance that convinces some that he actually knows what he is talking about.

Mr. Bamford has never been given clearance or been read into any program, so he has to depend on others who are actually plugged in for his information. Now here's the thing, anybody authorized to brief him, does not give him anything that hasn't already been made public (de-classified) and they won't because they are sworn to secrecy. Sensitive information is protected, its not like TMZ where everybody gets to weigh in.

Well, I think he thinks he's deep in the know, but his revelations can be found in many open source documents and in research publications. He's just another blowhard who thinks he's smarter and more savvy than the entire intelligence community.




BillRM
 
  0  
Reply Fri 11 Dec, 2015 09:22 pm
@glitterbag,
NSA an organization that have so must funding it had gone crazy such as it jamming in so many hard drives in it Utah data center that in theory it can store the whole traffic of the internet and now there are reports of indoor lightening storms as a result.

An organization who one of it mission statement is the protection of US communications from foreign attacks yet by paying RSA ten millions to used a weak Elliptic Curve as it default curve placed US communication at risk from not only NSA attacks but from foreign attacks also.
glitterbag
 
  0  
Reply Fri 11 Dec, 2015 09:53 pm
@BillRM,
I don't know what you are trying to say. Do you read Mr. Bamfords novels? Those indoor lightening storms must be some kind of perk, sadly I never got to see one. Frankly, I've never heard of them. Where do you get your intel, Bill?
BillRM
 
  0  
Reply Fri 11 Dec, 2015 10:05 pm
@glitterbag,
Quote:
Those indoor lightening storms must be some kind of perk, sadly I never got to see one. Frankly, I've never heard of them. Where do you get your intel, Bill?


From the open sources tech/computer literature and such news magazines as Forbes.

The problems of the Utah data center is no secret at all.

Quote:


http://www.forbes.com/sites/kashmirhill/2013/10/17/nsas-utah-data-center-suffers-new-round-of-electrical-problems/


The NSA’s Utah data center is still struggling to get up and running. The Wall Street Journal reported earlier this month that the site slated to hold exabytes of NSA spy data has been suffering from lightning arcs and meltdowns that have destroyed hundreds of thousands of dollars worth of equipment and prevented the NSA from using the center for its intended purpose: massive data storage and mining. The WSJ reported there had been ten incidents thus far. A source familiar with the project says the center underwent yet another shutdown over the weekend after electrical problems on Thursday and Friday.

The data center was shut down through Tuesday. The source says there aren’t “arcs and fires anymore” but that the experts on the site still haven’t figured out what’s causing the problems. They have figured out how to prevent flashes of lightning, though.

“They’re seeing a pattern of where it gets to the meltdown point and they stop it before it blows again,” says the source. The source says that contractors have been injured and taken to the hospital due to electrocution, but not in the most recent shutdown.


NSA spokesperson Vanee Vines provided a statement about the problems at the site that had previously been provided: “The failures that occurred during testing have been mitigated. A project of this magnitude requires stringent management, oversight, and testing before the government accepts any building.”

“As we’ve said, acceptance testing is underway,” she added.




0 Replies
 
BillRM
 
  0  
Reply Fri 11 Dec, 2015 10:09 pm
@glitterbag,
Now that we deal with the "lightening bolts" any comment about NSA working to placed weakness in the standards for US encrypted communications?
glitterbag
 
  0  
Reply Sat 12 Dec, 2015 12:05 am
@BillRM,
I think you should consult Forbes, cause you have dropped some words and your sentence isn't coherent. Oh, and have your clearances forwarded to HQ so I'm sure you have the need to know whatever it is you are trying to ask.
BillRM
 
  0  
Reply Sat 12 Dec, 2015 01:03 pm
@glitterbag,
Poor baby there is no need to ask or have a security clearance to know , if NSA had been trying to weaken US security standards as they had been found out in the case of the RSA ten millions dollars payment to place a weak Elliptic Curve as their default curve into their standard.

So my question is do you have a comment on the known fact repeat known fact of what they had been trying to do and how that just might be in conflict with the part of their charter that task them to aid the security of american communications ?
glitterbag
 
  0  
Reply Sat 12 Dec, 2015 03:01 pm
@BillRM,
just type in nsa.gov, some nice person there will answer all your questions.
BillRM
 
  0  
Reply Sat 12 Dec, 2015 03:49 pm
@glitterbag,
Yes I am sure they would do so but why bother when we have such an expert as yourself?

As I said thanks to some very aware security experts the little trick of trying to bury a weakness into a RSA standard was found almost at once so it is no longer a secret.

An of course any future standards that the NSA have any input on will now be check in great details.

Nice to know that NSA if given a choice would prefer to weaken the security that we all depend on, so there is a window for them and anyone else that happen to come across their build in "back doors"
glitterbag
 
  1  
Reply Sat 12 Dec, 2015 05:11 pm
@BillRM,
Thats cute Bill, but I'm retired and I'm not a spokesperson. If you like, I'd be more than happy to contact Security and let them know you expect me to confirm or deny some 'stuff''. We can kill two birds with one stone, you will get to meet some nice FBI people and I can fulfill my obligation in accordance with my oath.
BillRM
 
  0  
Reply Sat 12 Dec, 2015 09:14 pm
@glitterbag,
Quote:
We can kill two birds with one stone, you will get to meet some nice FBI people and I can fulfill my obligation in accordance with my oath.


So are you implying that a Citizen should fear to question the actions of a federal agency?

Trump is not president yet, so one would assume that most parts of the constitution is still in working order.

Sorry go right ahead and report my comments and interests to whoever you care to.

You can tell them I am also of the firm opinion that Snowden is a damn national hero and their budget should be cut by 90 percents or so.

Their world wide massive spying had not seem to detected any of the recent terrorist attacks but then that is not what the massive spying programs is design to do in any case.

Footnote if the FBI would show up on anyone doorsteps I would strongly suggest not talking to them as they are free to lied to a citizen until the cows come home but can claims that any of your statements was not truthful and charge you with the crime of lying to federal officers.

Poor Martha Stewart was never even charge with the crime of insider trading that the FBI was investigating her for but for lying to them so if Martha had just told them to go to hell when they show up to question her she would not had spend a minute behind bars.

The above is true until President Trump repeal the fifth amendment.



0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
Copyright © 2020 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 01/28/2020 at 09:57:11