3
   

Encryption, NSA, and terrorism

 
 
glitterbag
 
  0  
Reply Sat 12 Dec, 2015 09:54 pm
No, I'm just saying it's interesting how patriotic some people are. Tell Homeland Security I said Hi.
BillRM
 
  0  
Reply Sat 12 Dec, 2015 10:05 pm
@glitterbag,
Sure dear I will do just that..................and even give them some of my girlfriend Fudge brownies as after all it the Christmas season.
glitterbag
 
  0  
Reply Sat 12 Dec, 2015 10:11 pm
@BillRM,
Oh that's smart. I must say I'm impressed by your guile and exceptional mental skill. I'm sure you will totally flummox those naive national security police.
0 Replies
 
glitterbag
 
  0  
Reply Sat 12 Dec, 2015 10:14 pm
@BillRM,
Bill, go take a big crap in your hat. I spoke about Bramford, I will not discuss classified info with you. What did you do in your working career?
BillRM
 
  0  
Reply Sun 13 Dec, 2015 09:41 am
@glitterbag,
Sorry dear but information that is and had been for some little time been a matter of public record such as NSA payment of ten millions dollars to RSA to weakness US encrypted standards is hardly classified info.
glitterbag
 
  1  
Reply Sun 13 Dec, 2015 12:58 pm
@BillRM,
I didn't realize I was talking to a declassification expert. How could I possibly tell you anything you didn't already dream up in your fevered imagination. By the way, sweetie, are you getting your info from Mr. Bamford's novels?
BillRM
 
  0  
Reply Sun 13 Dec, 2015 01:54 pm
@glitterbag,
Quote:
How could I possibly tell you anything you didn't already dream up in your fevered imagination. By the way, sweetie, are you getting your info from Mr. Bamford's novels?


Dream up? well I can always give links to this so call fantasy...The first I hear of it was on Gibson weekly security now podcast then I read more on Schneier Blog and then.....

As I said it is all a matter of public record ...........

footnote if you wish for far more technical details then the Reuters article give I will be happy to provide it for you Mrs NSA.

Quote:


http://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131221


As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products.

RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.

RSA and EMC declined to answer questions for this story, but RSA said in a statement: "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."

The NSA declined to comment.

The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators.

The NSA came under attack this week in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that "encryption is an essential basis for trust on the Internet," and called for a halt to any NSA efforts to undermine it.

Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA's corporate evolution away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance.

"They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.

STORIED HISTORY
0 Replies
 
BillRM
 
  1  
Reply Sun 13 Dec, 2015 02:13 pm
@glitterbag,
These attempts to weaken the security of the American people communications so they can spy better on us raised the very interesting question of is Snowden the traitor or is the leadership of the NSA the traitors to us.

After all we are talking about communications where trillions of dollars of wealth is transfer every day and where such things as our electric grid is control, so placing weakens in such systems for any reason seems an act of treason on it face.
djjd62
 
  1  
Reply Sun 13 Dec, 2015 02:39 pm
this is weird, I was reading this thread over an open wi-fi network, and got this message and was asked to pass it on

Dear Puzzledperson

Have no fear that we regularly read and listen to everything you say, we do. However, little if anything that occurs in your life is of any interest to us, except if course that incident at the Motel 6 a few years ago, the thing with the pool skimmer, 4 jars of marmalade and the Bolivian chambermaid, that we laugh about on an almost weekly basis

Yours, with love

The NSA
maxdancona
 
  3  
Reply Sun 13 Dec, 2015 02:51 pm
If strong encryption is outlawed...

Only outlaws will jGk|HlmI,[email protected]!uvwOx<yPz>0
0 Replies
 
glitterbag
 
  1  
Reply Sun 13 Dec, 2015 03:04 pm
@djjd62,
You made me laugh
0 Replies
 
puzzledperson
 
  1  
Reply Thu 17 Dec, 2015 06:02 am
@glitterbag,
glitterbag wrote: "Mr. Bamford has never been given clearance or been read into any program, so he has to depend on others who are actually plugged in for his information. Now here's the thing, anybody authorized to brief him, does not give him anything that hasn't already been made public (de-classified) and they won't because they are sworn to secrecy. Sensitive information is protected."

All quite true, as far as I know. However, a glance at the roughly 80 pages of Notes for Body of Secrets shows page after page consisting mostly of declassified material obtained by Bamford's own Freedom of Information Act requests, most of it previously classified, as well as publicly available but obscure yet respected specialist periodicals such as The Intelligencer, NCVA Cryptalog and others, private interviews with cleared individuals (some retired, some unauthorized, and some who despite their security clearance never signed a nondisclosure agreement), and others such as private, unpaginated diaries copies of which are in the author's possession. He usually quotes not only members of the relevant departments, agencies, and working groups, but those members with definitive knowledge of the topics at hand (many of which are historical). The vast bulk of references are primary source government documents, some partially declassified, and others contributing to the overall picture by means of a "mosaic" approach. Note also that classified material sometimes appears in unclassified documents. The collection, organization, and analysis of these important yet obscure sources in a single volume (or two if the predecessor book The Puzzle Palace is considered) are quite valuable both to lay readers and to professionals.

You assert simultaneously that he's both nonchalant and a blowhard. I find his writing passionate but scholarly. Methinks the lady doth protest too much.
puzzledperson
 
  1  
Reply Thu 17 Dec, 2015 06:16 am
@puzzledperson,
I wrote: "Ciphers like Enigma were comparatively secure only because the keys or key change procedures were established manually (i.e. outside the communication channel)."

I have to correct this. Mathematicians at Bletchley Park broke the codes based on a combination of two things: (1) the repeated sequence of letters an operator was obliged to preface messages with to show the receiving station how he had geared or set the machine; (2) possession of an Enigma machine turned over by the Poles in July, 1939.

Transmission of the secret key (encoded with a public key) in PGP and similar systems corresponds to (1); and possession of the commercial or public source code of the encryption program corresponds to (2).
puzzledperson
 
  2  
Reply Thu 17 Dec, 2015 06:31 am
@BillRM,
BillRM wrote: "After all we are talking about communications where trillions of dollars of wealth is transfer every day and where such things as our electric grid is control, so placing weakens in such systems for any reason seems an act of treason on it face."

If not an act of treason, then ill-considered. A backdoor that the government can exploit is arguably a backdoor that white collar criminals and hackers can exploit.

We've been down this road before. Systems like PGP were once targeted for control as "military strength" cipher systems. Attempts at legal censorship were evaded by the simple expedient of open publications of the source code, an act of free speech protected by the First Amendment.

Backdoors built into or snuck into commercial software are difficult to conceal in free, open source software whose code is widely known and scrutinized.

U.S. laws do not affect foreign writers of encryption software.

So all terrorists need to do to get around such laws is: (1) download free open source software generally considered secure; (2) write their own; (3) use or adapt commercial or military foreign software.
djjd62
 
  1  
Reply Thu 17 Dec, 2015 06:56 am
@puzzledperson,
The man who made the initial observation about repeat sequences has been effectively scrubbed from history because he talked about his years at Bletchley. In the recent film about Turing, the "fiance" of Turing was actually recruited by Gordon Welchman, after the war he moved to the states and worked for the MITRE corporation (what a perfect Bond villain name)

https://en.m.wikipedia.org/wiki/Gordon_Welchman
BillRM
 
  1  
Reply Thu 17 Dec, 2015 07:22 am
@puzzledperson,
Any one writing their own encoding engine is a fool as there are far too many ways to go wrong and it is completely unnecessary as there are many solid and proven algorithms in the public domain.

Hell on my own bookshelf there is "Applied Cryptography" that contain source codes in C most of the public known and proven alogorthms that all you need to do is produce a shell around any one of them and drop the C code provided in.

The phone app name telegram that had been in the news due to the Paris attacks contain a roll your own cipher that had just been tour apart by experts.

I find it amusing that such a program had been claimed to be able to interfere with governments reading it messages. One hell of a self service bit of misinformation being put out by governments it would seems.
glitterbag
 
  1  
Reply Thu 17 Dec, 2015 08:39 pm
@puzzledperson,
Intelligence reports and other types of classified materials are stamped with a timeline for a time they can be declassified. That date can vary. It's true that documents eventually enter the realm of declassified, unless someone requests something particular thru the FOIA process you may not be able to readily find it. Not because it hasn't been declassified, more likely the number of people devoted to declass and redaction is much smaller than the number of people involved in collecting intelligence. The intelligence community's biggest priority is to provide the most current and highest priority intelligence to those who need it right this very minute.

I'm well aware of how popular Bamford's novels have become, cable news always has him on as an 'expert'. All that being said, I don't know any intel folks who have ever said "Wow, John nailed it". So far the best thing I have ever seen regarding NSA is the National Geographic documentary on NSA. It's informative, but it's not James Bond exciting. Another excellent book is "Circle of Treason". It describes the efforts of 2 CIA analysts who eventually tracked down and identified Aldrich Ames. Again, its not a James Bond adventure, but it is an accurate depiction of the painstaking arduous work that goes in tracking down a traitor in your midst, and successfully ending the treachery.
BillRM
 
  1  
Reply Thu 17 Dec, 2015 10:24 pm
@glitterbag,


The amazing thing was not that he was in the end found out but that it took so damn long to do so and cost so many lives.

The man was waving everything but a large red flag that he was the mole in the CIA for almost a decade.

Openly living far beyond his means.
0 Replies
 
puzzledperson
 
  1  
Reply Fri 18 Dec, 2015 10:16 pm
@djjd62,
Thanks for the tip on Welchman. His book sounds like essential reading on the technical side of things.

On the application side, there's F.W. Winterbotham. There was an official ban on any mention of Ultra (the catchall term for the Enigma intercepts program) until the Spring of 1974. His book The Ultra Secret, published later the same year, is an essential first-person narrative that sheds light on the practical uses of Ultra by British and American commanders. Winterbotham supervised the security arrangements for Ultra distribution. He wrote the book on the basis of personal recollections without access to official records. There's a good description of the book's merits and weaknesses here:

https://en.wikipedia.org/wiki/F._W._Winterbotham

Another book by the same author called The Nazi Connection details his undercover visits to the early Reich as a guest of Nazi bigwigs, while pretending to be a wealthy and well connected sympathizer, in order to collect information about Germany's rearmament program. It shows just how much the Brits knew, very early on, about violations of the Versailles Treaty, and contains some fascinating first-hand reminiscences.
0 Replies
 
puzzledperson
 
  1  
Reply Fri 18 Dec, 2015 10:46 pm
@glitterbag,
I haven't read Circle of Treason but I did read Peter Maas's book Killer Spy: The Inside Story of the FBI's Pursuit and Capture of Aldrich Ames. Maas gives most of the credit to the FBI and documents how the CIA sat on their hands and ignored the obvious for many years, until forced to take action. Naturally, fans of the CIA will object.

Of course, the FBI had its own high-level traitor cotemporaneously in Robert Hanssen. But Hanssen was (until he got careless) savvy and sneaky and in a position to throw others off the track. Ames was a bungler who carried bags full of classified documents out the door of headquarters. ("Whatcha got in them bags, Mr. Ames? Oh, just some overflow from my in-box I'm going to work on at home. Okey-doke...Don't forget to button up, it's cold out there!")

Re Hanssen, Adrian Havill's book The Spy Who Stayed Out In The Cold was informative.

 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
Copyright © 2020 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 01/23/2020 at 02:27:25