Saving the Internet from the NSA

[Seth]

I'm not sure that's true. I studied cryptography at uni, and at the time the best encryption would have taken in the range of tens of thousand of years to break with a supercomputer. The real game changer will be (if and) when quantum computers become a reality. They'll be able to break all encryption in hours/days.

That's what everybody thought, but they were wrong. Most of the vulnerability has to do with human behavior and the fact that only the most careful of spies actually uses a secure password/encryption key. This creates a very limited universe of probable combinations that supercomputers can process in a reasonable amount of time.

Besides, any commercial encryption system for sale in the US MUST be crackable by the NSA by law. If it can't be, the government will prohibit distribution of the software. Encryption technology is classified as a "munition" and there are very strict laws about exporting munitions pretty much everywhere.

You don't need US encryption to have an unbeatable encryption system. Most of these systems are studied in universities around the world. For example we studied RSA, and I could implement a weak (i.e. small key) version of it with my home PC. Unfortunately, I've forgotten most of the details of asymmetrical encryption, but it's not anywhere near as straight forwards as you would think it is. It's not a matter of picking a password or a simple key. They are 128+ bit keys which are based around a presently unsolvable algorithm for factoring prime numbers. That algorithm will be solvable with quantum computing. But with present computer architectures, it's simply never going to be solvable within useful time frames (i.e. less than a couple of decades). Tor and other top shelf encryption systems use that sort of encryption. Some may use shorter keys that can be solved by a super computer in usable timeframes. It's really a matter of how secret you want to keep something. Unless there's been some crazy advance in mathematics in the last 10 years that I'm not aware about, then high bit asymmetrical key encryption is still going to be safe. The protocol itself will be safe, but there could be other weak points in the system (like key generation and storage), and perhaps that's where they break into these things.

But it's not just about cracking the encryption by brute force you see. To use any encryption method you have to generate a key that can be used to decrypt the message at the other end and then you have to supply the recipient with that key somehow. If I detect that you are sending encrypted messages to someone else on a regular basis and I have access to the backbone network sooner or later I'm going to intercept a key exchange simply by storing all the data packets from you to anyone else and analyzing them to look for a key exchange.

This can be defeated by using a different transmission media to exchange keys of course, but as I said, merely sending encrypted messages that NSA can't read makes you a target for greater scrutiny, and if the humint element decides that you might be a threat, then the methods of intercepting the key exchange, or the unencrypted message itself as it's created come into play. Defeating potential TEMPEST attacks costs the CIA billions of dollars, and then there's keylogger software....

This is why the one-time pad works, so long as the duplicate pad is securely transferred to the recipient. Using innocuous phrases to encode messages is obfuscatory in that the watcher hopefully won't take note of the message, but even if they do intercept it unless they get access to the pad there is no way to decode the message...if the one-time pad is done properly.

[pErvinalia]

Look up asymmetrical key encryption. It's impossible (as far as I know) to intercept the key. It's a really funky piece of mathematics. If you are a maths geek, you'll love it. I remember getting my geek on seriously when I learnt about it at uni 10 years ago.

[pErvinalia]

from wiki:

Public-key cryptography, also known as asymmetric cryptography, refers to a cryptographic algorithm which requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature. The term "asymmetric" stems from the use of different keys to perform these opposite functions, each the inverse of the other – as contrasted with conventional ("symmetric") cryptography which relies on the same key to perform both.

Public-key algorithms are based on mathematical problems which currently admit no efficient solution that are inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. It is computationally easy for a user to generate his or her public and private key-pair and to use them for encryption and decryption. The strength lies in the fact that it is "impossible" (computationally infeasible) for a properly generated private key to be determined from its corresponding public key. Thus the public key may be published without compromising security, whereas the private key must not be revealed to anyone not authorized to read messages or perform digital signatures. Public key algorithms, unlike symmetric key algorithms, do not require a secure initial exchange of one (or more) secret keys between the parties.

[Seth]

Look up asymmetrical key encryption. It's impossible (as far as I know) to intercept the key. It's a really funky piece of mathematics. If you are a maths geek, you'll love it. I remember getting my geek on seriously when I learnt about it at uni 10 years ago.

If you have to create or transmit the key it can be intercepted. Public key encryption depends on the availability of a public key repository where recipients can go to download your public key in order to be able to decrypt the message. If it's a public key sent only to one individual it can still be intercepted.

If you have to give the recipient a way to decrypt the message then the message is always at risk of a "man in the middle" interception of the required information for decryption. That's just an inherent risk in any cryptographic system that will always exist. You can make it very difficult to next to impossible to intercept the necessary information, but that largely depends on obfuscation and flying under the radar. If I send you a key by PM tonight, theoretically nobody is watching so it'll get to you safely. But if the NSA is recording all data from me to you, which it is because Rationalia servers are located outside the US and the NSA intercepts EVERYTHING that leaves the US, it would automatically collect that information, and using traffic analysis it becomes possible for them to filter out all the chaff and identify the precise transaction that transmitted the key. It's as if I sent the key to both the NSA and to you at the same time. Yes, it's far more complex than that in actual practice, but the principle is the same in every case. To decrypt an encrypted message the recipient must have a key from the sender. Anyone who has that key can decrypt the message. Preventing an unauthorized person from obtaining that key is the primary goal of any useful encryption system, and the Internet is simply not a secure method of transmitting such information. That's why the Mossad doesn't use ANY kind of electronic device, from the Internet to a radio transmitter to pass critical encryption keys and messages. They do it from hand to hand, from known individual to known individual. Even that is not absolutely secure of course, because nothing is. If it can be encrypted, it can be decrypted. That's just a fact of physics. The point of modern electronic encryption is to make decryption without the key so difficult and time consuming that it's not worth it to bother. But if the NSA cares to bother because I've made them suspicious, they can focus enough resources on intercepting either the unencrypted message itself (TEMPEST) or intercepting EVERYTHING I transmit electronically to assist them in eventually breaking the encryption. Most encryption failures are not the result of brute-force attacks, they are caused by other types of compromise.

This is why it's a good idea to simply accept as a truth that the three-letter agencies of the world can look at anything you send over the Internet...if you give them a reason to want to.

So don't give them a reason to want to.

[Blind groper]

But if enough people decide to encrypt their messages, sheer logistics makes it impossible for the NSA to decrypt them all. This may happen.

[JimC]

I don't see Snowden as a "white knight hero", but neither do I see him as a villain. Technically, he could be classified as a traitor, but it would be hard for anybody to say he did it for personal gain. Living under the control of the Russian security services, with their own agenda is not like a lazy escape to a wealthy life on a tropical beach...

I can understand Ian being fairly cranky - it is a consequence of the position he has within the US services. But darkly hinting of "special knowledge" which, if known, would make anyone recoil from Snowden in horror will not impress a skeptical audience wanting evidence and logic.

It is clear that Snowden's information releases have had a deleterious effect on the US government, diplomats and security apparatus. It has caused much embarrassment to allies such as Australia, too, with revelations about eaves-dropping in Indonesia. Also, I know that people argue that diplomacy itself works best if some aspects are kept secret.

However, weighing up all these negative consequences against the public value, world wide, of knowing that an agency of the US government has clearly over-stepped the bounds, I support, in balance, what he has done, however murky his motives may have been. It is for the public good, where the public is the whole of humanity.

[pErvinalia]

Seth, as I said, it's not that simple. I only wish I could remember the details of how it works (or find my uni notes). The last line of that wiki quote points it out: "Public key algorithms, unlike symmetric key algorithms, do not require a secure initial exchange of one (or more) secret keys between the parties."

Even that is not absolutely secure of course, because nothing is. If it can be encrypted, it can be decrypted.

You haven't been listening and/or reading. Public Key Cryptography is based on an algorithm that CAN'T be realistically broken with today's computing architecture. It will only be broken when we get a new architecture (like quantum computing) which will allow vastly more processing cycles per second. The algorithm (or at least one of them) is based on factoring huge prime numbers. It's some funky maths. Maybe JimC knows something about it.

[Blind groper]

Personally, I know very little on this topic, but I have browsed several articles in New Scientist which agree that modern cryptography cannot be broken with anything less than a quantum computer of a kind that has not yet been invented.

[Seth]

Seth, as I said, it's not that simple. I only wish I could remember the details of how it works (or find my uni notes). The last line of that wiki quote points it out: "Public key algorithms, unlike symmetric key algorithms, do not require a secure initial exchange of one (or more) secret keys between the parties."

Even that is not absolutely secure of course, because nothing is. If it can be encrypted, it can be decrypted.

You haven't been listening and/or reading. Public Key Cryptography is based on an algorithm that CAN'T be realistically broken with today's computing architecture. It will only be broken when we get a new architecture (like quantum computing) which will allow vastly more processing cycles per second. The algorithm (or at least one of them) is based on factoring huge prime numbers. It's some funky maths. Maybe JimC knows something about it.

Dude, let me make it simple. If I want to send you an encrypted letter I have to provide a way for you to obtain the decryption key, right?

If you obtain that key on-line rather than in person from me in a secure transaction there is ALWAYS the threat of a "man in the middle" attack by someone who IMPERSONATES YOU and obtains the necessary information to decrypt the message.

If someone taps the "line" between you and I it's not a matter of breaking the encryption code, it's a matter of authenticating that your public key that I use to encrypt the message is actually your public key and that your private key has not been compromised.

It may be made difficult by using VPN, TOR or some other method of concealing the true nature of the messages directing you to the decryption key, but if the NSA has a hook into the backbone networks and they can crack TOR, which they can, once they identify you and I they can sweep up all communications to, from or between us because the one thing you can't successfully obfuscate is the origin and destination of the packet. That's exactly what TOR tried to do by using a network of relays to throw off any attempt to track a packet from origin to destination. The NSA figured out how to put a "tracer" on a packet and figure out where it comes out of the TOR network. This makes the TOR network a complete waste of time because it bounces the packet all over the world to try to prevent someone from following the packet from it's origin to its destination but since the NSA can load the packet before it gets into the TOR network with a tracer that tells the NSA when and where it exits the TOR network, all the bouncing around means nothing now. And then there's TEMPEST etc..

Just suppose that the NSA actually operates the public key registry so that it can "bogue the data" when you upload your public key by replacing it with THEIR public key. I encrypt using THEIR public key thinking it's yours, I send the message, they intercept it, decrypt it and then re-encrypt it using YOUR actual public key and then they send it on to you as if nothing happened. This is the prime failure of public key encryption...the man in the middle attack.

If the NSA is effectively looking over my shoulder as I type the message and send it, and it's looking over your shoulder as you receive it and decode it, what's the point?

If we exchange public keys securely, then that's not a problem, but that requires tradecraft and most people don't bother because they assume that the public key repositories are secure. They aren't, not against the government.

[rainbow]

Besides, any commercial encryption system for sale in the US MUST be crackable by the NSA by law. If it can't be, the government will prohibit distribution of the software. Encryption technology is classified as a "munition" and there are very strict laws about exporting munitions pretty much everywhere.

OK. What about it isn't commercial, given away for free?

[Seth]

Besides, any commercial encryption system for sale in the US MUST be crackable by the NSA by law. If it can't be, the government will prohibit distribution of the software. Encryption technology is classified as a "munition" and there are very strict laws about exporting munitions pretty much everywhere.

OK. What about it isn't commercial, given away for free?

ALL encryption systems are considered "munitions" and are expressly addressed in the ITAR (International Traffic in Arms Regulation). You cannot necessarily even take a commercial encryption system out of the country on your laptop computer without violating federal law. It doesn't matter if it's paid or free or if you invented it yourself.

The only reason Phil Zimmerman isn't in prison for life is because HE did not export PGP, he merely posted it on domestic servers in the US, which was legal at the time, and unknown persons transmitted it out of the country. That particular loophole has been closed I believe, but they tried really, really hard to make a case against him and he spent years under investigation and potential indictment till the feds realized that the cat was out of the bag and hammering Zimmerman would create lots of bad press.

And then there's importing encryption systems INTO another country, which can get you put away for a long, long time in some countries.

[pErvinalia]

FFS. Use google or something. There is no need to send a private key for decryption.

Third hit on google:

Also known as asymmetric-key encryption, public-key encryption uses two different keys at once -- a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone, anyone who picks it up can't read it without the private key. The key pair is based on prime numbers (numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long length. This makes the system extremely secure, because there is essentially an infinite number of prime numbers available, meaning there are nearly infinite possibilities for keys.

http://www.howstuffworks.com/encryption3.htm

[Seth]

FFS. Use google or something. There is no need to send a private key for decryption.

Third hit on google:

Also known as asymmetric-key encryption, public-key encryption uses two different keys at once -- a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone, anyone who picks it up can't read it without the private key. The key pair is based on prime numbers (numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long length. This makes the system extremely secure, because there is essentially an infinite number of prime numbers available, meaning there are nearly infinite possibilities for keys.

http://www.howstuffworks.com/encryption3.htm

Why don't you read the wiki, where it will tell you exactly what I've been saying. Fundamental fact of encryption: the recipient MUST have a key with which to decode the message. Public key encryption merely allows the sender to use the recipient's public key to encrypt the message so that only the holder of the matching private key can decrypt it. The recipient "sends" the public key to the sender either directly or by publishing the public key to a public key repository where the sender can find it and download it for encryption. But this model assumes that the public key the sender uses actually belongs to the intended recipient.

As I explained, if the "keymaster", which is to say the system that holds the public keys and provides them on request to senders, is compromised, then there is no assurance that the key the sender gets and encrypts his message with actually belongs to the intended recipient. If the whole "keymaster" system is a front for the NSA, the NSA can send the sender any public key it wants...like one that it has the companion private key for.

If the NSA can then intercept the encrypted message on its way to the intended recipient, it can grab the message actually encrypted with their public key, decrypt it, then re-encrypt it using the actual intended recipient's real public key and send the message on to the recipient. Neither the sender nor the recipient will know that the message has been intercepted, captured, decoded, recoded and sent on by the "man in the middle."

Go do your homework and you will find that public key authentication is the main vulnerability of public key encryption.

And if you think the NSA doesn't know this and hasn't inserted itself in the data stream with the specific purpose of becoming the man in the middle, you're a fool.

[pErvinalia]

You are shifting the goal posts. You said the vulnerability is in the private key being intercepted. Now you are talking about spoofing the public key. That's a real threat, but not the original threat we were talking about. I can implement encryption on my computer independent of a digital certificate agency. In fact, that's exactly what Tor does. It's peer to peer encryption (as long as you download the Tor client from the proper site).

[jaydot]

dial-up was my first experience online and i found that i spent more time updating my security software (i was using windows then) than i did surfing. it made the whole effort painful. when i got broadband and switched to linux, i toyed with encryption and found it gave me the same sort of headache dial-up did. i realised that being safe on the internet did not depend upon encryption, but not putting online anything sensitive and, being inherently lazy, i quit nearly all forms of security and "watch my mouth" as it were.

i adhere to the old adage "if you want to keep a secret, keep it to yourself."