How The NSA Works Hard To Break Encryption Any Way It Can

from the brute-force dept

Spiegel has published a detailed article, relying mostly on documents that Ed Snowden leaked, looking at the many ways in which the NSA breaks encryption (and the few situations where it still has not been able to do so). As we’ve seen from previous leaks, the NSA stupidly treats encryption as a “threat.”

And, sure, it is a “threat” to the way in which the NSA snoops on everything, but for the vast majority of users, it’s a way to protect their privacy from snooping eyes. The report does reveal that certain encryption standards appear to still cause problems for the NSA, including PGP (which you already use for email, right?), OTR (used in some secure chat systems) and VoIP cryptography system ZRTP. Phil Zimmermann, who helped develop both PGP and ZRTP should be pretty damn proud of his achievements here.

As the report notes, the NSA has the most trouble around open source programs, because it’s much more difficult to insert helpful backdoors:

Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism — an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple — show that the NSA’s efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.” This shows that OTR at least sometimes makes communications impossible to read for the NSA.

When it comes to non-open source systems, well, there the NSA has its ways in. In fact, the NSA seems rather proud of the fact that it can make “cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable.”

The report also shows that VPNs are targeted by the NSA, and it has had a fair bit of luck in breaking many of them (especially those that rely on PPTP — which has long been recognized as being insecure, but is still widely used by some VPN providers). However, it also shows that the NSA has been able to crack IPsec VPN connections as well. In short: your VPN probably isn’t secure from the NSA if it wants in.

The NSA also has apparently been able to crack HTTPS connections, and does so regularly:

The NSA and its allies routinely intercept such connections — by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to “detect the presence of at least 100 password based encryption applications” in each instance some 20,000 times a month.

HTTPS is still a lot more secure against non-NSA-level hackers, but it certainly shows that it’s not a perfect solution.

Another big reveal: the NSA has the ability (at least some of the time) to decrypt SSH (Secure Shell) which many of us use to access computers/servers remotely.

There’s lots more in the article and in the many, many included documents (just a few of which are shown below). It’s well worth reading.

However, the key point is that the NSA is working very, very hard to undermine key encryption systems used around the internet to keep people safe. And rather than sharing when those systems are cracked and helping to make them stronger, the NSA is exploiting those cracks to its own advantage. That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn’t even remotely close to true.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How The NSA Works Hard To Break Encryption Any Way It Can”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Self-delusion and Arrogance

That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn’t even remotely close to true.

The problem is, you’re not thinking about it from their point of view. To a ‘good employee'(that being any worker who is obedient and ‘patriotic’ enough to do what they are told) at the NSA, the agency is, without a doubt, at the very top of the list of ‘Good Guys’. And since ‘good guys’ can never do wrong, than anything they do is, by default, ‘good’.

Given they are breaking encryption in order to further their own efforts, and they are, remember, ‘The Good Guys’, then it follows that breaking encryption is a ‘good’ action in their minds, since ‘Good guys’ don’t do ‘bad things’.

Adding to the disconnect with reality, there’s also a massive case of arrogance, where the idea that any individual or group could ever employ similarly skilled and intelligent individuals is seen as laughable. They’re the NSA after all, with incredible resources in manpower, money, and skill, clearly even if they can spot and take advantage of a security weakness, it doesn’t mean that anyone else can, and that means there’s no need to fix it or not introduce it.

(The fact that the above is not even remotely close to reality is rather beyond them, due to the previously mentioned arrogance)

So between the self-delusion and arrogance, it’s no wonder they see nothing wrong with weakening security globally, to them, they’re still the Good Guys, and anything they do is also ‘Good’, despite reality saying otherwise.

PT (profile) says:

Re: If you are innocent

Y’know, as a consultant, almost every one of my clients makes me sign an NDA (non disclosure agreement)promising Draconian penalties if I disclose their valuable secrets to a third party. Yet when I offer them my public key and ask for theirs, they look at me in blank surprise. They have no concern about sending their valuable secret drawings and business plans in plain text on unencrypted email.

So I guess innocence isn’t about having nothing to hide. It’s about being completely fucking clueless.

Anonymous Coward says:

Most people who have worked with IPSec (or were paying attention when it was created) will be extremely willing to go on and on about just how insanely difficult it is to set up IPSec properly.

There was a theory that the NSA was actually responsible for this – they couldn’t undermine the crypto itself and so instead they pushed the design to be overly complicated and have as many extremely nuanced options as possible where only a few combinations would validly produce secure communications. There are several companies and products entirely built around doing the IPSec configuration so customers don’t have to.

Regardless, I would still suggest that if IPSec is crackable by the NSA, it is not an inherent weakness in IPSec’s cryptographic groundings but in all odds human error that is giving them a way in.

4th Amendment says:


The Spiegel article notes that TrueCrypt posed major difficulties for NSA, but that’s only NSA level 4. NSA Level 5 is 100% unreadable by NSA.

The open-source TrueCrypt project is now continuing as the new open-source project VeraCrypt at Security improvements have been implemented and issues raised by the TrueCrypt code audit just before the TrueCrypt developers retired have been addressed. The 1.0e version is the current stable release, and the upcoming 1.0f version is currently in its third beta release. Both are available for download right now at

VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. “Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt”.

A vulnerability in the bootloader was fixed on Windows and various optimizations were made to it as well. The developers added support for SHA-256 to the system boot encryption option and fixed a ShellExecute security issue as well.

Linux and Mac OS X users benefit from support for hard drives with sector sizes larger than 512. Linux on top of that got support for NTFS formatting of volumes.

The VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format due to VeraCrypt’s security improvements. VeraCrypt believes that the old TrueCrypt format is too vulnerable to NSA attack and that it must now be abandoned – this is the philosophical point of difference between the VeraCrypt project and the competing Ciphershed project (CipherShed is staying with the old TrueCrypt format). A tool to convert TrueCrypt volumes to VeraCrypt format is being developed but is not yet available, so currently the conversion method involves copying unencrypted files from the (opened) legacy TrueCrypt container into the new VeraCrypt container. – VeraCrypt a Worthy TrueCrypt Alternative – A Second Look at VeraCrypt – An Unofficial TrueCrypt Successor

That One Guy (profile) says:

Re: Re:

And that, really, is the best that can be attained realistically. If a government agency, Intelligence or otherwise, really wants to know what’s in the emails, calls, or other communications you’re sending, they will be able to do so. It might take them a little bit of time and effort, but if they’re really that interested in you, they will manage it.

Encryption doesn’t really do squat there. It’ll slow them down a bit, but that’s about it. What encryption does do, is make them work for it. If they have a real reason to be looking into your data, then that work will be seen as worth it.

However, if they’re just curious, or ‘merely’ trying to scoop up everything they can, ‘Just in case’, then that extra bit of effort might very well be enough to keep your communications private, as they only have so many resources to spend, and using them to decrypt random bits of data is something they would have trouble justifying.

It’s almost funny when you think about it, encryption’s main use is to protect the innocent, completely turning on it’s head the argument used against it, the ever so popular, ‘If you’ve done nothing wrong, you have nothing to hide’. In the case of encryption, hiding won’t do you much good if you’re guilty, but if you’re innocent, it will do quite a bit in protecting you.

Ninja (profile) says:

Re: Re: Re:

I wouldn’t say it’s completely breakable. There are protocols out there that are still secure even though I can’t name ’em. But eventually everything will be breakable given enough horsepower and we know computers will always get to this tipping point.

The solution here is to keep improving the existing solutions and develop new ones to keep up with the pace. I particularly like the name the dev gave to PGP. Encryption is pretty good bu never perfect. In this case perfection is achieved by constant evolution and openness.

Dan J. (profile) says:

Re: Re: Re: Re:

That depends on what you mean by “breakable.” Many of the current algorithms are essentially unbreakable in that if you had every computer in existence working on them it would still take longer than the existence of the universe to brute force them. Whether this results in absolute security, however, depends upon a large enough key, the key being random, the software implementation of the algorithm not containing exploitable bugs, etc. Those are mighty big assumptions. But if you’re reasonably smart about crypto and use reasonable practices, you can encrypt things now and through the foreseeable future which neither the NSA nor anyone else will be able to read by breaking the encryption. That doesn’t mean the NSA won’t get your communications, however. A key can get compromised. In order for your recipient to read the message, they have to decrypt it and the system doing the decryption can be compromised and the plain text exposed. Etc. In other words, there are many avenues of attack other than just breaking the encryption and the NSA is quite good at all of them. So if you’re saying that any communication can conceivably be compromised, then yes, I agree. But if you’re saying that any method of encryption can be directly broken given enough computer horsepower, then I’d strongly believe that to be incorrect. If it IS correct, then the NSA has made some startling and revolutionary advances in the field of mathematics which would shock the world.

Anonymous Coward says:

Re: Re: Re:

Yes, but you still have to think about what their variable definition of “worth it” entails……..and depending on the definition aswell as the illegality of the implementation of an illegal system, they’ll be basically running in the same capacity as criminals, while all thats done by folks, is, lets make it more difficult

Dont get me wrong, i apply to the ideaology of “somethings better then nothing”, but i hope thats just a pre-cursor to real change on their end, either honest remorse as opposed to more lies…..or forced by a nation

nasch (profile) says:

Re: Re: Re: Re:

If the public is going to be paying either way, I’d rather the cost be measured in monetary terms than privacy ones. One of those is replaceable, the other isn’t.

But if all we do is make it more expensive for the NSA to spy on us, we’re being hurt in both ways. We’re paying them even more to take away our privacy.

That One Guy (profile) says:

Re: Re: Re:2 Re:

Well, ideally they would be shut down, or at least forced to stop trying to screw over the public every which way they can think of, but until that happens, making their job more difficult, and hopefully protecting the privacy of people who would have had their information scooped up, listed, categorized and stored, is about as good as the public can manage at this time.

John Fenderson (profile) says:


There’s a lot of thought about such a thing, but it’s an incredibly hard nut to crack — and would be even harder to get websites to adopt whatever the solution would be. Look how insanely long it’s taken just to get websites to use HTTPS!

Right now, it looks like the path of least resistance may be a solution based primarily on IPv6 and DNSSEC, but having those baseline technologies in place is still years away.

Anonymous Coward says:


HTTPS, when implemented properly with strong algorithms, strong key sizes, sufficient entropy pools, and a cryptographically secure pseudorandom number generator, on hardware and software without backdoors, is plenty secure.

But that’s a lot of caveats to avoid, and most people either can’t be bothered or have to have a less secure fallback (particularly in algorithms) for compatibility with legacy software. Even Microsoft recommends that RC4 be dropped, yet it’s still widely used in HTTPS, even with clients that support newer, more secure algorithms.

tqk (profile) says:

Terrific article from der Spiegel!

I read this article a couple of days ago, and since then I’ve been pretty much stumbling around stupified. I wander into another room and five minutes later find myself standing up against a wall wondering how I got there and when. Where the hell did all this totalitarianism come from all of a sudden? IPSec and ssh cracked?!?

I don’t see this stuff when I go outside my little apartment, but it seems everywhere I go on-line is wrapping me up in a tight ball coated with an amalgam of NSA + Nazi SS + Soviet KGB + MI6 + Orwell’s 1984 + … outright and blatantly assaulting each and every one of us every second we’re on-line. The VPN that recent employers put in place to secure their networks and my and others’ work on them was all just a charade. Every time I logged into on-line banking was no more secure and private as clear text to any potential totalitarian prying eye control freak.

Who the hell is pulling the lever here, and why are they pulling it, and why are they getting away with this? Whose crazy idea is it that life is supposed to be like this?

I believe the article also pointed out the crackers still have trouble with tor (I’m not sure whether you mentioned it). Good! Get everyone you know up to speed on it as fast as they can, before it’s too late.

I’m assuming it’s not already too late. It’s all we appear to have left.

John Fenderson (profile) says:

Re: Terrific article from der Spiegel!

“IPSec and ssh cracked?!?”

The documents don’t actually indicate that these have been cracked. They indicate that they have often been circumvented by the NSA obtaining private keys. IPSec should, as always, be avoided simply because it’s easy to configure it wrong (rendering it vulnerable), but SSL itself is still apparently mathematically solid. The lesson I take is what we’ve already known: don’t trust any communication where you have to trust a third party to keep a secret.

Anonymous Coward says:

Glad I use OpenVPN instead of PPTP or IPsec. It’s good to know Phil Zimmermann’s PGP and ZRTP encryption designs still appear secure.

HTTPS has the potential to be secure too, if it didn’t rely on centralized certificate authorities. The big worry is a Certificate Authority’s signing key being stolen or handed over voluntarily. If your web browser trusts that Certificate Authority’s signing key, you’re toast.

At which point nation-state sponsored man-in-the-middle attacks can deployed, using that Certificate Authority’s signing key to sign any website address they want.

Allowing them to redirect web surfers to NSA HTTPS website proxy servers posing as a legitimate website. These HTTPS proxies sit in the middle of the connection, decrypting and logging all data before finally forwarding it on to the legitimate website.

I believe TURMOIL is the NSA exploit running these man-in-the-middle HTTPS attacks, by intercepting “CA Service Requests”. As illustrated in this NSA slide. TURMOIL sits between the client, web server, and Certificate Authority. Acting as a man-in-the-middle proxy.

When a client requests the public key for, TURMOIL returns a public key for the NSA proxy server instead. The client believes the NSA proxy server’s public key belongs to, because it’s signed with a Certificate Authority’s signing key trusted by the client’s web browser.

Anonymous Coward says:

Thanks mvario, for posting the link for Laura Poitras and Jacob Appelbaum addressing the Chaos Computer Club on YouTube. Their talk goes into really deep details about how intelligence agencies are creating dossiers on people. They actually present a FISC document detailing the content captured from people’s communications.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...