Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption
from the how-safe-is-your-encryption dept
There are lots of people digging through the latest Ed Snowden leaks concerning the black budget for intelligence activities in the US trying to pick out various nuggets. Over at Wired, Kevin Poulsen has found one of the most interesting tidbits, highlighting how James Clapper cheers on the “groundbreaking cryptanalytic capabilities to defeat adversarial cryptofgraphy and exploit internet traffic.” In short, the NSA has gotten pretty good at breaking encrypted communications. Encryption is a strong protector, but can be broken — and that’s always been a part of the NSA’s mission: code-breaking. But, there have long been questions about to what level the NSA can break today’s popular encryption standards. What today’s leaks show is that they’re apparently pretty successful and are spending more and more money on it:
Filed Under: black budget, encryption, nsa, nsa surveillance, spying, surveillance
Comments on “Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption”
CryptoWars Episode II
Wow, the farther we fall down the rabbit hole...
The more I realize what a service Snowden did for the American public. Hats off to you Ed, wherever you are.
The genie is so far out of the bottle, the govt should just give up and come clean already. They’re never getting this genie back in there.
Georgia Institute of Technology rocked the higher education world when it announced plans to offer a fully online master?s degree in computer science for roughly one-seventh the price of its on-campus equivalent ? less than $7,000.
Read more: http://blog.credit.com/2013/08/the-7000-masters-degree-scaring-colleges/#ixzz2dPABS1Fn
Are my paranoid tweets starting to sound a lot less paranoid Mike?
Where’s the part about some of that black budget going towards developing a nuclear-armed bipedal robot out in the Fox Archipelago off the coast of Alaska?
[SPOILERS]
I wouldn’t be surprised if the next leak says that some secret agency self-funds through drug trafficking. We already knew that, but for some reason… it’s news!
The NSA is spying on everyone, saving everything ever sent, and trying to break cryptography everywhere it is. This is news? No, this is history. We’ve been bullying countries for decades, getting into wars on false premises, obliterating our own middle class, hunting down a benign plant (which happens to be winning), blah blah prison industrial complex, and on and on and on. I mean, seriously, if someone blows up your neighbor for profit and then says ‘trust us we will be good,’ then explodes the next town over, and then the next country, do you really think they will show some restraint when you come under the microscope? Are these revelations really the kinds of things we should be surprised about?
What I’m trying to say is this: I don’t believe for a second that Edward Snowden is genuine. Look up the term ‘limited hangout,’ and then ask yourself what Snowden has revealed that we didn’t already know. The only difference between pre-snowden and post-snowden worlds is that the establishment isn’t even bothering with chicanery anymore. They are just out in the open with several contradictions at once, and the masses don’t care.
Re: [SPOILERS]
I have maintained this viewpoint from the beginning of this ruse.
We're going to need a bigger codec.
So, does this mean my notion of encouraging everyone to encrypt everything isn’t going to force them to triage?
Well, I’m embarrassed.
this is why my computer is encrypted with the most secure protocol i could find and has a password that well over 50 characters in length. It simply isn’t worth the time and effort to break.
Re: Re:
Seriously, I haven’t kept anything on a computer that isn’t already available to the gov’t (tax returns, my accounting and a butt load of LOL-Cats).
Re: Re: Re:
Add gifs of lolcats to your tax returns just to confuse them when they do read it.
Re: Re:
Especially not your data, I’d presume.
I bet the NSA is working on cracking HTTPS. It’s a surprisingly vulnerable protocol, actually; most sites that use HTTPS don’t support the latest encryption protocol, TLS 1.2, which removed several vulnerabilities, and even TLS 1.2 could be vulnerable due to RC4’s weaknesses.
Re: Re:
If they can unravel long keychains, the protocol specifics won’t matter. Thats the real threat, if they can break 256 bit encryption on a 2048 bit key in any useful amount of time then the specifics of HOW something is encrypted become less important.
Re: Re:
Are you sure they haven’t already cracked it?
Intel
We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic. — Clapper
NSA is getting a Vesuvius or D-Wave Two quantum computing system built into the Utah facility according to this. Quantum computers can rapidly break down public key cryptography since it can quickly factor down large numbers to their respective primes.
I think this means they don’t have this capability yet. I wouldn’t depend on that as a certainty, though.
So the future is here. And we still need to work out cryptography that, while not necessarily impenetrable, is still a bother enough to make it impossible for the NSA (or for anyone) to engage in deep-packet-analysis of every incident they encounter. Even poor encryption that they have to triage is going to serve to slow their intelligence-gathering efforts.
== == ==
Encrypted with Morbius-Cochrane Perfect Steganographic Codec 1.2.001
accident fungus golf elastic laser fire apple pie chime
Re: Intel
What will the US military will do once its enemies have learned to break existing cryptographic algorithms? Do we enter a new cryptography arms race, or does the US government give up and transmit everything in the clear?
Re: Re: Intel
What will the US military will do once its enemies have learned to break existing cryptographic algorithms?
They will use Quantum Cryptography. Quantum cryptography, done properly, is theoretically unbreakable.
Re: Re: Re: Intel
Although the entire principle of it has been shattered because there is no real way to secure the common time source required by the endpoints (unless we all start putting gravity-calibrated atomic clocks in all our PCs).
Re: Re: Re: Slowly Delivered Key, Rapidly Delivered Message. (to: Richard, #27)
Here is an observation: if you know someone well enough to have secrets with them, you can generally arrange to transmit symmetric (private) cipher keys by other means than electronic communications.
For example, Laura Poitras, in Germany, can find, say, twenty different people who travel back and forth between Germany and Brazil, by various routes, and who are willing to hand-carry a letter to Glen Greenwald. Ideally, many of these couriers should be persons of such repute and standing that interfering with them has major ramifications (eg. people with diplomatic status). Others should be totally obscure people, recruited by circuitous methods, typically students (eg. a young man whose girlfriend’s brother is one of Laura Poitras’s disciples, and who is doing it for his girlfriend, not for any political conviction). Each letter contains one or more unique symmetric (private) cipher keys, of abundant strength. On receipt of these twenty letters, or such of them as have not been intercepted and seized or destroyed, Glen Greenwald can XOR the keys together to form a key which is at least as secure as the key which was most securely transmitted. He can disclose publicly which keys he is using, to be sure that the message gets back to Laura Poitras. The requisite key strength can be obtained by multiple passes of multiple different ciphers, with a different key for each pass. It ought to be possible to get 500 bits effective strength without too much difficulty. Alternately a “letter” could always include a DVD or a memory stick, in which case a once-only-cipher might be feasible. It’s all a question of how paranoid you feel.
http://security.stackexchange.com/questions/2900/doubling-up-or-cycling-encryption-algorithms
http://en.wikipedia.org/wiki/Triple_DES
http://en.wikipedia.org/wiki/Meet-in-the-middle_attack
Re: Wrong kind of quantum computer for that
D-Wave’s computers are not classical quantum computers. They are designed to solve certain kinds of NP-complete optimization problems quickly, but no one knows how this could be used to break currently-used public-key encryption schemes.
Re: Intel
Elsewhere in the document it is mentioned that research into quantum computing is a priority.
Re: Intel
I just took a look at your mind-computer website link. I am rather skeptical about the information there. First off, they claim the D-wave two is going to the Utah Data Center. This is based on the Lockheed contract for one. There is one going to NASA Ames research center in Mountain View, CA in collaboration with Google (ootb where are you?). The NSA has said, in the document referenced by this article, that research into quantum computing is a priority. So, it is likely they are dealing with D-Wave. But the web site looks like it is inventing a connection between Lockheed’s purchase and the NSA’s Bluffdale facility without any evidence. This kind of sloppy, speculative writing continues.
They mistake the order of complexity of the traveling salesman problem as O(2^n), when it is O(n!) or, at best, O(n?2^n) using the Held-Karp algorithm.
The claims of the capability of the D-Wave 2 system are ridiculous and not at all what D_wave claims. I, personally find the claim:
Enables the computer to completely reconstruct the human brain?s cognitive processes and teach itself how to make better decisions and better predict the future based.
to be especially absurd (I have a degree in psychobiology and am very much interested in brain function and artificial intelligence).
I am sorry to be so dismissive without fully reading the whole website, but it doesn’t look like a useful resource.
Given that, it does seem that the NSA is very much interested in quantum computing but this was probably not related to the “enormous breakthrough” in cryptanalysis that Bamford mentioned.
Re: Re: Intel
The claims of the capability of the D-Wave 2 system are ridiculous
Quantum computing has been ridiculously overhyped. This is especially worrying for those of us who find it interesting because of the inevitable backlash that will follow.
One point of relevance here is that the D wave computer is NOT capable of running Shor’s algorithm and hence is not capable of cracking RSA encryption.
Re: Intel
They’re building the fuckin’ Skynet
Wait a minute
Isn’t that top secret slide just budgetary metadata?
Re: Wait a minute
And look what it reveals!
In bed with the enemy
“The Post said it withheld the rest, and kept some information out of its reporting, in consultation with the Obama administration to protect U.S. intelligence sources and methods.“
Why is the Washington Post seeking help from the Obama administration on what not to publish? Don’t publish anything that would put people’s lives in jeopardy, but don’t go asking the person whose dirty laundry you’re exposing about which bits of laundry to expose.
I think this explains why the Washington Post hasn’t been harassed as much as the folks at The Guardian.
Re: In bed with the enemy
Just what constitutes sources and methods? Doesn’t the fact that the NSA (and others) collect ALL electronic (voice and text and video) pretty much cover everything, except the humint (human generated intelligence)? Keep those folks secret if you must. The rest is currently public knowledge.
Oh, oh, I know. If we (the government) don’t admit it, it does not exist.
That would be delightfully stupid of the NSA, then...
…if the Vesuvius is not what they think it is. Maybe they can donate it to NASA.
But I would wager that breaking public-key encryption is for what they want a quantum computer, rather than a superfast number cruncher.
Oh yes, please, tell me I'm wrong.
Thanks, aldestrawk. While a tech-geek, my eyes still glaze over whenever they start talking about qubits.
I’d really rather cryptanalysis of contemporary cyphers not exceed the rate at which we adopt and standardize new ones, and they seem very eager to decrypt everything with no concern as to who they target.
This isn’t going to go away, even if we completely defund the NSA: we end-users need strong encryption, and we need everyone to be in the habit of using it.
It bring back the question of what is the enormous breakthrough.
Re: Oh yes, please, tell me I'm wrong.
It bring back the question of what is the enormous breakthrough.
Probably not that significant – but you need to demonstrate some success in order to maintain funding.
Old School
Being the old man that I am I remember when encryption was considered munitions. No really it was.
When it was no longer considered munitions is when (in my opinion) that the NSA had cracked the RSA encryption standard.