PDA

View Full Version : NSA Death Star Fully Operational Soon.



publius
2012-Mar-18, 10:35 PM
Cheerful news:

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

Out in the Utah desert, the NSA's electronic spy center Death Star will be fully operational in Sept of 2013. (Why oh why, couldn't it have been Dec 21st, 2012 -- cost overruns and delays, I'm sure). They've been able to gather just about every bit of communication that is released into the ether for a few years now but the problem was there was so much data, they couldn't handle it all. Well, this solves that problem. A Yottabyte (10^24) of data. Petaflops of processing capacity. Exaflops by 2018. And she's gonna pull 65MW load.

They can break AES with that thing now, I'm sure. Every move you make, every breath you take, they'll be watching you.

Note the part about the "intercept stations". These are located at the major communications hubs all over the country. And in Sept 2013, they'll have the ability to process it all.

Rhaedas
2012-Mar-19, 12:09 AM
The only reason encryption levels are used where they are is that there's no need to put more processing into a secure thing. Especially if something is temporary, if there's not enough time to crunch the numbers, the level doesn't have to be as high. As things change, so does encryption technology.

They want to comb through the internet and find relevant things? Good luck to them, that's the biggest struggle with using the internet, is getting past the crap.

Ara Pacis
2012-Mar-19, 05:04 PM
Well, all this means is that people/spies will have to start using stronger encryption and/or codes if they use computer/phone-based communications. If people/spies use face-to-face talking, dead drops, mail, courier, or international trade then the NSA won't be able to hear it. For all the money, glam and high tech wizardry, it sounds like it's more of a deterrent to smarter spies but might catch some dumb ones.

mike alexander
2012-Mar-19, 07:37 PM
Thank God I already sold the story before this came out. Cashed the check today.

Tensor
2012-Mar-19, 09:16 PM
NSA No Such Agency. Of course, that big building at the junction of Maryland 295 and 32 is a bit hard to hide.

Chuck
2012-Mar-19, 10:07 PM
We could email each other large files of random bits for them to try to decrypt and see if it draws any personal visits.

Ara Pacis
2012-Mar-19, 10:23 PM
We could email each other large files of random bits for them to try to decrypt and see if it draws any personal visits.

Why bother sending large amounts of encrypted data to anyone. Just assign assumptions of consern a cold ward, prhps with miss pellings. And then Martha will make apple pie for the town picnic at the park on Earth Day while the Mayer barbecues hot dawgs on the grill he bought at Ace because he didn't like the won Frumm Walmart because it wuz overprized at $39.92 instead of 29.94. Say wut?

mike alexander
2012-Mar-19, 10:31 PM
Send a recipe for shepherd' pie including critical mass, polonium initiator and shaped charges.

Ara Pacis
2012-Mar-19, 10:36 PM
Send a recipe for shepherd' pie including critical mass, polonium initiator and shaped charges.

Hey, you just got flagged by the NSA!

Waitaminute, I just responded to it... now I just got flagged too!

jokergirl
2012-Mar-20, 09:08 AM
Steganography and codes have in every war been superior to "only" encryption. If the "enemy" knows there *is* an encrypted message, they already know too much.

;)

swampyankee
2012-Mar-20, 09:49 AM
The operation will, of course, be subcontracted out to the RIAA and MPAA, so they can chase down people quoting song lyrics.

Heid the Ba'
2012-Mar-20, 01:40 PM
Or it may be yet another overfunded government project that doesn't actually do anything.

Swift
2012-Mar-20, 03:02 PM
We could always fly along that little trench and fire at that exhaust port.

http://www.clicksmilies.com/s1106/auto/car-smiley-004.gif

mike alexander
2012-Mar-20, 03:17 PM
The beauty of such an enterprise is that if you look hard enough at everything you will eventually find patterns, whether they correspond to the real or not.

God is replaced by a zippobyte processor.

ToSeek
2012-Mar-20, 03:17 PM
NSA No Such Agency. Of course, that big building at the junction of Maryland 295 and 32 is a bit hard to hide.

They're a lot more upfront than they used to be back in the 1980's when I'd go to vendor classes with people who could only identify their employer as "DoD". ("Fort Meade?" "Um, yeah.") They admit the NSA exists and even have a museum now.

ToSeek
2012-Mar-20, 03:18 PM
The beauty of such an enterprise is that if you look hard enough at everything you will eventually find patterns, whether they correspond to the real or not.

Well, obviously, all of us who feel a duty to liberty should start sending out massive numbers of emails with suspicious phrases in them and see if we can overwhelm the system.

The Backroad Astronomer
2012-Mar-20, 04:16 PM
Why didn't they go with Skynet.

Trebuchet
2012-Mar-20, 06:14 PM
When I was in the Army in the early '70s, we had an ASA (Army branch of the NSA) station on our (overseas) post. It was isolated on the other side of the airfield, with its own gym, PX, and everything. I was a payroll clerk, and got to process the incoming ASA guys. All the other troops went through a central processing station, but the ASA guys came direct to me. They weren't allowed to say what they did, of course, but given the huge antenna farm over there and the fact that they'd all spent the past six months or so attending various language schools, it wasn't hard to figure out.

korjik
2012-Mar-20, 06:30 PM
Well, obviously, all of us who feel a duty to liberty should start sending out massive numbers of emails with suspicious phrases in them and see if we can overwhelm the system.

Part of the reason of this facility is to keep that from happening.

Besides, you should say hi to the NSA dudes every now and then just to be nice. Analysis can be boring, especially if you just listened to the 87th conversation about getting milk from the store in the last hour....

:)

Rhaedas
2012-Mar-20, 06:56 PM
Between Facebook and Youtube, you have to admire their ability to not go insane.

Luckmeister
2012-Mar-20, 07:00 PM
Part of the reason of this facility is to keep that from happening.

Besides, you should say hi to the NSA dudes every now and then just to be nice. Analysis can be boring, especially if you just listened to the 87th conversation about getting milk from the store in the last hour....

:)

Facebook will drive them nuts. :lol:

Extravoice
2012-Mar-20, 07:19 PM
They're a lot more upfront than they used to be back in the 1980's when I'd go to vendor classes with people who could only identify their employer as "DoD".

I had a job in the 1980s that interacted with folks from several three-letter agencies. A standing joke was that you could decode any attendee list as follows:

Department of Defense = NSA
Department of Justice = FBI
Department of State = CIA

BTW: The lunchroom at Ft Meade had a coffee machine that delivered coffee in paper cups with poker hands printed on them. (I think it was poker. Several cards were printed on the cup, with the last card printed on the bottom. Anybody remember those?) The "locals" would bet against visitors and always win.

The NSA guys had figured out the algorithm the printer used to make the cups, and knew what was printed on the bottom of your cup. They only (potentially) lost if there was a discontinuity, such as the start of a new sleeve of cups.

Ara Pacis
2012-Mar-20, 08:19 PM
Part of the reason of this facility is to keep that from happening.

Besides, you should say hi to the NSA dudes every now and then just to be nice. Analysis can be boring, especially if you just listened to the 87th conversation about getting milk from the store in the last hour....

:)

Hi.

We should all pick a name to call them by when we're playing cat and mouse on the phone/internet. How about Bob or Shirley?

publius
2012-Mar-20, 08:22 PM
In all the crypto examples, it's always Alice and Bob sending each other messages. So in honor of that, just call them Alice and Bob.

publius
2012-Mar-20, 08:25 PM
Well, obviously, all of us who feel a duty to liberty should start sending out massive numbers of emails with suspicious phrases in them and see if we can overwhelm the system.

I don't think the system can be overwhelmed. As we were discussing in that other thread, we're creating a turnkey Borg system. Resistance will be futile. We will be assimilated

swampyankee
2012-Mar-20, 09:20 PM
Or it may be yet another overfunded government project that doesn't actually do anything.

Alas, it will probably involve sending men in grey suits to harass people who make snarky comments about CEOs. Or who quote song lyrics. Tra-la-la.

HenrikOlsen
2012-Mar-20, 10:52 PM
Seeing that the NSA's true raison d'etre seems to be international industrial espionage to benefit the friends of the politicians aka the usual suspects, the "doesn't do anything" is probably a rather large underestimation.

Tensor
2012-Mar-21, 03:17 AM
They're a lot more upfront than they used to be back in the 1980's when I'd go to vendor classes with people who could only identify their employer as "DoD". ("Fort Meade?" "Um, yeah.") They admit the NSA exists and even have a museum now.

Yeah, I was being a bit facetious. They even let you know what exits to take now. Which, if they had done it earlier, would have probably saved people the trouble of getting off on the wrong exit.

korjik
2012-Mar-21, 05:57 AM
Facebook will drive them nuts. :lol:

Just the opposite. Facebook is self-analyzing data. I know what I could do with that sort of data, and I barely qualified for NSA goon (Army SIGINT analyst). It is bad enough that people can be tracked close to 24-7 with just common off the shelf tech, but to train them to volunteer the information is just creepy.

Maybe my opinion is a bit CT nut, but hey everyone is entitled to be a little nutty about something. :)

HenrikOlsen
2012-Mar-21, 07:07 AM
YouTube comments on the other hand...

Swift
2012-Mar-21, 12:57 PM
Or it may be yet another overfunded government project that doesn't actually do anything.

Seeing that the NSA's true raison d'etre seems to be international industrial espionage to benefit the friends of the politicians aka the usual suspects, the "doesn't do anything" is probably a rather large underestimation.
I only pick these two as examples...

I'm not sure if these, or others, violate our no politics rule, but we are getting very close to that blurry line. This is probably a very borderline topic for BAUT to begin with, I ask everyone to be careful with what they post or I'll just take the easy route and close the thread.

peteshimmon
2012-Mar-21, 01:57 PM
Swift dormiens nunquam titillandus.

:)

jokergirl
2012-Mar-21, 01:58 PM
Si innocens, non metueris.

;)

mike alexander
2012-Mar-21, 04:39 PM
Illegitimi non carborundum.

Drunk Vegan
2012-Mar-21, 06:35 PM
YouTube comments on the other hand...

I would get a real kick out of reading a content analysis of a Youtube comment thread by an NSA computer program. The signal to noise ratio would have to be almost 0.

Swift
2012-Mar-21, 08:53 PM
I would get a real kick out of reading a content analysis of a Youtube comment thread by an NSA computer program. The signal to noise ratio would have to be almost 0.
I can just see the alert given to the Department of Homeland Security that, according to their Youtube analysis, that the world is about to be attacked by dead Mayans, Planet X, UFOs, singing dogs, baby polar bears, and teenage boys injuring themselves in stupid backyard stunts. :D

Solfe
2012-Mar-21, 10:47 PM
They're a lot more upfront than they used to be back in the 1980's when I'd go to vendor classes with people who could only identify their employer as "DoD". ("Fort Meade?" "Um, yeah.") They admit the NSA exists and even have a museum now.

"The Museum of the Unknown Department" would have sounded silly.

korjik
2012-Mar-21, 10:56 PM
"The Museum of the Unknown Department" would have sounded silly.

Museum of the Unknown Agency.

You have to take these things seriously or someones feelings will get hurt. :)

korjik
2012-Mar-21, 10:57 PM
I would get a real kick out of reading a content analysis of a Youtube comment thread by an NSA computer program. The signal to noise ratio would have to be almost 0.

More likely a large negative number. :)

John Mendenhall
2012-Mar-21, 11:35 PM
"War depletes the treasury and is bad for the civilian population. Espionage is cheap."

Ara Pacis
2012-Mar-22, 10:52 AM
In all the crypto examples, it's always Alice and Bob sending each other messages. So in honor of that, just call them Alice and Bob."Surely, you must be joking." :)

publiusr
2012-Mar-24, 06:30 PM
"What happened to the wiring harness?"

"The custodian sold it for meth..."

DoggerDan
2012-Mar-27, 03:44 PM
"Surely, you must be joking." :)

No, publius is right. Alice and Bob, or so said at least one of the books I used for my IT masters: "Alice sends Bob her public key, which Bob then uses to encrypt a message which he sends back to Alice. Since the public key can be used to encrypt the message, but not decrypt it..."

Et cet.

Chuck
2012-Mar-27, 04:39 PM
The NSA could intercept Alice's attempt to send her public key to Bob and substitute its own. Then Bob would use the NSA's public key to send a message to Alice which the NSA would intercept, decrypt, read, encrypt with Alice's real public key, and send it along to Alice.

SeanF
2012-Mar-27, 07:41 PM
The NSA could intercept Alice's attempt to send her public key to Bob and substitute its own. Then Bob would use the NSA's public key to send a message to Alice which the NSA would intercept, decrypt, read, encrypt with Alice's real public key, and send it along to Alice.
Public keys aren't "sent", they're published, publicly. :)

At any rate, Bob encrypts the message with Alice's public key and then again with his own private key. Alice decrypts the message first with Bob's public key and then with her own private key. If a third-party had substituted a different key for either (or both) Alice and Bob's public keys, the message would come out gobbledy-gook and Alice would know the communication had been compromised.

HenrikOlsen
2012-Mar-27, 07:50 PM
The NSA could intercept Alice's attempt to send her public key to Bob and substitute its own. Then Bob would use the NSA's public key to send a message to Alice which the NSA would intercept, decrypt, read, encrypt with Alice's real public key, and send it along to Alice.
The point of Alice's key being public is that Alice can broadcast it through any medium and through multiple channels, it's actually fairly easy to verify that the public key is correct simply because it IS public.
Especially with something like the pgp PKI where public keys are signed to confirm validity.

For instance I can tell you that the public key I'll use to encrypt a message to you is the key with ID D5006161 on the MIT keyserver, you can confirm that it's the correct one by the fingerprint 5F 69 C2 A6 53 24 E5 EE 41 6E CA 58 AE D2 4B 63 once you've fetched it, if you think this post might have been altered by the NSA call me and read the fingerprint of the key you fetched.

Extravoice
2012-Mar-27, 09:06 PM
No, publius is right. Alice and Bob, or so said at least one of the books I used for my IT masters: "Alice sends Bob her public key, which Bob then uses to encrypt a message which he sends back to Alice. Since the public key can be used to encrypt the message, but not decrypt it..."

I concur. I've seen those names several times in cryptography examples. There is even a Wikipedia article (http://en.wikipedia.org/wiki/Alice_and_Bob) about them.

I wonder if the choice of names has anything to do with these people. (http://www.imdb.com/title/tt0064100/) (I never saw the movie.)

Trebuchet
2012-Mar-28, 12:25 AM
I wonder if the choice of names has anything to do with these people. (http://www.imdb.com/title/tt0064100/) (I never saw the movie.)

I did, when I was in college. It was excruciatingly boring, and not sexy at all.

vonmazur
2012-Mar-28, 12:42 AM
The beauty of such an enterprise is that if you look hard enough at everything you will eventually find patterns, whether they correspond to the real or not.

God is replaced by a zippobyte processor.

Did not they cover this idea in "A Beautiful Mind"---seeing all the patterns in the papers and all that??

Dale

publius
2012-Mar-28, 03:45 AM
I thought Ara was just making a Leslie Nielsen "Don't call me Shirley" joke. In "Airplane!", What's-his-name says to Nielsen, "Surely, you must be joking." And Nielsen replies something to the effect of no, I'm serious and don't call me Shirley.

DoggerDan
2012-Mar-28, 12:32 PM
The NSA could intercept Alice's attempt to send her public key to Bob and substitute its own. Then Bob would use the NSA's public key to send a message to Alice which the NSA would intercept, decrypt, read, encrypt with Alice's real public key, and send it along to Alice.

Not if Bob, the initiator, had...

Bottom line, international security will always fall back on the people who're entrusted with out nation's secrets. Those who can handle them, fine. Those who can't, they shouldn't be given more.

DoggerDan
2012-Mar-28, 12:44 PM
The point of Alice's key being public is that Alice can broadcast it through any medium and through multiple channels, it's actually fairly easy to verify that the public key is correct simply because it IS public.
Especially with something like the pgp PKI where public keys are signed to confirm validity.

For instance I can tell you that the public key I'll use to encrypt a message to you is the key with ID D5006161 on the MIT keyserver, you can confirm that it's the correct one by the fingerprint 5F 69 C2 A6 53 24 E5 EE 41 6E CA 58 AE D2 4B 63 once you've fetched it, if you think this post might have been altered by the NSA call me and read the fingerprint of the key you fetched.

And yet, with long key lengths and algorithms capable of being crunched today as opposed to the 80's era systems, we're, um, set, are we not? I mean, I can send an e-mail to a friend that would take more years to crack than are available before the next big bang (or dissolve). So, NSA, shemnasa, good luck.

SeanF
2012-Mar-28, 01:27 PM
For instance I can tell you that the public key I'll use to encrypt a message to you is the key with ID D5006161 on the MIT keyserver, you can confirm that it's the correct one by the fingerprint 5F 69 C2 A6 53 24 E5 EE 41 6E CA 58 AE D2 4B 63 once you've fetched it, if you think this post might have been altered by the NSA call me and read the fingerprint of the key you fetched.
You've got this backwards, Henrik. You're telling Chuck what public key he should use to encrypt a message to you.

If you're picking the key and you're doing the encryption, then you tell him which public key he should use to decrypt the message which you are sending to him. And it doesn't keep anybody else from reading the message, but it allows the reader(s) to be confident that the message they're reading actually came from you.

HenrikOlsen
2012-Mar-28, 01:36 PM
Public keys aren't "sent", they're published, publicly. :)

At any rate, Bob encrypts the message with Alice's public key and then again with his own private key. Alice decrypts the message first with Bob's public key and then with her own private key. If a third-party had substituted a different key for either (or both) Alice and Bob's public keys, the message would come out gobbledy-gook and Alice would know the communication had been compromised.
This presumes Neal didn't replace Bobs public key when Alice got it.
If they did, the scenario becomes: Bob encrypts with Neal's public Alice Key and his own private key. Neal decodes with Bob's public key and Neal's private Alice key, then encrypts with Alice's public key and Neal's private Bob Key. Alice gets the message, decrypts with Neal's public Bob key and her own private key and think things are OK.

As you see, man-in-the-middle would still work if both public keys had been intercepted and replaced, which is why actually publishing public keys is part of the security of the system.

HenrikOlsen
2012-Mar-28, 01:40 PM
You've got this backwards, Henrik. You're telling Chuck what public key he should use to encrypt a message to you.

If you're picking the key and you're doing the encryption, then you tell him which public key he should use to decrypt the message which you are sending to him. And it doesn't keep anybody else from reading the message, but it allows the reader(s) to be confident that the message they're reading actually came from you.
Didn't I actually write that?

Doesn't matter, they're used both ways. It was an example of how to provide the public key.

Whether you use my public key for encryption or decryption is irrelevant for the details of the key exchange, what matters is that you know it's mine.

HenrikOlsen
2012-Mar-28, 02:11 PM
And yet, with long key lengths and algorithms capable of being crunched today as opposed to the 80's era systems, we're, um, set, are we not? I mean, I can send an e-mail to a friend that would take more years to crack than are available before the next big bang (or dissolve). So, NSA, shemnasa, good luck.
The best you can expect is to make it take long enough that the information is no longer useful when it's broken. And that it's not worth enough that they'll employ tire iron cryptography instead.

Given the algorithmic complexity of GNFS (Note this is classical complexity, not quantum figments of imagination), if it takes a day to break a 512 bit key(which is realistic with a large cluster or customized hardware), it'll take a year to break a ~1568 bit key and 10 years to break ~2300 bits, assuming no increase in computing speed.
3072 bits won't buy you a century even without Moore's law.
10,000 bits does get you into longer than the expected existence of humanity, but I don't think there are many programs that'll handle those key lengths, and if quantum computing is at all possible, it will be implemented during the next 50 million years, in which case you're boned anyway.

peteshimmon
2012-Mar-28, 02:23 PM
ARRRRGGGG...LOOK! Once and for all, it is
a technological doddle to produce two CDs
full of random key! This gives years of
unbreakable communication between two
parties. Anyone else can have the externals,
who is communicating, how much traffic and
when.

BTW, I read a comment years ago that an official
was annoyed at the implimentation of that DES
standard decades ago. Where there was a fuss about
64 or 56 bits of encoding or something. Sounded
like someone made sure of no easy inputs despite
the 56 bits:)

HenrikOlsen
2012-Mar-28, 02:30 PM
Not really.
It's a doddle to produce 2 CD's of pseudo random key, truly random takes quite a while to produce.
And you have the problem of distributing the CD and that once a CD's worth of messages have been encrypted you'll need another one.
And you have the problem that if you have x people who want to communicate securely with each other you're going to need 2x(x-1) CD's generated.

As for the DES, the nasty problem with it was that it is so complicated that it couldn't be mathematically demonstrated exactly how secure it is.

Chuck
2012-Mar-28, 02:37 PM
The point of Alice's key being public is that Alice can broadcast it through any medium and through multiple channels, it's actually fairly easy to verify that the public key is correct simply because it IS public.
Especially with something like the pgp PKI where public keys are signed to confirm validity.

For instance I can tell you that the public key I'll use to encrypt a message to you is the key with ID D5006161 on the MIT keyserver, you can confirm that it's the correct one by the fingerprint 5F 69 C2 A6 53 24 E5 EE 41 6E CA 58 AE D2 4B 63 once you've fetched it, if you think this post might have been altered by the NSA call me and read the fingerprint of the key you fetched.
With the NSA intercepting and possibly altering messages going both ways, a fingerprint can be changed just as easily as an encryption key. Few people are going to call each other on the phone to verify no tampering. Those that do would draw more personal attention from the NSA.
I suppose people wanting to avoid this possibility could trade keys in person before sending any electronic communications instead of getting public keys from an online source, but then the NSA would see keys being used that weren't requested electronically and figure that something suspicious is going on.

HenrikOlsen
2012-Mar-28, 02:40 PM
With the NSA intercepting and possibly altering messages going both ways, a fingerprint can be changed just as easily as an encryption key. Few people are going to call each other on the phone to verify no tampering. Those that do would draw more personal attention from the NSA.
I suppose people wanting to avoid this possibility could trade keys in person before sending any electronic communications instead of getting public keys from an online source, but then the NSA would see keys being used that weren't requested electronically and figure that something suspicious is going on.
You can't easily make a key with a given fingerprint though.
Out-of-band verification of the public key is fundamental to public key cryptography and only needs to be done once per key, then you keep it in a version signed with your own key.

SeanF
2012-Mar-28, 02:45 PM
As you see, man-in-the-middle would still work if both public keys had been intercepted and replaced, which is why actually publishing public keys is part of the security of the system.
Yes, that's true.


Didn't I actually write that?
If you're encrypting a message using a public key for Chuck to decrypt (which was the way you worded it), then you need to use Chuck's public key so he can use his own private key to decrypt. In that case, Chuck's successful decrypting of the message itself will confirm that his correct public key was used to encrypt it, so there's no additional benefit gained from you specifying details of the public key beforehand.

Of course, as in your scenario, a man-in-the-middle could provide you with a false Chuck public key, but then that same man-in-the-middle could alter your pre-message confirmation of the public key details as well.

Chuck
2012-Mar-28, 03:11 PM
You can't easily make a key with a given fingerprint though.
Out-of-band verification of the public key is fundamental to public key cryptography and only needs to be done once per key, then you keep it in a version signed with your own key.The fingerprint for the fake key could be substituted for the real fingerprint just like the key was substituted, and using a nonstandard method of transmitting fingerprint would let the NSA know that something unusual is going on.

HenrikOlsen
2012-Mar-28, 03:41 PM
The point is that I don't communicate the fingerprint through the same channel as I communicate the key.
They have to alter the way Chuck reads BAUT too to have it work.

Chuck
2012-Mar-28, 04:21 PM
If most people don't use alternate methods of communicating fingerprints, those that do will draw attention to themselves. It's not enough to just hide the contents of messages.

publius
2012-Mar-28, 07:44 PM
ARRRRGGGG...LOOK! Once and for all, it is
a technological doddle to produce two CDs
full of random key! This gives years of
unbreakable communication between two
parties. Anyone else can have the externals,
who is communicating, how much traffic and
when.


To add to what Henrik said. What you're talking about is a true "one time cipher (pad)" system. That is unbreakable provided you have a true random number stream, never leak that key stream, and never reuse the same key stream. Any psuedo-random generator is not truly random. Use the rand() function from your programming language library to create that CD and you have something the NSA could trivially break.

Generating truly random streams, and doing it fast enough, is not trivial. And I remember some speculation. Suppose the NSA discovered that what was thought was a true random process was not really and was predictable, and thus invalidated quantum theory. THat is, they discover evidence of "hidden variables". Would they tell anyone and thus let the revolution in physics occur, or would they keep it secret to allow them to continue to break unbreakable ciphertext? :)

SeanF
2012-Mar-28, 07:48 PM
The point is that I don't communicate the fingerprint through the same channel as I communicate the key.
They have to alter the way Chuck reads BAUT too to have it work.
I think I see where we're having our discrepancy, and it's just a matter of wording. In the situation you described (you're sending a message to Chuck encrypted with a public key), it's Chuck's key you're using. So, the benefit to your post would be if Chuck reads it before you send your message and says, "Stop, no, that's not my key!"

But the wording of your post made it sound like you were simply deciding which key to use and expecting Chuck to follow suit with the appropriate matching key, which is where my disagreement came from.

HenrikOlsen
2012-Mar-28, 09:09 PM
Please listen carefully 'cause I will only say this once more: I was describing how Chuck should get my public key.

That was an actual reference to a real public key.

SeanF
2012-Mar-28, 09:39 PM
Please listen carefully 'cause I will only say this once more: I was describing how Chuck should get my public key.
Henrik, you said you were going to use the key in question to encrypt a message to Chuck.

SkepticJ
2012-Mar-29, 12:10 AM
Generating truly random streams, and doing it fast enough, is not trivial.

How much is enough?

http://en.wikipedia.org/wiki/Hardware_random_number_generator

Van Rijn
2012-Mar-29, 12:28 AM
How much is enough?

http://en.wikipedia.org/wiki/Hardware_random_number_generator

As it mentions, true randomness is hard to guarantee. There can be problems in design, and problems can occur in operation (it ages, it works outside of the tested temperature range, etc.) that can affect the numbers generated. I've seen a number of cases where some device or scheme turned out to have some unknown problem that made it less random than thought, which is why I don't trust them very far.

publius
2012-Mar-29, 01:30 AM
And how do you know the NSA didn't have a mole working for the manufacturer of said hardware who put a little flaw in there to allow the results to be predictable? :) I'd imagine they consider a device capable of reliably producing a fast stream of truly random output to be in the same category as a nuclear weapon, a very dangerous thing to allow just anyone to have access to.

Trebuchet
2012-Mar-29, 02:45 AM
If you encrypt everything, perhaps the NSA doesn't need to decrypt it. They just see it, figure you're up to something, and it's off to Gitmo.

HenrikOlsen
2012-Mar-29, 06:20 AM
Henrik, you said you were going to use the key in question to encrypt a message to Chuck.
And in order for him to decrypt that encrypted message he needs my public key which I told him how to get.

I identified the key pair that was to be used.

Are you under the impression that I don't know that this specific use of the key pair is an example of sender/message verification rather than secrecy?

SeanF
2012-Mar-29, 01:38 PM
And in order for him to decrypt that encrypted message he needs my public key which I told him how to get.

I identified the key pair that was to be used.

Are you under the impression that I don't know that this specific use of the key pair is an example of sender/message verification rather than secrecy?
For future reference, when you have this situation - in which the receiver needs to use a particular public key to decrypt a message because the paired private key was used to encrypt it - it is probably not the best idea to describe it as "the public key I'll use to encrypt a message to you is [this particular public key]". That is inaccurate and confusing.

This is especially true when you are building your own hypothetical situation, so the reader has no established starting point. Saying, "Alice encrypts a message to Bob using Alice's public key," does nothing but leave the reader wondering.

Did you mean:

A) "Bob encrypts a message to Alice..." rather than the other way around; or

B) "...Bob's public key" rather than Alice's; or

C) "...Alice's private key" rather than her public key?

All the reader can logically conclude is you couldn't possibly have meant what you actually said, because it makes no sense. There's no way to know which you did mean.

Now I know that what you meant here was C), but it really shouldn't have taken this long to find that out.

DoggerDan
2012-Mar-29, 03:56 PM
The best you can expect is to make it take long enough that the information is no longer useful when it's broken.

I think universal heat death is "long enough."


And that it's not worth enough that they'll employ tire iron cryptography instead.

Well, there's always that! I'm sure you've heard of TrueCrypt. It might not withstand an NSA hack, but it'll thwart most agencies. There was a news article recently about someone who was charged with obstruction of justice for refusing to give authorities the password to his computer's hard drive. I don't recall the details, but I do recall thinking my hard drive is merely an extension of my own memory, and under our 5th Amendment's "nor shall be compelled in any criminal case to be a witness against himself", I was thinking whether my memory is between my ears or on my hard drive, I consider it one and the same.


Given the algorithmic complexity of GNFS (Note this is classical complexity, not quantum figments of imagination), if it takes a day to break a 512 bit key(which is realistic with a large cluster or customized hardware), it'll take a year to break a ~1568 bit key and 10 years to break ~2300 bits, assuming no increase in computing speed.
3072 bits won't buy you a century even without Moore's law.
10,000 bits does get you into longer than the expected existence of humanity, but I don't think there are many programs that'll handle those key lengths, and if quantum computing is at all possible, it will be implemented during the next 50 million years, in which case you're boned anyway.

How about a megabit key? Regardless, a random cipher pad can't be broken. Very difficult to implement over the Internet, though.

HenrikOlsen
2012-Mar-29, 05:47 PM
The problem here is that you need two primes of about half the bit length of the key and making sure those are prime becomes the limiting factor. For a random number of no special form, this is somewhat non-trivial to prove, though it does run in polynomial time (O(n^6)).

So a megabit key will itself take longer than the heat life of the universe just to create.

HenrikOlsen
2012-Mar-29, 05:51 PM
For future reference, when you have this situation - in which the receiver needs to use a particular public key to decrypt a message because the paired private key was used to encrypt it - it is probably not the best idea to describe it as "the public key I'll use to encrypt a message to you is [this particular public key]". That is inaccurate and confusing.
Sheesh! I was talking about how to get the public part of my key pair and confirm it was the right one.

Could you at least try to address the central part of the post instead of nibbling at details that are irrelevant to it?

Chuck
2012-Mar-29, 06:01 PM
The problem here is that you need two primes of about half the bit length of the key and making sure those are prime becomes the limiting factor. For a random number of no special form, this is somewhat non-trivial to prove, though it does run in polynomial time (O(n^6)).

So a megabit key will itself take longer than the heat life of the universe just to create.
While you need two large primes, you don't have to prove that they're primes. I think there are probablistic tests that run much faster. It should be enough to know that the numbers are almost certainly primes.

SeanF
2012-Mar-29, 06:57 PM
Sheesh! I was talking about how to get the public part of my key pair and confirm it was the right one.

Could you at least try to address the central part of the post instead of nibbling at details that are irrelevant to it?
I didn't see any need to comment on "the central part of your post" because I had already made the same overall point, only in less detail, in the post right before yours. :)

The reason I pointed out the error is because I felt that, if someone with a limited understanding of the usage of public/private keys read your post, it would confuse them, and I wanted to alleviate the potential confusion.

Yeah, I know, didn't exactly work out that way, did it? :lol:

Ara Pacis
2012-Mar-29, 10:44 PM
I thought Ara was just making a Leslie Nielsen "Don't call me Shirley" joke. In "Airplane!", What's-his-name says to Nielsen, "Surely, you must be joking." And Nielsen replies something to the effect of no, I'm serious and don't call me Shirley.I'm glad someone got it. The fact that everyone else read it straight and thought I meant something else just shows how well codes work compared to encryption.

SkepticJ
2012-Mar-30, 12:28 AM
And how do you know the NSA didn't have a mole working for the manufacturer of said hardware who put a little flaw in there to allow the results to be predictable? :) I'd imagine they consider a device capable of reliably producing a fast stream of truly random output to be in the same category as a nuclear weapon, a very dangerous thing to allow just anyone to have access to.

Logically possible, I suppose, but this is the path to tinfoil hat land.

"It's a giant conspiracy, man! They're everywhere, controlling everything, covering their tracks perfectly to leave no trace."

If one is truly concerned, make the device from off-the-shelf-parts and do the software coding oneself.

Maybe the NSA has a trojan program in your computer, cameras installed in your workspace, and nanobots to subvert any hardware you make. You can't prove they don't.

SkepticJ
2012-Mar-30, 12:34 AM
As it mentions, true randomness is hard to guarantee. There can be problems in design, and problems can occur in operation (it ages, it works outside of the tested temperature range, etc.) that can affect the numbers generated. I've seen a number of cases where some device or scheme turned out to have some unknown problem that made it less random than thought, which is why I don't trust them very far.

The one that works via light going through a semi-transparent mirror sounds pretty robust. What can go wrong there?

HenrikOlsen
2012-Mar-30, 06:27 AM
Maybe the NSA has a trojan program in your computer, cameras installed in your workspace, and nanobots to subvert any hardware you make. You can't prove they don't.
You can however occasionally prove when someone do have a trojan installed.

That was the case a couple of years ago when it was shown not only that Windows had reserved space in the code for multiple keys for decrypting supposedly secure information (stored passwords and such) but that one of those extra keys was actually present in people's machines.

Van Rijn
2012-Mar-30, 07:30 AM
The one that works via light going through a semi-transparent mirror sounds pretty robust. What can go wrong there?

How do you read it? Proper implementation is always an issue, and you can lose randomness with a design mistake.

Extravoice
2012-Mar-30, 12:51 PM
If one is truly concerned, make the device from off-the-shelf-parts and do the software coding oneself.

If you do, you'd better go "full Kaczynski" and write your software in machine code.
Trojans could be lurking anywhere, even your compiler. ;)

Reflections on Trusting Trust (http://en.wikipedia.org/wiki/Backdoor_%28computing%29#Reflections_on_Trusting_T rust)

SkepticJ
2012-Mar-31, 01:02 AM
How do you read it? Proper implementation is always an issue, and you can lose randomness with a design mistake.

CCDs? They age well. Even if the sensor decayed, how would that affect the overall randomness? It's detecting a chaotic process, seeing a chaotic process less well doesn't make it not chaotic.

BigDon
2012-Apr-03, 04:47 AM
You know guys, at some point it's more economical to just walk up and shoot that troublesome person in the head rather that go through all these gyrations to try and find out what he's saying. Most goverments only have finite patience. A JDAM is a hell of a lot cheaper than a computer set-up that can crunch an 80 digit 150 character choice security code in a reasonable amount of time. Well, that's what my inner Darth Vader tells me.

HenrikOlsen
2012-Apr-03, 10:44 AM
The $5 tire iron works quite well too when you want to know someone's password.

Ara Pacis
2012-Apr-03, 05:36 PM
You know guys, at some point it's more economical to just walk up and shoot that troublesome person in the head rather that go through all these gyrations to try and find out what he's saying. Most goverments only have finite patience. A JDAM is a hell of a lot cheaper than a computer set-up that can crunch an 80 digit 150 character choice security code in a reasonable amount of time. Well, that's what my inner Darth Vader tells me.That's the great thing about a computer network, it's easier to figure out who they're talking to or who's reading them, unlike shortwave numbers stations.

Van Rijn
2012-Apr-04, 01:14 AM
It's detecting a chaotic process, seeing a chaotic process less well doesn't make it not chaotic.

It certainly can. Somewhere along the line you need to turn something or other into a number and that number needs to get to whatever process that needs it. There can be hardware or software errors that make the generated number less random.

SkepticJ
2012-Apr-04, 07:29 PM
You know guys, at some point it's more economical to just walk up and shoot that troublesome person in the head rather that go through all these gyrations to try and find out what he's saying. Most goverments only have finite patience. A JDAM is a hell of a lot cheaper than a computer set-up that can crunch an 80 digit 150 character choice security code in a reasonable amount of time. Well, that's what my inner Darth Vader tells me.

What if you don't know where they are? Say they use something like Tor.

What if they're not up to anything illegal, they're just really serious about their privacy as part of their personality? Egg on your face if you murder an innocent person.

Ara Pacis
2012-Apr-04, 10:45 PM
What if you don't know where they are? Say they use something like Tor.If they could decrypt so fast that they could see the Tor network transparently in real time, then maybe they could trace the routing and know the origin and destination.