Paul Walker on 18 Sep 2013 07:57:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] encryption

As I understand it (I believe it was something disclosed in this keynote the NSA has access to the internet backbone infrastructure and is actually storing a large percentage of all internet traffic. 

Even if pgp (or any) encryption is currently unbreakable, it's silly to think that it is future proof. 

So, what I would do - if I wanted to know the contents of every human communication transmitted by electromagnetic radiation, and some of it was encrypted and unbreakable, and I had unlimited resources: store that stuff until such time as it became breakable. This is probably within the realm of possibility.

On Wed, Sep 18, 2013 at 9:49 AM, Rich Freeman <> wrote:
On Wed, Sep 18, 2013 at 9:35 AM, Aaron Mulder
<> wrote:
> On Wed, Sep 18, 2013 at 9:15 AM, Rich Freeman <> wrote:
>> If they have a goal of cracking 256-bit AES, and they're spending
>> billions on a supercomputer to implement it, then I think there is a
>> pretty high likelihood that they know of a weakness in the cipher that
>> they can exploit.
> On the other hand, you really have to ask yourself, if they could
> break AES-256, why would they say so?  If they're going out of their
> way to convince you NOT to use it, maybe it's *because* they can't
> crack it?

That thought crossed my mind which is why I was surprised they put
something like that on a webpage.  That does tend to make me think
that this is a cover for something else.  I'm not sure what other
problems are so demanding of supercomputer time - it could just be for
a cipher other than AES - perhaps one that everybody is likely to
switch to if they shun AES.

> (His other advice was to avoid ECC because
> whoever provides the constants may be holding a "private key" allowing
> them to crack it, and the NSA provided the recommended constants.)

I'm not a cryptographer, but my understanding is that this concern is
limited to the ECC-based PRNG that the NSA developed.  Apparently NIST
just announced they're discouraging anybody else from using it for the
same reason.

The real challenge is that the NSA spends a LOT of money on
cryptography R&D.  The "academic world" for cryptography largely
exists behind closed doors.  For every paper published in a journal,
there may be 100 published in some NSA-only journal.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --