zlacker

[return to "Inside the NSA's War on Internet Security"]
1. revela+95[view] [source] 2014-12-28 22:00:09
>>Fabian+(OP)
I mostly read this thinking "good news". No, seriously, the documents suggest that the NSA hasn't made fundamentally important advances in decryption or uncovered significant weaknesses that academia doesn't know about. Now, that's not too much of a reassurance, because what academia (and the NSA) know is that HTTPS is in pretty terrible state, end-point security remains a significant problem, IPSec is a terrible protocl and so on.

It does raise the question what all the mathematicians are doing at NSA, and why they don't seem to have come up with any meaningful results. Suggests they are a waste of money, but then that's all of the NSA.

I suggest all of you check the original material (powerpoints w/ screenshots). A lot of people here suffer from the action movie mentality where they think the NSA is not like any other government agency, i.e. inefficient, behind the times, filled with horrible middle managers, deadweight, .. you get the idea. Things like the enterprise Java web interface, the CSV mass data export and "genericIPSec_wrapper.pl" can quickly dispel that myth.

◧◩
2. EthanH+L5[view] [source] 2014-12-28 22:12:23
>>revela+95
Or at the very least they have compartmentalized serious mathematical cryptanalytic capabilities.

For instance:

* We know that the NSA has a novel md5 collision capability since they have used it in their malware. None of the Snowden docs, that I have seen, have talked about this.

* It is likely based on public research that the NSA can break 1024-bit RSA, but this has not showed up in the documents either.

My personal belief is that we are missing compartments dealing with cryptanalysis because Snowden did not have access to them. His work and access were focused on Computer Network Operations and not cryptanalysis.

◧◩◪
3. dogma1+a6[view] [source] 2014-12-28 22:20:32
>>EthanH+L5
I would not see any news organizations publishing any leaked document relating to actual technical capabilities. I don't even think that Snowden shared them with the reporters, the only ones who probably seen the besides Snowden are the FSB officers who "debriefed" him once he arrived in Russia. That's actually the thing that worries me the most about this incident, Snowden him self said that he kept the truely "nasty" stuff safe to be released in case something happens to him. But while he might not shared this with the press anyone who thinks he didn't had to buy his freedom in Russia with the full uncensored documents is fooling him self. This means that if he had any operational documents Russia and it's allies (N. Korea, Iran, China) just got a free upgrade to their own computer and communication intelligence apparatus. While people might not like their privacy being violated for the most part the NSA uses it's capabilities against unquestionably bad people, while in places like Russia and Iran it will be used against anything from reporters to political activists with much more severe consequences.
[go to top]