Deep packet inspection in the USA?

[Bebek Sincap Ratatosk]

For what it's worth, there *is* a history of NSA backdooring of production cryptography tech. That said, the last I have heard of that was something in the mid-nineties for *hardware crypto devices*, and there was such a stink about that that I can't see the NSA bothering with it again. Furthermore, it isn't as though the internet is americans-only; to my knowledge, encryption standards cannot be controlled (I have no idea if that 'crypto is munitions' thing is still around, but I know that it was gotten around back in the day).

That said, I have minimal knowledge and minimal interest in cryptography. Ratatosk and 000 are most likely to be riding the correct motorcycle, and if some of what I am posting is BS, let it be reasonably clear that it's probably because I suck at crypto and am not phrasing this stuff right.

Backdoors in crypto have existed in the past... or at least potential backdoors. Dual_EC_DRBG was a random number generator pushed as a standard by NSA. Within a year or so of it coming out, cryptanalysis showed a bais in number selection which gave a strong supporting argument to the people saying the NSA was pushing the algorithm for their own reasons (it was slow and icky to begin with).

The Windows Crypto API was also strongly suspect for awhile (NT4 days I think), based on some flaws which could constitute a backdoor, if the flaws were intentional.

There were machines produced in Sweden or Denmark or somewhere like that which there was strong evidence to support that the NSA may have been putting a number of backdoors in, based on the country the product was gonna go to.

Again, no confirmation for any of this... it could all have simply been bad implementations. It could also have been the NSA. Lots of coincidences don't mean it WAS the NSA, but lots of coincidences shouldn't be ignored. It's most illuminating, however, to note three things:

1) Out of all of the potential NSA backdoors that are known, one appears to have been successful for a long period of time. That was the hardware machines, which were proprietary and NOT peer-reviewed.

2) None of these systems were OPEN. Good Crypto uses open algorithms and open implementations. If the world can see the code and still can't break the crypto, then you've maybe got something.

3) Cryptanalysis found the issues in Windows Cryto API and Dual_EC_DRBG. Backdoors in crypto are almost always reliant on tricks in math... math that can be tested outside the system by others. In short, its very difficult and likely to be found.

In short, the NSA might have Super Quantum Computer with a magical wireless backdoor to every PGP install on the planet. The NSA may also be in contact with aliens.

I would say that its more likely they're chatting with Ford Prefect than looking around inside PGP encrypted messages. 

[Rococo Modem Basilisk]

From what I understand, Quantum Computers are *in theory* potentially more useful for brute forcing because they can more easily parallelize permutation-type operations. That said, AFAIK we don't have quantum computers on the cutting edge of lab development that can do the kind of computation that your freebie desk calculator can.

[Bebek Sincap Ratatosk]

From what I understand, Quantum Computers are *in theory* potentially more useful for brute forcing because they can more easily parallelize permutation-type operations. That said, AFAIK we don't have quantum computers on the cutting edge of lab development that can do the kind of computation that your freebie desk calculator can.

Correct.

Of course the actual EXISTING cool quantum crypto stuff lies in key exchange. There's a system available right now which utilizes quantum entanglement to provide the shared key to the other side. This is cool because there isn't really a 'channel' for a man-in-the-middle and ... even if there was a man-in-the-middle, by looking at it he would change the eigenstate and the sender/receivers would KNOW someone peeked at their key exchange.

In simple, there are two boxes with a bunch of entangled quanta. (Q1 is entangled with Q1 in the other box etc). Each q is a bit (qbit), each bit is either spinning up, or spinning down... Up and Down is a binary choice so Up can stand for 1 and down can stand for 0 (or vice versa). If we change the pattern in box A, the pattern changes in box B. This provides us a way to send and receive keys for encryption through quantum entanglement. The only requirement is that you have qbits equal to the bit-length of the key you want to use.

In theory you could send any key this way, but given its particular advantages, it actually makes One time Pads feasible for communication... without having to eat the paper.

[Requia ☣]

Quantum brute forcing is easy to account for.  Just use a 2048 bit key instead of 1024.  (or 4096, whatever).  that said, I don't think 1024 will be secure enough in 10-15 years, even without quantum, long term secrets need vastly better encryption.

[Requia ☣]

Also, if you people are going to start encrypting, how should we do a key exchange?

[Bebek Sincap Ratatosk]

Quantum brute forcing is easy to account for.  Just use a 2048 bit key instead of 1024.  (or 4096, whatever).  that said, I don't think 1024 will be secure enough in 10-15 years, even without quantum, long term secrets need vastly better encryption.

If Quantum Computing really breaks out... I doubt 2048 would even be much of a bump. Elliptic Curve encryption or another scheme that doesn't rely on 'hard' problems like factoring large primes will probably be necessary.

Also, if you people are going to start encrypting, how should we do a key exchange?

Well, with PGP/GPG it has to do with a level of trust. So we can create a Public and Private Keypair, post the public ones here and everyone can get a copy of each others Public Key. In a perfect world, we would all get together, or at least in subgroups and verify each key individually. That doesn't seem likely here. PGP/GPG does have an additional feature of a fingerprint which can be used to id the key via communication... then trust is based on the trust that you were really communicating with the person in question.

I think I'll start a new thread for GPG/PGP keys with a maybe with a quick "Here's what to do" at the top....

[Cain]

Good idea.  I included something like PGP for Dummies with the Rogue Discordian download, but I have been less than stellar when it comes to learning the material.

Also, when it comes to Windows and flaws, I did hear the Russians thought Microsoft were putting in "flaws" into the computers sent to them in the mid-90s at the behest of the NSA.  Now, this could be the usual Russian paranoia, or it could not be, I don't have the exact reports in front of me, and read them quite a while ago.  I do know that at least one shipment was also interrupted and bugged en route to Moscow by the CIA, however.

Apparently, this is when the Russians got really interested in Linux and its more practical advantages over Windows....

[Triple Zero]

Backdoors in crypto have existed in the past... or at least potential backdoors. Dual_EC_DRBG was a random number generator pushed as a standard by NSA. Within a year or so of it coming out, cryptanalysis showed a bais in number selection which gave a strong supporting argument to the people saying the NSA was pushing the algorithm for their own reasons (it was slow and icky to begin with).

The Windows Crypto API was also strongly suspect for awhile (NT4 days I think), based on some flaws which could constitute a backdoor, if the flaws were intentional.

was this the one where the RNG had some theoretical pair of numbers that would be incredibly hard to figure out giving just the algorithm, but would totally break the security if someone knew this pair of numbers?

also, TIME IS RUNNING OUT:

http://www.schneier.com/blog/archives/2009/07/nsa_building_ma.html

at least, if we assume the paranoid scenario, what is the NSA going to do with all this computing power that just happens to be near major communications nodes? protect the public, surely

[Bebek Sincap Ratatosk]

Key Thread: http://www.principiadiscordia.com/forum/index.php?topic=21479.0

TZ: I think that was the RND issue in fact.

Cain: Yeah, I have no doubt that international espionage has often tried to include back doors etc in specific situations. Of course, in almost all of these instances it's been with secret closed source solutions, where no one can get in and verify what's going on. 

YAY CRYPTO!

[fomenter]

I think I'll start a new thread for GPG/PGP keys with a maybe with a quick "Here's what to do" at the top....

don't skimp on the crypto for dummies aspect if you just type in a bunch of acronyms (most crypto discussions degenerate into) it wont help much

"first DMF your SR5 Packet in your BRD node bla bla bla ETC...'

[Bebek Sincap Ratatosk]

I think I'll start a new thread for GPG/PGP keys with a maybe with a quick "Here's what to do" at the top....

don't skimp on the crypto for dummies aspect if you just type in a bunch of acronyms (most crypto discussions degenerate into) it wont help much

"first DMF your SR5 Packet in your BRD node bla bla bla ETC...'

http://www.principiadiscordia.com/forum/index.php?topic=21479.0


Crypto For Dummies enough, or need a rewrite, clarification?

[fomenter]

i will try to down load gnupg and follow them and see..


the first problem i hit is the gnupg site is written in acronyms ??  and it doesn't say if it works on vista or not, and the download doesn't have a run file for installation and i cant figure out how to install it ..  i may just be to low tec to make this stuff work.

[fomenter]

i tried drinking coffee and attempted it again same problem i guess i am cryptography fail how do you install - run gnupg??

[Bebek Sincap Ratatosk]

ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe

click that link, then run the executable.

Then install FireGPG:

http://getfiregpg.org/s/install

and restart Firefox.

Go to the Tools section, FireGPG and start the Key Manager. Create a new set of keys via the little wizard and you should be good to go.

[fomenter]

the first link seems to be broken?