http://www.reuters.com/article/2013/11/25/us-usa-security-doomsday-idUSBRE9AO0Y120131125
So now we know why he's still alive.
Quote
Spies worry over "doomsday" cache stashed by ex-NSA contractor Snowden
(Reuters) - British and U.S. intelligence officials say they are worried about a "doomsday" cache of highly classified, heavily encrypted material they believe former National Security Agency contractor Edward Snowden has stored on a data cloud.
The cache contains documents generated by the NSA and other agencies and includes names of U.S. and allied intelligence personnel, seven current and former U.S. officials and other sources briefed on the matter said.
The data is protected with sophisticated encryption, and multiple passwords are needed to open it, said two of the sources, who like the others spoke on condition of anonymity to discuss intelligence matters.
The passwords are in the possession of at least three different people and are valid for only a brief time window each day, they said. The identities of persons who might have the passwords are unknown.
Spokespeople for both NSA and the U.S. Office of the Director of National Intelligence declined to comment.
One source described the cache of still unpublished material as Snowden's "insurance policy" against arrest or physical harm.
smart man!
Quote from: Mrs. Nigelson on November 26, 2013, 12:48:37 AM
smart man!
Well, if I were him, I'd be worried about the Brits.
If the CIA is after you, YOU'RE fine. Your NEIGHBOR is dead fucking meat.
I wouldn't be surprised if he didn't have a dead man switch on this. No activity on X for a certain amount and the files get automatically distributed world wide.
Quote from: Faust on November 26, 2013, 12:54:44 AM
I wouldn't be surprised if he didn't have a dead man switch on this. No activity on X for a certain amount and the files get automatically distributed world wide.
It would be the only way to do it, really. And 3 bad login attempts or so...
It's also the biggest and best lie to tell if you've got fuck all left in your bag of tricks.
Just seems worth noting. Multiple passwords, multiple people, "sophisticated encryption", time windows... something just seems off here.
Maybe he does have it, maybe he doesn't.
Given how badly botched Stunext was, and the most recent revelations that the NSA has been actively infecting thousands of computers with malware, it'd have to be pretty extraordinary though.
Quote from: Junkenstein on November 26, 2013, 08:43:55 AM
It's also the biggest and best lie to tell if you've got fuck all left in your bag of tricks.
Just seems worth noting. Multiple passwords, multiple people, "sophisticated encryption", time windows... something just seems off here.
The safety package for wikileaks is the same deal. It's not hard to repeatedly encrypt a folder, the worry would be if there is anything exploitable in the encryption he used.
Quote from: Faust on November 26, 2013, 09:40:49 AM
Quote from: Junkenstein on November 26, 2013, 08:43:55 AM
It's also the biggest and best lie to tell if you've got fuck all left in your bag of tricks.
Just seems worth noting. Multiple passwords, multiple people, "sophisticated encryption", time windows... something just seems off here.
The safety package for wikileaks is the same deal. It's not hard to repeatedly encrypt a folder, the worry would be if there is anything exploitable in the encryption he used.
This is part of what makes it seem so off. How many encryption systems have been shown to be NSA vulnerable? I'd suggest it to be pretty much all of them unless there's a bunch of individually made ones better than what is currently and openly available.
The other part of these safety packages is that the individuals who use them are very concerned with their own personal safety.They're using information that is apparently very important and damaging to protect themselves. Something about that sits badly with me. Withholding information/evidence is par for the course for governments. How can you preach about openness and integrity by using almost the exact same threats?
Speculation - Snowden and similar are more valuable alive than dead. Given how pervasive monitoring is, it's easier to have a few big names and monitor the public sympathetic to the cause. Profiling potential
problems domestic terrorists concerned citizens now to make life easier in the future.
As far as we know, PGP encryption is still not cracked by the NSA. RSA's looking shaky, but PGP is the tough stuff, and is readily available for anyone sufficiently geeky to install and run the programs, which Snowden most definitely is.
As far as we know, the NSA hasn't broken any of the current 'strong' encryption algorithms. There is speculation that they influenced a specific Random Number Generator based on elliptic curve crypto. The CC RNG is slow and only one of many options for RNG. Most systems don't use that library, but RSA's BSafe suite of crypto tools had that set as the default (which is fishy since its been suspect foryears and is slow).
If the system protecting Snowden's stuff is PGP/GPG or a home brew app using known good standard algorithms, then its as safe as anything else we know of at this point. In fact, NSA's attempt to influence and introduce non-randomness into new standards indicates that they likely haven't found a way around current crypto.
Unless they have a quantum computer...
If you don't have the capability to decipher everyone's secretest, most innermost privacy, convincing them you do is the next best thing
Quote from: Cain on November 26, 2013, 10:11:10 AM
As far as we know, PGP encryption is still not cracked by the NSA. RSA's looking shaky, but PGP is the tough stuff, and is readily available for anyone sufficiently geeky to install and run the programs, which Snowden most definitely is.
What's making me question a lot of this is partly this:
http://www.principiadiscordia.com/forum/index.php/topic,31946.0.html
I would assume that a considerable amount of further work has been done in this area so I'd have to guess at it being insecure just on probabilities. If not now, then soon certainly.
The other side is the rubber hose aspect. You're still trusting meat with information and there's nasty men with tenderisers. Say with a straight face the NSA has no idea who these "password holders" are.
Quote from: Junkenstein on November 26, 2013, 02:09:49 PM
Quote from: Cain on November 26, 2013, 10:11:10 AM
As far as we know, PGP encryption is still not cracked by the NSA. RSA's looking shaky, but PGP is the tough stuff, and is readily available for anyone sufficiently geeky to install and run the programs, which Snowden most definitely is.
What's making me question a lot of this is partly this:
http://www.principiadiscordia.com/forum/index.php/topic,31946.0.html
I would assume that a considerable amount of further work has been done in this area so I'd have to guess at it being insecure just on probabilities. If not now, then soon certainly.
The other side is the rubber hose aspect. You're still trusting meat with information and there's nasty men with tenderisers. Say with a straight face the NSA has no idea who these "password holders" are.
Rubber hose method is more likely than the NSA breaking PGP. Phil Zimmerman seems to think they have not yet found a weakness and I'd throw more weight on his views than unnamed sources and past employees... It seems likely that they may have built something specific to brute force some algorithms like the 3DES or AES128 Keyspace, maybe even AES-256, but I doubt they're breaking 2048 or 4096 bit keys like the ones used by PGP.
Its possible they found a flaw in asymmetric algorithms like those used by PGP, but since the government is still using those algorithms (and AES-256) it seems unlikely that they would be easily broken.