How The NSA Works Hard To Break Encryption Any Way It Can

from the brute-force dept

Mon, Dec 29th 2014 3:30pm — Mike Masnick

Spiegel has published a detailed article, relying mostly on documents that Ed Snowden leaked, looking at the many ways in which the NSA breaks encryption (and the few situations where it still has not been able to do so). As we've seen from previous leaks, the NSA stupidly treats encryption as a "threat."

And, sure, it is a "threat" to the way in which the NSA snoops on everything, but for the vast majority of users, it's a way to protect their privacy from snooping eyes. The report does reveal that certain encryption standards appear to still cause problems for the NSA, including PGP (which you already use for email, right?), OTR (used in some secure chat systems) and VoIP cryptography system ZRTP. Phil Zimmermann, who helped develop both PGP and ZRTP should be pretty damn proud of his achievements here.

As the report notes, the NSA has the most trouble around open source programs, because it's much more difficult to insert helpful backdoors:

Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism -- an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple -- show that the NSA's efforts appear to have been thwarted in these cases: "No decrypt available for this OTR message." This shows that OTR at least sometimes makes communications impossible to read for the NSA.

When it comes to non-open source systems, well, there the NSA has its ways in. In fact, the NSA seems rather proud of the fact that it can make "cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable."

The report also shows that VPNs are targeted by the NSA, and it has had a fair bit of luck in breaking many of them (especially those that rely on PPTP -- which has long been recognized as being insecure, but is still widely used by some VPN providers). However, it also shows that the NSA has been able to crack IPsec VPN connections as well. In short: your VPN probably isn't secure from the NSA if it wants in.

The NSA also has apparently been able to crack HTTPS connections, and does so regularly:

The NSA and its allies routinely intercept such connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month.

HTTPS is still a lot more secure against non-NSA-level hackers, but it certainly shows that it's not a perfect solution.

Another big reveal: the NSA has the ability (at least some of the time) to decrypt SSH (Secure Shell) which many of us use to access computers/servers remotely.

There's lots more in the article and in the many, many included documents (just a few of which are shown below). It's well worth reading.

However, the key point is that the NSA is working very, very hard to undermine key encryption systems used around the internet to keep people safe. And rather than sharing when those systems are cracked and helping to make them stronger, the NSA is exploiting those cracks to its own advantage. That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn't even remotely close to true.

Media 35532 (PDF)Media 35532 (Text)

Media 35533 (PDF)Media 35533 (Text)

Media 35531 (PDF)Media 35531 (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, gchq, nsa, otr, pgp, ssh, ssl, surveillance, zrtp

54 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That One Guy (profile), 29 Dec 2014 @ 2:15pm

Self-delusion and Arrogance
That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn't even remotely close to true.

The problem is, you're not thinking about it from their point of view. To a 'good employee'(that being any worker who is obedient and 'patriotic' enough to do what they are told) at the NSA, the agency is, without a doubt, at the very top of the list of 'Good Guys'. And since 'good guys' can never do wrong, than anything they do is, by default, 'good'.

Given they are breaking encryption in order to further their own efforts, and they are, remember, 'The Good Guys', then it follows that breaking encryption is a 'good' action in their minds, since 'Good guys' don't do 'bad things'.

Adding to the disconnect with reality, there's also a massive case of arrogance, where the idea that any individual or group could ever employ similarly skilled and intelligent individuals is seen as laughable. They're the NSA after all, with incredible resources in manpower, money, and skill, clearly even if they can spot and take advantage of a security weakness, it doesn't mean that anyone else can, and that means there's no need to fix it or not introduce it.

(The fact that the above is not even remotely close to reality is rather beyond them, due to the previously mentioned arrogance)

So between the self-delusion and arrogance, it's no wonder they see nothing wrong with weakening security globally, to them, they're still the Good Guys, and anything they do is also 'Good', despite reality saying otherwise.
[ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 12:19am
  
  Re: Self-delusion and Arrogance
  So, the NSA is the US Government equivalent of WWE tag-team faces?
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 1:35am
  
  Re: Self-delusion and Arrogance
  > And since 'good guys' can never do wrong, than anything they do is, by default, 'good'.
  
  http://tvtropes.org/pmwiki/pmwiki.php/Main/TautologicalTemplar
  [ link to this | view in chronology ]
- Bengie, 30 Dec 2014 @ 8:12am
  
  Re: Self-delusion and Arrogance
  I don't mind them attempting to break encryption, but I don't like them creating back doors.
  [ link to this | view in chronology ]
- Bengie, 30 Dec 2014 @ 8:12am
  
  Re: Self-delusion and Arrogance
  I don't mind them attempting to break encryption, but I don't like them creating back doors.
  [ link to this | view in chronology ]
Vidiot (profile), 29 Dec 2014 @ 3:16pm

Say what?
"... major threat to the NSA's ability to... defeat adversary malware..."

Thought their job was to create adversary malware.
[ link to this | view in chronology ]
- That One Guy (profile), 29 Dec 2014 @ 3:55pm
  
  Re: Say what?
  'Adversary' in this case is simply 'Not created by the NSA'. Malware they create isn't a problem from their point of view, even if it clearly is for everyone who has to deal with it.
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 6:31am
  
  Re: Say what?
  Must be a typo
  [ link to this | view in chronology ]
peter, 29 Dec 2014 @ 3:36pm

If you are innocent
If you have nothing to hide, you have nothing to encrypt.. Right?
[ link to this | view in chronology ]
- CharlieBrown, 30 Dec 2014 @ 1:00am
  
  Re: If you are innocent
  By that logic, whilst a criminal uses encryption, so does the guy looking at porn behind his wife's back!
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 6:33am
  
  Re: If you are innocent
  I guess corporations and governments have nothing to hide either......right?
  [ link to this | view in chronology ]
- PT (profile), 30 Dec 2014 @ 3:04pm
  
  Re: If you are innocent
  Y'know, as a consultant, almost every one of my clients makes me sign an NDA (non disclosure agreement)promising Draconian penalties if I disclose their valuable secrets to a third party. Yet when I offer them my public key and ask for theirs, they look at me in blank surprise. They have no concern about sending their valuable secret drawings and business plans in plain text on unencrypted email.
  
  So I guess innocence isn't about having nothing to hide. It's about being completely fucking clueless.
  [ link to this | view in chronology ]
- Anonymous Coward, 5 Jan 2015 @ 9:55am
  
  Re: If you are innocent
  ... assuming you're innocent, please post a publicly accessible link to your webcam, while already having pulled off your clothes. Shouldn't be much of a problem, i guess ...
  [ link to this | view in chronology ]
Anonymous Coward, 29 Dec 2014 @ 3:54pm

>OTR, PGP, ZRTP are secure

The only problem is getting other people to use them...
[ link to this | view in chronology ]
mvario (profile), 29 Dec 2014 @ 4:17pm

also…
Also, Jacob Appelbaum and Laura Poitras gave an accompanying talk yesterday at 31c3 that has now been posted to Youtube…

https://www.youtube.com/watch?v=0SgGMj3Mf88
[ link to this | view in chronology ]
Anonymous Coward, 29 Dec 2014 @ 4:17pm

Most people who have worked with IPSec (or were paying attention when it was created) will be extremely willing to go on and on about just how insanely difficult it is to set up IPSec properly.

There was a theory that the NSA was actually responsible for this - they couldn't undermine the crypto itself and so instead they pushed the design to be overly complicated and have as many extremely nuanced options as possible where only a few combinations would validly produce secure communications. There are several companies and products entirely built around doing the IPSec configuration so customers don't have to.

Regardless, I would still suggest that if IPSec is crackable by the NSA, it is not an inherent weakness in IPSec's cryptographic groundings but in all odds human error that is giving them a way in.
[ link to this | view in chronology ]
- Dan J. (profile), 30 Dec 2014 @ 4:05am
  
  Re:
  For whatever it's worth, I'm a network engineer who's set up a large number of IPSec connections and I strongly concur. Additionally, I'm really curious as to the details of cracking SSH. I'd be willing to wager that the sessions they're able to crack use small key sizes.
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 6:35am
  
  Re:
  That sounds like something i already thought they would do
  [ link to this | view in chronology ]
- John Fenderson (profile), 30 Dec 2014 @ 7:57am
  
  Re:
  "Most people who have worked with IPSec (or were paying attention when it was created) will be extremely willing to go on and on about just how insanely difficult it is to set up IPSec properly."
  
  This. This is the primary reason that I don't really trust IPSec. It's far too easy to get it wrong.
  [ link to this | view in chronology ]
4th Amendment, 29 Dec 2014 @ 6:32pm

VeraCrypt
The Spiegel article notes that TrueCrypt posed major difficulties for NSA, but that's only NSA level 4. NSA Level 5 is 100% unreadable by NSA.

The open-source TrueCrypt project is now continuing as the new open-source project VeraCrypt at https://veracrypt.codeplex.com/. Security improvements have been implemented and issues raised by the TrueCrypt code audit just before the TrueCrypt developers retired have been addressed. The 1.0e version is the current stable release, and the upcoming 1.0f version is currently in its third beta release. Both are available for download right now at https://veracrypt.codeplex.com/releases/view/132239

VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. "Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt".

A vulnerability in the bootloader was fixed on Windows and various optimizations were made to it as well. The developers added support for SHA-256 to the system boot encryption option and fixed a ShellExecute security issue as well.

Linux and Mac OS X users benefit from support for hard drives with sector sizes larger than 512. Linux on top of that got support for NTFS formatting of volumes.

The VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format due to VeraCrypt's security improvements. VeraCrypt believes that the old TrueCrypt format is too vulnerable to NSA attack and that it must now be abandoned - this is the philosophical point of difference between the VeraCrypt project and the competing Ciphershed project (CipherShed is staying with the old TrueCrypt format). A tool to convert TrueCrypt volumes to VeraCrypt format is being developed but is not yet available, so currently the conversion method involves copying unencrypted files from the (opened) legacy TrueCrypt container into the new VeraCrypt container.

http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternati ve.html - VeraCrypt a Worthy TrueCrypt Alternative

http://www.ghacks.net/2014/12/04/a-second-look-at-veracrypt-an-unofficial-truecrypt-succe ssor/ - A Second Look at VeraCrypt - An Unofficial TrueCrypt Successor
[ link to this | view in chronology ]
- McCrea (profile), 29 Dec 2014 @ 10:27pm
  
  Re: VeraCrypt
  That actually sounds like an advert by an NSA analyst.
  [ link to this | view in chronology ]
  - That One Guy (profile), 30 Dec 2014 @ 1:27am
    
    Re: Re: VeraCrypt
    It is listed as being open source, which apparently annoys the NSA to no end, so there is that in defense of the comment, assuming the open source bit is accurate.
    [ link to this | view in chronology ]
    - Ninja (profile), 30 Dec 2014 @ 7:50am
      
      Re: Re: Re: VeraCrypt
      Seems the source code is available https://veracrypt.codeplex.com/SourceControl/latest
      
      I don't have the tech expertise to see if it is the code being used but I guess it's ok.
      [ link to this | view in chronology ]
- John Fenderson (profile), 30 Dec 2014 @ 7:59am
  
  Re: VeraCrypt
  I'm still very, very suspicious of TrueCrypt and avoid it. I never got a good explanation for why the original authors advised everyone away from it. Until I know more, I'll take them at their word.
  [ link to this | view in chronology ]
Wikipedia expert needed, 29 Dec 2014 @ 7:17pm

Re: VeraCrypt
VeraCrypt needs a Wikipedia page - any Wikipedia experts here who can do this?
[ link to this | view in chronology ]
Anonymous Coward, 29 Dec 2014 @ 7:29pm

only 6000 tor nodes
I've toyed with starting up a tor node - just to be a good netizen. But 6000 is a manageable number for targeted attacks. If I start up a node, am I inviting every government in the world to compromise my network?
[ link to this | view in chronology ]
Anonymous Coward, 29 Dec 2014 @ 9:09pm

Hens, meet Fox
"...for years the NSA has insisted that it is helping to make encryption stronger to better protect the public."

See that fox hanging out by that hen house? He's just trying to protect the chickens. Honest!
[ link to this | view in chronology ]
Justme, 29 Dec 2014 @ 9:55pm

Is it Just me??
3 letter agencies destroying the very thing, they claim to be protecting, is starting to become the norm!
[ link to this | view in chronology ]
- That One Guy (profile), 30 Dec 2014 @ 1:26am
  
  Re: Is it Just me??
  No, it's not just you, they've been doing that for a good while now.
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 3:05am
  
  Re: Is it Just me??
  "Claim" is the word. 3 letter agencies are big liars.
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Dec 2014 @ 6:42am
  
  Re: Is it Just me??
  If it was'nt the norm, then i'd be hard pressed to explain the global rise in pissed off people
  [ link to this | view in chronology ]
Anonymous Coward, 30 Dec 2014 @ 2:14am

Wouldn't it have been more helpful if Techdirt had been writing about the NSA back before the NSA broke off its "arrangement" with Google?

Yeah, that would have been nice.
[ link to this | view in chronology ]
- That One Guy (profile), 30 Dec 2014 @ 3:08am
  
  Re:
  Oh, you mean before the Snowden leaks, where any discussion of what they might be doing could be easily dismissed as paranoia or baseless conjecture? Yeah, can't imagine why they didn't jump on that opportunity... /s
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Dec 2014 @ 6:44am
    
    Re: Re:
    Put your tinfoil hat back o........oh wait, i cant use that anymore
    [ link to this | view in chronology ]
Ninja (profile), 30 Dec 2014 @ 2:36am

Even if they can decrypt some of the encrypted alternatives out there (that haven't got backdoors) they need horsepower to do it. If the usage is widespread at the very last we can make it hurt financially to grab them all.
[ link to this | view in chronology ]
- That One Guy (profile), 30 Dec 2014 @ 3:21am
  
  Re:
  And that, really, is the best that can be attained realistically. If a government agency, Intelligence or otherwise, really wants to know what's in the emails, calls, or other communications you're sending, they will be able to do so. It might take them a little bit of time and effort, but if they're really that interested in you, they will manage it.
  
  Encryption doesn't really do squat there. It'll slow them down a bit, but that's about it. What encryption does do, is make them work for it. If they have a real reason to be looking into your data, then that work will be seen as worth it.
  
  However, if they're just curious, or 'merely' trying to scoop up everything they can, 'Just in case', then that extra bit of effort might very well be enough to keep your communications private, as they only have so many resources to spend, and using them to decrypt random bits of data is something they would have trouble justifying.
  
  It's almost funny when you think about it, encryption's main use is to protect the innocent, completely turning on it's head the argument used against it, the ever so popular, 'If you've done nothing wrong, you have nothing to hide'. In the case of encryption, hiding won't do you much good if you're guilty, but if you're innocent, it will do quite a bit in protecting you.
  [ link to this | view in chronology ]
  - Ninja (profile), 30 Dec 2014 @ 6:02am
    
    Re: Re:
    I wouldn't say it's completely breakable. There are protocols out there that are still secure even though I can't name 'em. But eventually everything will be breakable given enough horsepower and we know computers will always get to this tipping point.
    
    The solution here is to keep improving the existing solutions and develop new ones to keep up with the pace. I particularly like the name the dev gave to PGP. Encryption is pretty good bu never perfect. In this case perfection is achieved by constant evolution and openness.
    [ link to this | view in chronology ]
    - Anonymous Coward, 30 Dec 2014 @ 6:58am
      
      Re: Re: Re:
      What about a system built upon detection, if thats even possible.......i think one of the biggest reasons these abc criminals really want this, is because its essentially undetectable by non techies, if even techs themselves
      [ link to this | view in chronology ]
    - Dan J. (profile), 30 Dec 2014 @ 7:43am
      
      Re: Re: Re:
      That depends on what you mean by "breakable." Many of the current algorithms are essentially unbreakable in that if you had every computer in existence working on them it would still take longer than the existence of the universe to brute force them. Whether this results in absolute security, however, depends upon a large enough key, the key being random, the software implementation of the algorithm not containing exploitable bugs, etc. Those are mighty big assumptions. But if you're reasonably smart about crypto and use reasonable practices, you can encrypt things now and through the foreseeable future which neither the NSA nor anyone else will be able to read by breaking the encryption. That doesn't mean the NSA won't get your communications, however. A key can get compromised. In order for your recipient to read the message, they have to decrypt it and the system doing the decryption can be compromised and the plain text exposed. Etc. In other words, there are many avenues of attack other than just breaking the encryption and the NSA is quite good at all of them. So if you're saying that any communication can conceivably be compromised, then yes, I agree. But if you're saying that any method of encryption can be directly broken given enough computer horsepower, then I'd strongly believe that to be incorrect. If it IS correct, then the NSA has made some startling and revolutionary advances in the field of mathematics which would shock the world.
      [ link to this | view in chronology ]
  - Anonymous Coward, 30 Dec 2014 @ 6:55am
    
    Re: Re:
    Yes, but you still have to think about what their variable definition of "worth it" entails........and depending on the definition aswell as the illegality of the implementation of an illegal system, they'll be basically running in the same capacity as criminals, while all thats done by folks, is, lets make it more difficult
    
    Dont get me wrong, i apply to the ideaology of "somethings better then nothing", but i hope thats just a pre-cursor to real change on their end, either honest remorse as opposed to more lies.....or forced by a nation
    [ link to this | view in chronology ]
- nasch (profile), 30 Dec 2014 @ 8:12am
  
  Re:
  "If the usage is widespread at the very last [sic] we can make it hurt us financially to grab them all."
  
  FTFY - since this is tax funded agency.
  [ link to this | view in chronology ]
  - That One Guy (profile), 30 Dec 2014 @ 2:08pm
    
    Re: Re:
    If the public is going to be paying either way, I'd rather the cost be measured in monetary terms than privacy ones. One of those is replaceable, the other isn't.
    [ link to this | view in chronology ]
    - nasch (profile), 30 Dec 2014 @ 3:04pm
      
      Re: Re: Re:
      If the public is going to be paying either way, I'd rather the cost be measured in monetary terms than privacy ones. One of those is replaceable, the other isn't.
      
      But if all we do is make it more expensive for the NSA to spy on us, we're being hurt in both ways. We're paying them even more to take away our privacy.
      [ link to this | view in chronology ]
      - That One Guy (profile), 31 Dec 2014 @ 4:10am
        
        Re: Re: Re: Re:
        Well, ideally they would be shut down, or at least forced to stop trying to screw over the public every which way they can think of, but until that happens, making their job more difficult, and hopefully protecting the privacy of people who would have had their information scooped up, listed, categorized and stored, is about as good as the public can manage at this time.
        [ link to this | view in chronology ]
- kog999, 30 Dec 2014 @ 8:19am
  
  Re:
  "widespread at the very last we can make it hurt the Tax Payer financially to grab them all."
  
  FTFY
  [ link to this | view in chronology ]
nasch (profile), 30 Dec 2014 @ 8:14am

HTTPS
HTTPS is still a lot more secure against non-NSA-level hackers, but it certainly shows that it's not a perfect solution.

Anybody know if there's work on a more secure protocol?
[ link to this | view in chronology ]
- John Fenderson (profile), 30 Dec 2014 @ 1:22pm
  
  Re: HTTPS
  There's a lot of thought about such a thing, but it's an incredibly hard nut to crack -- and would be even harder to get websites to adopt whatever the solution would be. Look how insanely long it's taken just to get websites to use HTTPS!
  
  Right now, it looks like the path of least resistance may be a solution based primarily on IPv6 and DNSSEC, but having those baseline technologies in place is still years away.
  [ link to this | view in chronology ]
- Anonymous Coward, 31 Dec 2014 @ 8:20am
  
  Re: HTTPS
  HTTPS, when implemented properly with strong algorithms, strong key sizes, sufficient entropy pools, and a cryptographically secure pseudorandom number generator, on hardware and software without backdoors, is plenty secure.
  
  But that's a lot of caveats to avoid, and most people either can't be bothered or have to have a less secure fallback (particularly in algorithms) for compatibility with legacy software. Even Microsoft recommends that RC4 be dropped, yet it's still widely used in HTTPS, even with clients that support newer, more secure algorithms.
  [ link to this | view in chronology ]
  - Anonymous Coward, 31 Dec 2014 @ 8:24am
    
    Re: Re: HTTPS
    Doh, forgot about the certificate authority chain.
    
    Ignore the preceding post; even if all the configuration details are correct, the authority chain is still vulnerable.
    [ link to this | view in chronology ]
tqk (profile), 30 Dec 2014 @ 11:37am

Terrific article from der Spiegel!
I read this article a couple of days ago, and since then I've been pretty much stumbling around stupified. I wander into another room and five minutes later find myself standing up against a wall wondering how I got there and when. Where the hell did all this totalitarianism come from all of a sudden? IPSec and ssh cracked?!?

I don't see this stuff when I go outside my little apartment, but it seems everywhere I go on-line is wrapping me up in a tight ball coated with an amalgam of NSA + Nazi SS + Soviet KGB + MI6 + Orwell's 1984 + ... outright and blatantly assaulting each and every one of us every second we're on-line. The VPN that recent employers put in place to secure their networks and my and others' work on them was all just a charade. Every time I logged into on-line banking was no more secure and private as clear text to any potential totalitarian prying eye control freak.

Who the hell is pulling the lever here, and why are they pulling it, and why are they getting away with this? Whose crazy idea is it that life is supposed to be like this?

I believe the article also pointed out the crackers still have trouble with tor (I'm not sure whether you mentioned it). Good! Get everyone you know up to speed on it as fast as they can, before it's too late.

I'm assuming it's not already too late. It's all we appear to have left.
[ link to this | view in chronology ]
- John Fenderson (profile), 30 Dec 2014 @ 1:26pm
  
  Re: Terrific article from der Spiegel!
  "IPSec and ssh cracked?!?"
  
  The documents don't actually indicate that these have been cracked. They indicate that they have often been circumvented by the NSA obtaining private keys. IPSec should, as always, be avoided simply because it's easy to configure it wrong (rendering it vulnerable), but SSL itself is still apparently mathematically solid. The lesson I take is what we've already known: don't trust any communication where you have to trust a third party to keep a secret.
  [ link to this | view in chronology ]
Anonymous Coward, 30 Dec 2014 @ 12:12pm

Glad I use OpenVPN instead of PPTP or IPsec. It's good to know Phil Zimmermann's PGP and ZRTP encryption designs still appear secure.

HTTPS has the potential to be secure too, if it didn't rely on centralized certificate authorities. The big worry is a Certificate Authority's signing key being stolen or handed over voluntarily. If your web browser trusts that Certificate Authority's signing key, you're toast.

At which point nation-state sponsored man-in-the-middle attacks can deployed, using that Certificate Authority's signing key to sign any website address they want.

Allowing them to redirect web surfers to NSA HTTPS website proxy servers posing as a legitimate website. These HTTPS proxies sit in the middle of the connection, decrypting and logging all data before finally forwarding it on to the legitimate website.

I believe TURMOIL is the NSA exploit running these man-in-the-middle HTTPS attacks, by intercepting "CA Service Requests". As illustrated in this NSA slide. TURMOIL sits between the client, web server, and Certificate Authority. Acting as a man-in-the-middle proxy.

https://en.wikipedia.org/wiki/File:NSA-diagram-001.jpg

When a client requests the public key for TechDirt.com, TURMOIL returns a public key for the NSA proxy server instead. The client believes the NSA proxy server's public key belongs to Techdirt.com, because it's signed with a Certificate Authority's signing key trusted by the client's web browser.
[ link to this | view in chronology ]
Anonymous Coward, 30 Dec 2014 @ 2:20pm

Thanks mvario, for posting the link for Laura Poitras and Jacob Appelbaum addressing the Chaos Computer Club on YouTube. Their talk goes into really deep details about how intelligence agencies are creating dossiers on people. They actually present a FISC document detailing the content captured from people's communications.

https://www.youtube.com/watch?v=0SgGMj3Mf88
[ link to this | view in chronology ]
Been There, Done That, 4 Jan 2015 @ 7:01pm

VeraCrypt's Wikipedia page is up!
https://en.wikipedia.org/wiki/VeraCrypt
[ link to this | view in chronology ]