How The NSA Works Hard To Break Encryption Any Way It Can
from the brute-force dept
Spiegel has published a detailed article, relying mostly on documents that Ed Snowden leaked, looking at the many ways in which the NSA breaks encryption (and the few situations where it still has not been able to do so). As we've seen from previous leaks, the NSA stupidly treats encryption as a "threat."As the report notes, the NSA has the most trouble around open source programs, because it's much more difficult to insert helpful backdoors:
Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism -- an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple -- show that the NSA's efforts appear to have been thwarted in these cases: "No decrypt available for this OTR message." This shows that OTR at least sometimes makes communications impossible to read for the NSA.When it comes to non-open source systems, well, there the NSA has its ways in. In fact, the NSA seems rather proud of the fact that it can make "cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable."
The NSA also has apparently been able to crack HTTPS connections, and does so regularly:
The NSA and its allies routinely intercept such connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month.HTTPS is still a lot more secure against non-NSA-level hackers, but it certainly shows that it's not a perfect solution.
Another big reveal: the NSA has the ability (at least some of the time) to decrypt SSH (Secure Shell) which many of us use to access computers/servers remotely.
There's lots more in the article and in the many, many included documents (just a few of which are shown below). It's well worth reading.
However, the key point is that the NSA is working very, very hard to undermine key encryption systems used around the internet to keep people safe. And rather than sharing when those systems are cracked and helping to make them stronger, the NSA is exploiting those cracks to its own advantage. That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn't even remotely close to true.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, gchq, nsa, otr, pgp, ssh, ssl, surveillance, zrtp
Reader Comments
Subscribe: RSS
View by: Time | Thread
Self-delusion and Arrogance
The problem is, you're not thinking about it from their point of view. To a 'good employee'(that being any worker who is obedient and 'patriotic' enough to do what they are told) at the NSA, the agency is, without a doubt, at the very top of the list of 'Good Guys'. And since 'good guys' can never do wrong, than anything they do is, by default, 'good'.
Given they are breaking encryption in order to further their own efforts, and they are, remember, 'The Good Guys', then it follows that breaking encryption is a 'good' action in their minds, since 'Good guys' don't do 'bad things'.
Adding to the disconnect with reality, there's also a massive case of arrogance, where the idea that any individual or group could ever employ similarly skilled and intelligent individuals is seen as laughable. They're the NSA after all, with incredible resources in manpower, money, and skill, clearly even if they can spot and take advantage of a security weakness, it doesn't mean that anyone else can, and that means there's no need to fix it or not introduce it.
(The fact that the above is not even remotely close to reality is rather beyond them, due to the previously mentioned arrogance)
So between the self-delusion and arrogance, it's no wonder they see nothing wrong with weakening security globally, to them, they're still the Good Guys, and anything they do is also 'Good', despite reality saying otherwise.
[ link to this | view in thread ]
Say what?
Thought their job was to create adversary malware.
[ link to this | view in thread ]
If you are innocent
[ link to this | view in thread ]
The only problem is getting other people to use them...
[ link to this | view in thread ]
Re: Say what?
[ link to this | view in thread ]
also…
https://www.youtube.com/watch?v=0SgGMj3Mf88
[ link to this | view in thread ]
There was a theory that the NSA was actually responsible for this - they couldn't undermine the crypto itself and so instead they pushed the design to be overly complicated and have as many extremely nuanced options as possible where only a few combinations would validly produce secure communications. There are several companies and products entirely built around doing the IPSec configuration so customers don't have to.
Regardless, I would still suggest that if IPSec is crackable by the NSA, it is not an inherent weakness in IPSec's cryptographic groundings but in all odds human error that is giving them a way in.
[ link to this | view in thread ]
VeraCrypt
The open-source TrueCrypt project is now continuing as the new open-source project VeraCrypt at https://veracrypt.codeplex.com/. Security improvements have been implemented and issues raised by the TrueCrypt code audit just before the TrueCrypt developers retired have been addressed. The 1.0e version is the current stable release, and the upcoming 1.0f version is currently in its third beta release. Both are available for download right now at https://veracrypt.codeplex.com/releases/view/132239
VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. "Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt".
A vulnerability in the bootloader was fixed on Windows and various optimizations were made to it as well. The developers added support for SHA-256 to the system boot encryption option and fixed a ShellExecute security issue as well.
Linux and Mac OS X users benefit from support for hard drives with sector sizes larger than 512. Linux on top of that got support for NTFS formatting of volumes.
The VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format due to VeraCrypt's security improvements. VeraCrypt believes that the old TrueCrypt format is too vulnerable to NSA attack and that it must now be abandoned - this is the philosophical point of difference between the VeraCrypt project and the competing Ciphershed project (CipherShed is staying with the old TrueCrypt format). A tool to convert TrueCrypt volumes to VeraCrypt format is being developed but is not yet available, so currently the conversion method involves copying unencrypted files from the (opened) legacy TrueCrypt container into the new VeraCrypt container.
http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternati ve.html - VeraCrypt a Worthy TrueCrypt Alternative
http://www.ghacks.net/2014/12/04/a-second-look-at-veracrypt-an-unofficial-truecrypt-succe ssor/ - A Second Look at VeraCrypt - An Unofficial TrueCrypt Successor
[ link to this | view in thread ]
Re: VeraCrypt
[ link to this | view in thread ]
only 6000 tor nodes
[ link to this | view in thread ]
Hens, meet Fox
See that fox hanging out by that hen house? He's just trying to protect the chickens. Honest!
[ link to this | view in thread ]
Is it Just me??
[ link to this | view in thread ]
Re: VeraCrypt
[ link to this | view in thread ]
Re: Self-delusion and Arrogance
[ link to this | view in thread ]
Re: If you are innocent
[ link to this | view in thread ]
Re: Is it Just me??
[ link to this | view in thread ]
Re: Re: VeraCrypt
[ link to this | view in thread ]
Re: Self-delusion and Arrogance
http://tvtropes.org/pmwiki/pmwiki.php/Main/TautologicalTemplar
[ link to this | view in thread ]
Yeah, that would have been nice.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Is it Just me??
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Encryption doesn't really do squat there. It'll slow them down a bit, but that's about it. What encryption does do, is make them work for it. If they have a real reason to be looking into your data, then that work will be seen as worth it.
However, if they're just curious, or 'merely' trying to scoop up everything they can, 'Just in case', then that extra bit of effort might very well be enough to keep your communications private, as they only have so many resources to spend, and using them to decrypt random bits of data is something they would have trouble justifying.
It's almost funny when you think about it, encryption's main use is to protect the innocent, completely turning on it's head the argument used against it, the ever so popular, 'If you've done nothing wrong, you have nothing to hide'. In the case of encryption, hiding won't do you much good if you're guilty, but if you're innocent, it will do quite a bit in protecting you.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
The solution here is to keep improving the existing solutions and develop new ones to keep up with the pace. I particularly like the name the dev gave to PGP. Encryption is pretty good bu never perfect. In this case perfection is achieved by constant evolution and openness.
[ link to this | view in thread ]
Re: Say what?
[ link to this | view in thread ]
Re: If you are innocent
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Is it Just me??
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
Dont get me wrong, i apply to the ideaology of "somethings better then nothing", but i hope thats just a pre-cursor to real change on their end, either honest remorse as opposed to more lies.....or forced by a nation
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: VeraCrypt
I don't have the tech expertise to see if it is the code being used but I guess it's ok.
[ link to this | view in thread ]
Re:
This. This is the primary reason that I don't really trust IPSec. It's far too easy to get it wrong.
[ link to this | view in thread ]
Re: VeraCrypt
[ link to this | view in thread ]
Re: Self-delusion and Arrogance
[ link to this | view in thread ]
Re: Self-delusion and Arrogance
[ link to this | view in thread ]
Re:
FTFY - since this is tax funded agency.
[ link to this | view in thread ]
HTTPS
Anybody know if there's work on a more secure protocol?
[ link to this | view in thread ]
Re:
FTFY
[ link to this | view in thread ]
Terrific article from der Spiegel!
I don't see this stuff when I go outside my little apartment, but it seems everywhere I go on-line is wrapping me up in a tight ball coated with an amalgam of NSA + Nazi SS + Soviet KGB + MI6 + Orwell's 1984 + ... outright and blatantly assaulting each and every one of us every second we're on-line. The VPN that recent employers put in place to secure their networks and my and others' work on them was all just a charade. Every time I logged into on-line banking was no more secure and private as clear text to any potential totalitarian prying eye control freak.
Who the hell is pulling the lever here, and why are they pulling it, and why are they getting away with this? Whose crazy idea is it that life is supposed to be like this?
I believe the article also pointed out the crackers still have trouble with tor (I'm not sure whether you mentioned it). Good! Get everyone you know up to speed on it as fast as they can, before it's too late.
I'm assuming it's not already too late. It's all we appear to have left.
[ link to this | view in thread ]
HTTPS has the potential to be secure too, if it didn't rely on centralized certificate authorities. The big worry is a Certificate Authority's signing key being stolen or handed over voluntarily. If your web browser trusts that Certificate Authority's signing key, you're toast.
At which point nation-state sponsored man-in-the-middle attacks can deployed, using that Certificate Authority's signing key to sign any website address they want.
Allowing them to redirect web surfers to NSA HTTPS website proxy servers posing as a legitimate website. These HTTPS proxies sit in the middle of the connection, decrypting and logging all data before finally forwarding it on to the legitimate website.
I believe TURMOIL is the NSA exploit running these man-in-the-middle HTTPS attacks, by intercepting "CA Service Requests". As illustrated in this NSA slide. TURMOIL sits between the client, web server, and Certificate Authority. Acting as a man-in-the-middle proxy.
https://en.wikipedia.org/wiki/File:NSA-diagram-001.jpg
When a client requests the public key for TechDirt.com, TURMOIL returns a public key for the NSA proxy server instead. The client believes the NSA proxy server's public key belongs to Techdirt.com, because it's signed with a Certificate Authority's signing key trusted by the client's web browser.
[ link to this | view in thread ]
Re: HTTPS
Right now, it looks like the path of least resistance may be a solution based primarily on IPv6 and DNSSEC, but having those baseline technologies in place is still years away.
[ link to this | view in thread ]
Re: Terrific article from der Spiegel!
The documents don't actually indicate that these have been cracked. They indicate that they have often been circumvented by the NSA obtaining private keys. IPSec should, as always, be avoided simply because it's easy to configure it wrong (rendering it vulnerable), but SSL itself is still apparently mathematically solid. The lesson I take is what we've already known: don't trust any communication where you have to trust a third party to keep a secret.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
https://www.youtube.com/watch?v=0SgGMj3Mf88
[ link to this | view in thread ]
Re: If you are innocent
So I guess innocence isn't about having nothing to hide. It's about being completely fucking clueless.
[ link to this | view in thread ]
Re: Re: Re:
But if all we do is make it more expensive for the NSA to spy on us, we're being hurt in both ways. We're paying them even more to take away our privacy.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: HTTPS
But that's a lot of caveats to avoid, and most people either can't be bothered or have to have a less secure fallback (particularly in algorithms) for compatibility with legacy software. Even Microsoft recommends that RC4 be dropped, yet it's still widely used in HTTPS, even with clients that support newer, more secure algorithms.
[ link to this | view in thread ]
Re: Re: HTTPS
Ignore the preceding post; even if all the configuration details are correct, the authority chain is still vulnerable.
[ link to this | view in thread ]
VeraCrypt's Wikipedia page is up!
[ link to this | view in thread ]
Re: If you are innocent
[ link to this | view in thread ]