Wednesday, September 25, 2013

The NSA has likely broken Internet security

This article is very persuasive.

The gist of it is that NSA recommended changes have grossly weakened Internet encryption.  The changes were noticed by tech nerds at the time, but were considered "weird" rather than malicious.  Everyone gave the NSA the benefit of the doubt.  Now the Snowden leaks have people reassessing that.

The problem is that the NSA has very good cryptographers.  The idea that they'd make an inadvertent mistake in a core component of a crypto system is hard to believe.  Especially when the "mistake" very well might let them read everyone's encrypted data.

The infuriating thing is that now that the cat is out of the bag, other people will be trying to use this to break encrypted traffic.  This is what's used to protect financial transactions, for example - there's a big motivation for the Bad Guys to break this, too.

Quite frankly, it's hard to see how the NSA can ever recover the trust of the tech community.  I don't expect that anyone there will willingly cooperate with them, unless there's a big government contract involved.  What the NSA used to get for free based on good will is now likely only available for hire. 


lelnet said...

It's hard for some of us to see how they ever acquired that trust in the first place.

R.K. Brumbelow said...

What lelnet said.

Wow, I had this whole post and I realized before I finished the first sentence my thoughts needed to be redacted.

Let me instead remind some of the quip that was so common in 2000 when SE Linux was released publicly.

Why trust the NSA? Because someone is going to have the keys and the NSA already has them.

It was known then that the NSA could have whatever data it wanted, it was just a matter of time. (What was the old rendering standard at Comdex in the 80's Day on a Cray?) The difference today is not can the NSA get the data, but does the NSA want the data.

Think of it like any other munition. I own guns, that I can go out and do something with those guns does not mean I will (despite what progressives seem to think). In fact, I will not do everything I am physically capable of for a myriad of reasons including responsibility, compassion, and respect. The NSA has been known to have no effective physical limits, now they are known to have no moral limits.

So, is the NSA a tool for government, or an entity themselves. If they are not a tool, then like any rabid dog, they need to be put down. If they are a tool, then the owner needs to be corrected/ punished so that the tool is not misused again.

I have said it before, get rid of the NSA and you will simply get another 2 TLAs doing the same thing. Whatever the case may be it is a herculean task (literally)

Killing the Hydra: The Second Labor of Hercules
Accompanied with his trusty nephew, Iolaus, Hercules set off to hunt the nine-headed monster. They went to the springs of Amymone and discovered the lair of the menacing beast.

Hercules lured the creature out of its den by shooting it with flaming arrows. When the beastly creature emerged, the Greek mythical hero seized it but the monster wound one of its coils to Hercules’ foot.

With one of his foot stuck, Hercules tried to break free by smashing the monster’s head, but as soon as he cut one, two more heads would appear on its place. And a huge crab began biting Hercules’ trapped foot to add nuisance. After smashing the crab with his club, Hercules called on to his nephew, Iolaus to help him out in fighting the looming monster.

Hercules persisted on slashing the monster’s head while Iolaus scorched each headless neck with a torch to prevent heads from growing back. Finally, the Hydra was slain as Heracles's second task was done.

After the Hydra was defeated, Heracles soaked the tip of his arrows in its venomous blood.

Unknown said...

It is a alarming news that NSA is tracking the activity of all the users on internet.So the privacy of the consumer is NIl.

Silvester Norman

Changing MAC Address