# How to decipher everything



## GIANT_CRAB (Sep 5, 2013)

NSA is able to decipher every fucking shit which includes but not limited to all cipher suites used for websites, voip, etc.

Thanks to GCHQ team.

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security


----------



## drmike (Sep 5, 2013)

Just when you thought it couldn't get any worse, well it did.

No mention about SSH and other "open" standards.

Bet you ass everything from Microsloth, Gaggle and Crapple are compromised from top to bottom.

I wonder how much more dirty ops money this trio and others are receiving annually from spook agencies?  Could it me that a very big chunk of their incomes is directly from government?  Possibly.


----------



## jarland (Sep 5, 2013)

NSA needs a powerful database leak, that's all. Dump everything, expose every single one of them and every single one of us. It's worth it. I'll donate money to that cause. I'd gladly have my private life zipped on media fire for anyone to download if they fall with me. I don't care about my privacy all that much, I care about my right to care about my privacy.


----------



## KuJoe (Sep 5, 2013)

Wow, the NSA continues to impress me more and more. If I knew about this kind of stuff in high school my life would be completely different right now.


----------



## wdq (Sep 5, 2013)

This really isn't too surprising, it's just something that I always hoped wouldn't be true. If you think about it, sending a letter to someone physically may be more secure than sending someone an encrypted email.


----------



## wlanboy (Sep 5, 2013)

Every problem based on math just needs time - so we all knew that encryption can break. But having backdoor all around ... wow.



> • A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
> 
> • The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.





wdq said:


> This really isn't too surprising, it's just something that I always hoped wouldn't be true. If you think about it, sending a letter to someone physically may be more secure than sending someone an encrypted email.


No, all physically sent letters are automatically scanned.

If they pick one address - all mail is forwarded to a special basket. Even in the EU - so guaranteed in the US.


----------



## Shados (Sep 5, 2013)

buffalooed said:


> Just when you thought it couldn't get any worse, well it did.
> 
> No mention about SSH and other "open" standards.
> 
> ...


Yeah, this is pretty much just reading as "encryption on closed-source or hosted solutions has government backdoors", but honestly that's to be expected. What competent spook agency wouldn't leverage large companies into covertly sabotaging their encryption methodologies? And NIST deliberately pushing weak standards also shouldn't be a surprise, given they are ultimately a government agency - you cannot expect them to be independent.

TL;DR: Rely on open-source, internationally recognized encryption technology.


----------



## drmike (Sep 6, 2013)

wdq said:


> This really isn't too surprising, it's just something that I always hoped wouldn't be true. If you think about it, sending a letter to someone physically may be more secure than sending someone an encrypted email.


Well, that's not true to some extent in the US.

For a decade or better the US Postal service has been scanning every parcel and piece of mail.  All those images have been indexed and intelligence made of them. Has been used to mine for all sorts of clues about people.

No, they don't open the envelope and scan it, but still, depending on package might be some revealing info you wouldn't want correlated to you personally.


----------



## stim (Sep 6, 2013)

Unsurprising but still a wake-up call. It's bound to trigger innovation in more secure systems, which surely is a good thing.

I suspect that further revelations will show how corporate espionage on this scale is being used to manipulate the markets. In the end, this only damages business trust, and economic repercussions are guaranteed.

To suggest that these programs are only targeted at catching 'terrorists 'is truly laughable. NSA operatives have been caught spying on ex-lovers and family members - to the extent that there is an official term for such behaviour - LOVEINT. Hundreds of thousands of people have ghost access to these tools. There seems to be no oversight whatsoever.

It would appear that the Legislators are either technically ignorant, or willfully tramping on our Human Rights.


----------



## peterw (Sep 6, 2013)

Shados said:


> TL;DR: Rely on open-source, internationally recognized encryption technology.


So don't use TrueCrypt.


----------



## drmike (Sep 6, 2013)

TrueCrypt is a wildcard since the developer(s) have been uber secretive.

Unsure if it is a honeypot or not.


----------



## kaniini (Sep 6, 2013)

Shados said:


> Yeah, this is pretty much just reading as "encryption on closed-source or hosted solutions has government backdoors", but honestly that's to be expected. What competent spook agency wouldn't leverage large companies into covertly sabotaging their encryption methodologies? And NIST deliberately pushing weak standards also shouldn't be a surprise, given they are ultimately a government agency - you cannot expect them to be independent.
> 
> TL;DR: Rely on open-source, internationally recognized encryption technology.


Actually, the malarkey with Dual_EC_PRNG was forced through NIST process by the NSA.  NIST was given the reigns of standardization of crypto after the DES stuff was found to be intentionally weak, and the AES process was well-executed.

Beyond that, NIST does not recommend use of Dual_EC_PRNG, they just publish the specification because they were strongarmed by NSA into doing it.

NIST really isn't the problem here...


----------



## patz (Sep 7, 2013)

According to this,



> Cryptography _itself_ has _not_ been breached....





> The security services have not broken cryptography, they have been subverting commercial cryptography products to be defective...


I wonder if these and other statements in the article are true.


----------



## GIANT_CRAB (Sep 8, 2013)

Btw, now NSA say they spy on smart phones too http://rt.com/news/nsa-smart-phones-spying-563/


----------



## KuJoe (Sep 8, 2013)

GIANT_CRAB said:


> Btw, now NSA say they spy on smart phones too http://rt.com/news/nsa-smart-phones-spying-563/


If they couldn't I would be worried.


----------

