NSA can decrypt VPNs?

stim

New Member
Hi,

Amongst today's revelations about NSA's data collection activities is the suggestion that VPNs can be decrypted at will.
See slide #17

Not being an expert in this stuff, can anyone explain how this could be possible?

If it was do-able in 2008, how far have they advanced since then?

Cheeeers.
 
Last edited by a moderator:

concerto49

New Member
Verified Provider
Well anything can be brute forced provided you have enough money. When you have data centers and supercomputers for mass processing it does wonders.


Encryption is just so no one can in a reasonable time for reasonable cost.
 

stim

New Member
Well anything can be brute forced provided you have enough money. When you have data centers and supercomputers for mass processing it does wonders.


Encryption is just so no one can in a reasonable time for reasonable cost.

The slide suggests that all VPNs in country X can be decrypted and the users identified.

This means that decrypting one VPN is a trivial task.

No?
 
Last edited by a moderator:

wlanboy

Content Contributer
A lot of users are still using pptp - so I think NSA does not have a lot of money to get access to these "vpn" connections.
 

acd

New Member
Here's a quotation from the referenced slide:

  • Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the usersThese events are easily browsable in XKEYSCORENo strong-selector
[*]XKEYSCORE extracts and stores authoring information for many major document types -- can perform a retrospective survey to trace the document origin since metadata is typically kept for up to 30 days
[*]No other system performs this on raw unselected bulk traffic, data volumes prohibit forwarding
Emphasis mine. Yes, they can decrypt the data, but it still costs processing time and it is probably not realtime. Worried? Use bigger SSL keys for authentication and stronger encryption. I'm sure 2048 bit RSA keys from a private CA and AES256 + SHA256-HMAC is going to be reasonably hard to a. forge and b. decrypt, but of course, this is a government agency with a metric *#&#-load of money; if they try hard enough, it doesn't matter. The point is they don't care about people who aren't persons of interest.
 

KuJoe

Well-Known Member
Verified Provider
Best of all, your secret: nothing extant could extract it. 

By 2025 a children’s Speak & Spell could crack it. 

 

You can’t hide secrets from the future with math. 

You can try, but I bet that in the future they laugh 

at the half-assed schemes and algorithms amassed 

to enforce cryptographs in the past. 
 

Slownode

New Member
Best of all, your secret: nothing extant could extract it. 


By 2025 a children’s Speak & Spell could crack it. 


 


You can’t hide secrets from the future with math. 


You can try, but I bet that in the future they laugh 


at the half-assed schemes and algorithms amassed 


to enforce cryptographs in the past. 
If you use non-standard encryption all of a sudden noone can crack you with stock tools until they find out how you're doing it.
Something as simple as interlaced NOTing can throw off brute forcers.
 

KuJoe

Well-Known Member
Verified Provider
They got alien technology to make the rainbow tables with,

then in an afternoon of glancing at ‘em, secrets don’t resist

the loving coax of the mathematical calculation,

heart of your mystery sent free-fall into palpitations.

Computron will rise up in the dawn, a free agent.

Nobody knows the future now; gonna find out — be patient.
 

wdq

Quade
I wonder if they have a supercomputer hidden in here, behind all of the hard drives, to decrypt encrypted traffic. 

utah-data-center_11.jpg
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
I wonder if they have a supercomputer hidden in here, behind all of the hard drives, to decrypt encrypted traffic. 

utah-data-center_11.jpg
They sure have a shit-ton of water going to to it (1.7 million gallons per day), when other properties in the area are already struggling due to drought like conditions.

Best case scenario is an earthquake that interrupts the flow of water, no electricity, backup generators don't work as well as intended, everything overheats and melts. :p

I read somewhere that the entire facility will only have 200 people working there. That's over 4,000 sq/ft per employee, assuming they all work the same shift (which is unlikely), so that number increases dramatically.
 
Last edited by a moderator:

tonysala87

New Member
If you're talking about a vpn for internet access, like privateinternetaccess.com then they don't need to decrypt that because your traffic enters the internet unencrypted from the vpn server.

As for VPN over the internet connecting two private networks, I have no idea if they can decrypt it, but my guess is yes.
 

Slownode

New Member
If you're talking about a vpn for internet access, like privateinternetaccess.com then they don't need to decrypt that because your traffic enters the internet unencrypted from the vpn server.


 


As for VPN over the internet connecting two private networks, I have no idea if they can decrypt it, but my guess is yes.
Well several major cert authorities are intercepted so HTTPS traffic can be spied upon with triangle spying.
 

Enterprisevpssolutions

Article Submitter
Verified Provider
I wonder if people remember where the internet started? I'm sure the Gov has the tech to decrypt what they want. If a programmer can use the nvidia or amd video GPUS to bruteforce something what do you think a supercomputer with millions of processors can do? http://hackaday.com/2012/12/06/25-gpus-brute-force-348-billion-hashes-per-second-to-crack-your-passwords/  the only issue occurs when you are selling a vps service that has many clients using the same vpn then you have more ips and more clients you have to look at and get warrents for but its still possible. Data forensics is some scary stuff and i played with some of that software I would love to play around with a few million processors running in parallel =D
 
Last edited by a moderator:
Top