Pages:
Author

Topic: Has the NSA already broken bitcoin? - page 12. (Read 50498 times)

newbie
Activity: 21
Merit: 0
October 21, 2013, 04:37:02 AM
NSA even invented Bitcoin.

Nakamoto SAtoshi = NSA

lol
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
October 21, 2013, 03:11:33 AM
That's one reason I don't use deterministic wallets. You guess the master key somehow, you get all the keys. If you can get it from one of the spent keys, I don't know and that is up for debate, but I'd rather not take the risk when it is so easy to just use a brand new randomly generated bitcoin address.
legendary
Activity: 2632
Merit: 1023
October 21, 2013, 02:49:21 AM
The NSA created Bitcoin and used ECDSA in it because they already had it broken.

This risk is already mitigated for any bitcoin address that has not been used for spending (i.e. its public key is not yet known).

Even if ECDSA is broken wide open, it doesn't really matter with respect to bitcoins that have been received at addresses that have never been used for spending, because the corresponding ECDSA public key is not known and cannot be determined without also breaking both RIPEMD160 and SHA256 simultaneously.


Can anyone speak to the issue, if I use a deterministic wallet (eg electrum,) and I spend from one address, thus ECDSA is all that is needed to be cracked, can that private key be used to access the rest of the address even though Unspent.

Thus would it be safer if I use multibit or the QT, as the issue is in the random generation only but the secon vulnerability is no their as those addresses are not determanisitc.

Where is the best place to generate the safest addresses keys, as I like the electrum interface and could always import keys.

I have tried to raise this in the elctrum sub boards, and the answer was not as definitive as I would have hoped.
sr. member
Activity: 364
Merit: 250
October 20, 2013, 11:46:03 PM
it's certainly not out of the realm of possibility.  for people who think certain encryptions can't ever be broken, that's very naive to think that way. throughout history we end up breaking or doing things people never thought would be possible.  heck just go back 100 years or so and try to explain a smart phone to people.  so to think encryption can't be broken or won't be broken is very naive, i always assume that it can or is or will be broken at some point so it's going to be up to "us" to continue to make new and improved forms of encryption.

if the question is has the NSA already done it.... no, i don't think so.  But I do believe eventually at some point in the future it very well could happen.
donator
Activity: 1218
Merit: 1079
Gerald Davis
October 20, 2013, 11:32:56 PM
ECDSA is not the same as Dual_EC_DRBG.   The vulnerability is with Dual_EC_DRBG not the entire ECC concept.  Actually the speed at which the crypto community sounded the alarm on Dual_EC_DRBG should be seen as a positive sign.  It was/is an obscure algorithm with no real widespread usage and the flaw was found and published internationally in the span of a few months.   
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
October 20, 2013, 09:23:07 PM
Not sure on the bitcoin security

Bitcoin does use ECDSA

 https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm

So does that make it vulnerable to the NSA

http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005. The algorithm was approved by NIST in 2006. In 2013, the New York Times revealed that Dual Elliptic Curve Deterministic Random Bit Generation (or Dual_EC_DRBG) had been included as a NIST national standard due to the influence of NSA, which had included a deliberate weakness in the algorithm.[3]
legendary
Activity: 1764
Merit: 1002
September 15, 2013, 10:03:10 PM
They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

In related news Matthew Green one of the Zerocoin guys has got into trouble with his dept. dean at JHU criticising the NSA ... what a bunch of PC BS! (Not to mention smacks of censorship, 1st amendment suppression, etc)

http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog

Quote
Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data.

JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers.

you are aware that JHU has since apologized for the reprimand and allowed his original post to remain public?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 15, 2013, 08:49:03 PM
They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?
They helped design and implement Tor so their own people (government) can use it in foreign places. Actually, Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications.
legendary
Activity: 1666
Merit: 1010
he who has the gold makes the rules
September 14, 2013, 01:50:25 AM
This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

can anyone think of a lower risk way to test...?

You all sign a notarized piece of paper that these conversations are to exercise artistic speech to create a book and that there is no intent to carry out the discussion that will take place beyond creating a work of fiction?
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
September 14, 2013, 12:29:20 AM
They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

In related news Matthew Green  on of the Zerocoin guys has got into trouble with his dept. dean at JHU criticising the NSA ... what a bunch of PC BS! (Not to mention smacks of censorship, 1st amendment suppression, etc)

http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog

Quote
Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data.

JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers.
Andrew Douglas, how pathetic! He belongs more to the Soviet or Albanian past, or to the North Korea of today. In my experience, most of today's so-called intelectuals in the U.S. academia are similarly brain-washed into blind, politically-correct obedience. Dangerously stupid people.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
September 14, 2013, 12:08:59 AM
They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

In related news Matthew Green one of the Zerocoin guys has got into trouble with his dept. dean at JHU criticising the NSA ... what a bunch of PC BS! (Not to mention smacks of censorship, 1st amendment suppression, etc)

http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog

Quote
Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data.

JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 13, 2013, 11:31:51 PM
They want you to avoid using Tor. They also use Tor themselves.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
September 13, 2013, 10:47:44 PM
This is the crypto standard that the NSA sabotaged: http://boingboing.net/2013/09/11/this-the-the-crypto-standard-t.html

Or that's the one they dont care about if you know it, since apparently its used pretty much nowhere.
I also dont see how that would fit in to this quote from the guardian article:
Quote

An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"

The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

I dont think anyone would be gobsmacked if they found out an obscure, slow, suspect, almost never used psuedo random generator was hacked.

I dont know what to trust anymore right now, but on the top of things I no longer trust, is Tor;
http://news.softpedia.com/news/The-US-Government-Funds-60-Percent-of-the-Tor-Project-381195.shtml

Is that what they cracked in 2010? Who knows.But I doubt they would fund 60% of a project which sole goal is precisely to make it virtually impossible for NSA and others to snoop on its users, unless there was a tangible benefit to it.

"Gobsmacked analysts", "huge breakthrough circa 2010", these kinds of comments have now come from more than one source so it is gaining credibility that they are wielding a rather big cracking hammer right now ... all sound reasoning ... as I have suspected for some time Tor is just another spook honey pot.
hero member
Activity: 616
Merit: 500
September 13, 2013, 10:31:29 AM
Is that what they cracked in 2010? Who knows.But I doubt they would fund 60% of a project which sole goal is precisely to make it virtually impossible for NSA and others to snoop on its users, unless there was a tangible benefit to it.

Knowing what's in the network packets that folks don't want them to know.

http://en.wikipedia.org/wiki/The_enemy_of_my_enemy_is_my_friend
legendary
Activity: 980
Merit: 1040
September 13, 2013, 09:59:45 AM
This is the crypto standard that the NSA sabotaged: http://boingboing.net/2013/09/11/this-the-the-crypto-standard-t.html

Or that's the one they dont care about if you know it, since apparently its used pretty much nowhere.
I also dont see how that would fit in to this quote from the guardian article:
Quote

An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"

The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

I dont think anyone would be gobsmacked if they found out an obscure, slow, suspect, almost never used psuedo random generator was hacked.

I dont know what to trust anymore right now, but on the top of things I no longer trust, is Tor;
http://news.softpedia.com/news/The-US-Government-Funds-60-Percent-of-the-Tor-Project-381195.shtml

Is that what they cracked in 2010? Who knows.But I doubt they would fund 60% of a project which sole goal is precisely to make it virtually impossible for NSA and others to snoop on its users, unless there was a tangible benefit to it.
full member
Activity: 153
Merit: 100
September 12, 2013, 06:59:25 AM
This is the crypto standard that the NSA sabotaged: http://boingboing.net/2013/09/11/this-the-the-crypto-standard-t.html
newbie
Activity: 58
Merit: 0
September 09, 2013, 11:43:00 PM
This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

can anyone think of a lower risk way to test...?

I have an idea, do what these guys did Cheesy

http://www.dailymail.co.uk/news/article-2407949/Test-reveals-Facebook-Twitter-Google-snoop-emails-Study-net-giants-spurs-new-privacy-concerns.html
hero member
Activity: 616
Merit: 500
September 09, 2013, 10:06:54 PM

Your signature fits perfectly the self-portrait you just painted.

*blink*

What does any of that have to do with anything being discussed? It's a signature to public donation and low volume receipt wallets. Most of us have them.

Still I doubt the NSA would want anything to do with bitcoin besides use it to pay their own spies in Iran and Russia."Comrade, here is your 1000BTC for political blackmail purposes. Please get picture of Putin wearing lipstick passed out drunk in a dress".

Exactly. Could the technology and its adaptation/adoption/evolution be of interest in general? Perhaps. But they likely don't give a rip about people using it to send basic transactions.
vip
Activity: 756
Merit: 503
September 09, 2013, 09:57:40 PM
I'm reading this book right now. Pretty on topic. In this novel the NSA can decrypt any algorithm except one...



I'm sorry for your loss.  That book is total junk.  At least with the other formulaic dan brown novels, they touch on something he knows about (religious history).  This one does not.  
I'm reading about 1 novel a year. Much more than that when I was younger. I don't expect everything in this book to be accurate. I'm 50% done and enjoying it. The rest of the years, I'm reading technical books and stuff so this is relaxing for my mind.
hero member
Activity: 899
Merit: 1002
September 09, 2013, 09:45:50 PM
I also don't buy the 'NSA recommends this so it must be a trick to get us to use something else!'. Whatever NIST recommendations are is what is put into commercial software/hardware blackboxes.
Pages:
Jump to: