Pages:
Author

Topic: Has the NSA already broken bitcoin? - page 14. (Read 50498 times)

legendary
Activity: 1316
Merit: 1003
September 07, 2013, 05:47:08 PM
#99
Am i supposted to open that link?
You could have at least quoted what you think is relevant.
hero member
Activity: 609
Merit: 506
September 07, 2013, 05:44:19 PM
#98
You guys are missing the point here.  NSA Social engineered back doors into the algorithms.  They placed back doors in the encryption.  Thus you do not need to brute force your way in in you just need an appropriate key.

Thats quite a feat with open source.
At least when you compile yourself.

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
hero member
Activity: 686
Merit: 500
Ultranode
September 07, 2013, 04:00:48 PM
#97


stfu. I am not afraid to ask the tough questions, bro.



☐ tough question
☑ something else

bro



cool story, i lol'd hard
legendary
Activity: 905
Merit: 1000
September 07, 2013, 03:55:24 PM
#96


stfu. I am not afraid to ask the tough questions, bro.



☐ tough question
☑ something else

bro

hero member
Activity: 686
Merit: 500
Ultranode
September 07, 2013, 03:35:40 PM
#95
What if the NSA employs some kind of idiot-savant-mathematics-super-genius who can instantaneously decipher any code? 

(from idiot-savant-mathematics-super-genius.com)



stfu. I am not afraid to ask the tough questions, bro.

Also, on point article published today: http://arstechnica.com/security/2013/09/spooks-break-most-internet-crypto-but-how/
newbie
Activity: 33
Merit: 0
September 07, 2013, 03:34:10 PM
#94
One thing instantly comes to mind: SHA-3

As revealed, previously NSA has made NIST to insert their backdoored PRNGs into the standards etc.
NIST organized the competition to find the function to be called SHA-3 and one must wonder if Keccak won and was titled the SHA-3 because of some useful weaknesses NSA discovered in it.
legendary
Activity: 905
Merit: 1000
September 07, 2013, 03:24:22 PM
#93
What if the NSA employs some kind of idiot-savant-mathematics-super-genius who can instantaneously decipher any code? 

(from idiot-savant-mathematics-super-genius.com)

hero member
Activity: 686
Merit: 500
Ultranode
September 07, 2013, 03:21:17 PM
#92
What if the NSA employs some kind of idiot-savant-mathematics-super-genius who can instantaneously decipher any code? 
legendary
Activity: 1316
Merit: 1003
September 07, 2013, 03:13:45 PM
#91
You guys are missing the point here.  NSA Social engineered back doors into the algorithms.  They placed back doors in the encryption.  Thus you do not need to brute force your way in in you just need an appropriate key.

Thats quite a feat with open source.
At least when you compile yourself.
donator
Activity: 1218
Merit: 1079
Gerald Davis
September 07, 2013, 03:08:02 PM
#90
This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

SHA is not an encryption protocol.  You can't encrypt messages with SHA.

But your public wallet address along with the associated private key is dependent on asymmetric encryption.

Well no.  If you are going to provide a correction please at least get the terms correct.  ECDSA is not encryption.  The Bitcoin protocol does not use encryption in any form.  Some clients/wallets encrypt private keys for saf(er) storage but to date all of those have used symmetric encryption (i.e. QT client uses AES-256).
donator
Activity: 1218
Merit: 1079
Gerald Davis
September 07, 2013, 02:58:00 PM
#89
There are in-build weakness which can be exploited if there is a need.

Because the NSA is so smart that despite the algorithm being open and public nobody else on the planet has found the backdoor despite almost two decades of crypto-analysis? Somehow plenty of other less common weak, flawed, and backdoored algorithms get broken in a matter of months or years but SHA-2 is just beyond the smarts of the entire planet (except the NSA).  What makes this even more dubious is that the NSA would be playing with fire.  SHA-2 is the only hashing algorithm in "Suite B" and its use is MANDATED by CNSS for use in classified systems including those with national security implications.

Quote
Suite B– NIST cryptographic algorithms approved by NSA to protect National Security
Systems and the information that resides therein

Secure Hash Algorithm (SHA)
Use SHA-256 to protect up to SECRET.
Use SHA-384 to protect up to TOP SECRET.

Elliptic Curve Digital Signature Algorithm (ECDSA)
Use Curve P-256 to protect up to SECRET.
Use Curve P-384 to protect up to TOP SECRET.

https://www.cnss.gov/Assets/pdf/CNSSP_No%2015_minorUpdate1_Oct12012.pdf


The SIPERNet and JWICS uses SHA-2 (and only SHA-2) to ensure packet security (prevent MITM attacks).  Think the internet but instead of lolcats it has information that (and I quote) "the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security [of the United States]".

Seems likely the US government would mandate the use of an algorithm they know is weak to protect some of the most important (and damaging) secrets of the US government.   I mean there is no possible way that ANYONE ELSE on the planet given an infinite amount of time, resources, and motivation couldn't find the backdoor and then use it to compromise the SIPERNet (and countless other military and intelligence systems) that might result in "exceptionally grave damage to the national security".

Of course not.  The NSA has god like powers over math and a monopoly on access to all the smart people on the planet (including future generations until the end of time).

For those who want to remove their tinfoil hats and consider things it is probable the NSA will do (or already has done):
* Use secret warrants to force ISP to provide access to raw communications.
* Install backdoors into operating systems, programs, and libraries.
* Actively infect computer systems and network to compromise data before it is encrypted.
* Engage in MITM type attacks that result in parties believing they are communicating in a secure manner but are both communicating with an NSA relay.
* Use brute force to break weak cryptography (80 bit strength or less) as well as keys derived from weak passwords.
* Break the low level requirements for strong cryptographic systems like encouraging usage of faulty or low entropy RNGs.

If you think of cryptography as a locked door, then strong cryptographic systems are more like a massive vault door.  Brute force isn't an option but it doesn't mean you can't (go through the wall, open the vault from the inside, record the code used to unlock the door, sneak in when someone opens it, make the entire vault and owner "disappear", etc.
legendary
Activity: 905
Merit: 1000
September 07, 2013, 02:51:09 PM
#88
NSA Social engineered back doors into the algorithms.  They placed back doors in the encryption.  

True

Microsoft had failed to remove the debugging symbols in ADVAPI.DLL, a security and encryption driver, when it released Service Pack 5 for Windows NT 4.0 and Andrew Fernandes, chief scientist with Cryptonym found the primary key stored in the variable _KEY and the second key was labeled _NSAKEY.

https://en.wikipedia.org/wiki/NSAKEY

And I would not be surprised if "social engineered" did not sometimes include coercion, blackmail, or extortion.

Snowden described his CIA experience in Geneva as "formative", stating that the CIA deliberately got a Swiss banker drunk and encouraged him to drive home. Snowden said that when the latter was arrested, a CIA operative offered to intervene and later recruited the banker.


mjc
hero member
Activity: 588
Merit: 500
Available on Kindle
September 07, 2013, 02:32:22 PM
#87
You guys are missing the point here.  NSA Social engineered back doors into the algorithms.  They placed back doors in the encryption.  Thus you do not need to brute force your way in in you just need an appropriate key.
mjc
hero member
Activity: 588
Merit: 500
Available on Kindle
September 07, 2013, 02:27:15 PM
#86
This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

SHA is not an encryption protocol.  You can't encrypt messages with SHA.

But your public wallet address along with the associated private key is dependent on asymmetric encryption.
legendary
Activity: 2408
Merit: 1121
September 07, 2013, 02:12:38 PM
#85
If they need to break it they could is as simple as that. So far there is no need to do so, Right now the system does embrace Bitcoin and the alt's because it fits nicely in a system which relays on growed to survive. Banks have more work, mining equipment is required, power companies have increased sales, exchanges need staff, new products being manufactured, ..........the list goes on, its all sweet, perfect for the system. If at some time in years to come bitcoin is a threat or there is some other need to turn off the light switch then that's it, lights are out.
Think about it in an all out conflict the enemy would simply sent encrypted messages back and forth with a few Satoshies and they would be locked out from the own castle the build. (Bitcoins heart is SHA-256)
I am sorry but that's way to spaced out for me to accept. There are in-build weakness which can be exploited if there is a need.

I don't buy this "if they need to break it, they will" bullshit.

Guess what, Silk Road is laughing all the way to the bank, and the DEA hasn't done a goddamned thing about it. Can't they get their NSA buddies to help them out? Every day they operate with their competitors in the onion-space of Tor is absolute proof that they can't do what they're claiming.

Should be easy-peasy, yeah? Just crack the private key and monitor transactions, gather IPs, do some network analysis on the exit/entry nodes...

And yet, millions of dollars are transacted every day without cessation.

So, I call bullshit on the entire idea that ECDSA,RIPE,SHA-2 is vulnerable to the extent that these bullies are implying.
legendary
Activity: 966
Merit: 1001
Energy is Wealth
September 07, 2013, 03:50:14 AM
#84
If they need to break it they could is as simple as that. So far there is no need to do so, Right now the system does embrace Bitcoin and the alt's because it fits nicely in a system which relays on growed to survive. Banks have more work, mining equipment is required, power companies have increased sales, exchanges need staff, new products being manufactured, ..........the list goes on, its all sweet, perfect for the system. If at some time in years to come bitcoin is a threat or there is some other need to turn off the light switch then that's it, lights are out.
Think about it in an all out conflict the enemy would simply sent encrypted messages back and forth with a few Satoshies and they would be locked out from the own castle the build. (Bitcoins heart is SHA-256)
I am sorry but that's way to spaced out for me to accept. There are in-build weakness which can be exploited if there is a need.
hero member
Activity: 609
Merit: 506
September 07, 2013, 02:36:43 AM
#83
This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

can anyone think of a lower risk way to test...?

no body going to take this risk even its end of a life

send the NSA a  letter and see if they answer your question Roll Eyes

ooh I like the way you think. Direct and to the point!
sr. member
Activity: 266
Merit: 250
Blitz:The price affects the perception of the news
September 07, 2013, 02:25:12 AM
#82
Here is a link that is somewhat on topic.  They don't specifically mention Bitcoin, but they do mention Namecoin.  Now this is a long read and if you aren't into the crypto scene you may not want to bother.  On the other hand, there is some really good info/speculation about NSA and their decrypt abilities. 

Go here to read it:  http://cryptome.org/2013/09/nsa-decrypt-cryptography-13-0905.htm

Two things of note that one or more of the participants mentioned; one said that the whole business was a "a wilderness of mirrors".  Another said something like "beware of recursive paranoia".

Apologies to the pro's who probably already read this, but I didn't see a reference to the list in this series of posts.

/Frank
staff
Activity: 4284
Merit: 8808
September 07, 2013, 01:33:13 AM
#81
with breaking 'any' encryption was ment the conventional encryption for files - so truecrypt for example would be useless
FWIW, Quantum computers are not even _theorized_ to do that.  Very large true quantum computers would render some cryptosystems obsolete, if they turn out to be possible to construct— primarily the popular asymmetric (public key) schemes whos hardness is based on the intractability of the hidden subgroup problem such as discrete log and factoring hardness systems.

QC's really don't do much of anything of interest to symmetric ciphers and hash functions, beyond suggesting that longest hashes and key lengths would be prudent (in theorygrover's algorithm gives a generic speedup on root finding over non-linear functions which is equivalent to halving the number of bits of input).  QC's should not render your truecrypt obsolete.

Bringing this back on topic— if ginormous QC's became a realistic threat we'd need to add a new checksig operator, which is just a soft forking change which could be non-disruptively deployed. So long as you don't reuse addresses you already have a degree of protection against QC's or any $spook backdoors in SECP256k1 ECDSA, as your ecdsa public key is not revealed until the first time you spend and any attacker would have to race your transaction to steal it. The bigger issue is that the QC secure signature schemes result in rather large signatures.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
September 06, 2013, 09:08:00 PM
#80

Just read this disturbing article, based on recent leaks from Snowden:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption

The article talks about the NSA responding to the rise in popularity of internet encryption by, among other things, deliberately weakening the algorithms in use to give themselves a back door to decrypt data. Bitcoin relies on SHA-256, originally created by the NSA. Perhaps there is a weakness that an organization with the resources of the NSA is able to exploit.

If so, that would explain why the major governments around the world seem to tolerate bitcoin. They know they can break it whenever they want. Preferable after the cartels and terrorists get comfortable and start relying on it.
What exactly are you thinking of when you write "exploit" or "break"? There is no encryption in Bitcoin. There is nothing to "break". They certainly have backdoors in most software, open source included, and in most hardware. All they could do with an undisclosed weakness in sha256 is to start mining faster. Why would they care about being able to mine faster? If they know of a weakness in ECDSA, they could spend my coins. Again, why would they care?
Pages:
Jump to: