Topic: Has the NSA already broken bitcoin? - page 14. (Read 50483 times)

Am i supposted to open that link?
You could have at least quoted what you think is relevant.

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

cool story, i lol'd hard

☐ tough question
☑ something else

bro

stfu. I am not afraid to ask the tough questions, bro.

Also, on point article published today: http://arstechnica.com/security/2013/09/spooks-break-most-internet-crypto-but-how/

One thing instantly comes to mind: SHA-3

As revealed, previously NSA has made NIST to insert their backdoored PRNGs into the standards etc.
NIST organized the competition to find the function to be called SHA-3 and one must wonder if Keccak won and was titled the SHA-3 because of some useful weaknesses NSA discovered in it.

(from idiot-savant-mathematics-super-genius.com)

What if the NSA employs some kind of idiot-savant-mathematics-super-genius who can instantaneously decipher any code? 

Thats quite a feat with open source.
At least when you compile yourself.

Well no.  If you are going to provide a correction please at least get the terms correct.  ECDSA is not encryption.  The Bitcoin protocol does not use encryption in any form.  Some clients/wallets encrypt private keys for saf(er) storage but to date all of those have used symmetric encryption (i.e. QT client uses AES-256).

Because the NSA is so smart that despite the algorithm being open and public nobody else on the planet has found the backdoor despite almost two decades of crypto-analysis? Somehow plenty of other less common weak, flawed, and backdoored algorithms get broken in a matter of months or years but SHA-2 is just beyond the smarts of the entire planet (except the NSA).  What makes this even more dubious is that the NSA would be playing with fire.  SHA-2 is the only hashing algorithm in "Suite B" and its use is MANDATED by CNSS for use in classified systems including those with national security implications.


https://www.cnss.gov/Assets/pdf/CNSSP_No%2015_minorUpdate1_Oct12012.pdf


The SIPERNet and JWICS uses SHA-2 (and only SHA-2) to ensure packet security (prevent MITM attacks).  Think the internet but instead of lolcats it has information that (and I quote) "the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security [of the United States]".

Seems likely the US government would mandate the use of an algorithm they know is weak to protect some of the most important (and damaging) secrets of the US government.   I mean there is no possible way that ANYONE ELSE on the planet given an infinite amount of time, resources, and motivation couldn't find the backdoor and then use it to compromise the SIPERNet (and countless other military and intelligence systems) that might result in "exceptionally grave damage to the national security".

Of course not.  The NSA has god like powers over math and a monopoly on access to all the smart people on the planet (including future generations until the end of time).

For those who want to remove their tinfoil hats and consider things it is probable the NSA will do (or already has done):
* Use secret warrants to force ISP to provide access to raw communications.
* Install backdoors into operating systems, programs, and libraries.
* Actively infect computer systems and network to compromise data before it is encrypted.
* Engage in MITM type attacks that result in parties believing they are communicating in a secure manner but are both communicating with an NSA relay.
* Use brute force to break weak cryptography (80 bit strength or less) as well as keys derived from weak passwords.
* Break the low level requirements for strong cryptographic systems like encouraging usage of faulty or low entropy RNGs.

If you think of cryptography as a locked door, then strong cryptographic systems are more like a massive vault door.  Brute force isn't an option but it doesn't mean you can't (go through the wall, open the vault from the inside, record the code used to unlock the door, sneak in when someone opens it, make the entire vault and owner "disappear", etc.

True

Microsoft had failed to remove the debugging symbols in ADVAPI.DLL, a security and encryption driver, when it released Service Pack 5 for Windows NT 4.0 and Andrew Fernandes, chief scientist with Cryptonym found the primary key stored in the variable _KEY and the second key was labeled _NSAKEY.

https://en.wikipedia.org/wiki/NSAKEY

And I would not be surprised if "social engineered" did not sometimes include coercion, blackmail, or extortion.

Snowden described his CIA experience in Geneva as "formative", stating that the CIA deliberately got a Swiss banker drunk and encouraged him to drive home. Snowden said that when the latter was arrested, a CIA operative offered to intervene and later recruited the banker.

You guys are missing the point here.  NSA Social engineered back doors into the algorithms.  They placed back doors in the encryption.  Thus you do not need to brute force your way in in you just need an appropriate key.

But your public wallet address along with the associated private key is dependent on asymmetric encryption.

I don't buy this "if they need to break it, they will" bullshit.

Guess what, Silk Road is laughing all the way to the bank, and the DEA hasn't done a goddamned thing about it. Can't they get their NSA buddies to help them out? Every day they operate with their competitors in the onion-space of Tor is absolute proof that they can't do what they're claiming.

Should be easy-peasy, yeah? Just crack the private key and monitor transactions, gather IPs, do some network analysis on the exit/entry nodes...

And yet, millions of dollars are transacted every day without cessation.

So, I call bullshit on the entire idea that ECDSA,RIPE,SHA-2 is vulnerable to the extent that these bullies are implying.

If they need to break it they could is as simple as that. So far there is no need to do so, Right now the system does embrace Bitcoin and the alt's because it fits nicely in a system which relays on growed to survive. Banks have more work, mining equipment is required, power companies have increased sales, exchanges need staff, new products being manufactured, ..........the list goes on, its all sweet, perfect for the system. If at some time in years to come bitcoin is a threat or there is some other need to turn off the light switch then that's it, lights are out.
Think about it in an all out conflict the enemy would simply sent encrypted messages back and forth with a few Satoshies and they would be locked out from the own castle the build. (Bitcoins heart is SHA-256)
I am sorry but that's way to spaced out for me to accept. There are in-build weakness which can be exploited if there is a need.

ooh I like the way you think. Direct and to the point!

Here is a link that is somewhat on topic.  They don't specifically mention Bitcoin, but they do mention Namecoin.  Now this is a long read and if you aren't into the crypto scene you may not want to bother.  On the other hand, there is some really good info/speculation about NSA and their decrypt abilities. 

Go here to read it:  http://cryptome.org/2013/09/nsa-decrypt-cryptography-13-0905.htm

Two things of note that one or more of the participants mentioned; one said that the whole business was a "a wilderness of mirrors".  Another said something like "beware of recursive paranoia".

Apologies to the pro's who probably already read this, but I didn't see a reference to the list in this series of posts.

/Frank

FWIW, Quantum computers are not even _theorized_ to do that.  Very large true quantum computers would render some cryptosystems obsolete, if they turn out to be possible to construct— primarily the popular asymmetric (public key) schemes whos hardness is based on the intractability of the hidden subgroup problem such as discrete log and factoring hardness systems.

QC's really don't do much of anything of interest to symmetric ciphers and hash functions, beyond suggesting that longest hashes and key lengths would be prudent (in theorygrover's algorithm gives a generic speedup on root finding over non-linear functions which is equivalent to halving the number of bits of input).  QC's should not render your truecrypt obsolete.

Bringing this back on topic— if ginormous QC's became a realistic threat we'd need to add a new checksig operator, which is just a soft forking change which could be non-disruptively deployed. So long as you don't reuse addresses you already have a degree of protection against QC's or any $spook backdoors in SECP256k1 ECDSA, as your ecdsa public key is not revealed until the first time you spend and any attacker would have to race your transaction to steal it. The bigger issue is that the QC secure signature schemes result in rather large signatures.

What exactly are you thinking of when you write "exploit" or "break"? There is no encryption in Bitcoin. There is nothing to "break". They certainly have backdoors in most software, open source included, and in most hardware. All they could do with an undisclosed weakness in sha256 is to start mining faster. Why would they care about being able to mine faster? If they know of a weakness in ECDSA, they could spend my coins. Again, why would they care?