Pages:
Author

Topic: SHA-256 is designed by the NSA - do they have a backdoor? - page 2. (Read 27837 times)

sr. member
Activity: 476
Merit: 250
What if satoshi nakamoto works at nsa Smiley

Then the USA and a small group of shadow people would take control over the next standard currency by holding 1MBTC

Wait...! What ?
legendary
Activity: 1890
Merit: 1058
Vave.com - Crypto Casino
What if satoshi nakamoto works at nsa Smiley
legendary
Activity: 3710
Merit: 1586
Bitcoin Pakistan... holy $hit.

Something tells me NSA's computers just went off the charts, LOL

Why just? I've been a member of this forum for months and my site has been up for most of that time. Also there's a dedicated thread for Pakistan in the other forum.
full member
Activity: 182
Merit: 100
Fourth richest fictional character
Bitcoin Pakistan... holy $hit.

Something tells me NSA's computers just went off the charts, LOL
legendary
Activity: 3710
Merit: 1586
Bitcoin is one big worry after another.

legendary
Activity: 1264
Merit: 1008
Or, they were reading the email as you typed it using

1) Rootkit
2) Tempest
3) Robotic mosquito flying behind your head

1. Not likely. Email composed and encrypted offline. Also got tools for this, GMER, etc.
2. Not likely. Faraday cage and all that.
3. Not likely. All insects don't get past the door and air filters.

Of course, it's still possible. Just not likely.

@gmaxwell, nice post. I almost understood everything. hehehe.

You seem to have your systems quite in order sir Smiley  Do you mind while we stray somewhat off topic if I ask, how you authenticate your recipients public key?

legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
If you have to ask, you already know the answer.



More like, if you have to ask, you are trying to divert us from looking at secp256k1.

hehe
legendary
Activity: 1264
Merit: 1008
If you have to ask, you already know the answer.



More like, if you have to ask, you are trying to divert us from looking at secp256k1.
full member
Activity: 182
Merit: 100
Fourth richest fictional character
If you have to ask, you already know the answer.

sr. member
Activity: 341
Merit: 250
Are you really that naive?

Do you underestimate the brightest minds in the world? Do you believe that the minds in the NSA are somehow brighter than those outside of it?

So what evidence do you have that the brightest minds in the world are not in these government agencies?

A friend of mine's son has studied maths at Cambridge in the UK, he is now doing a PHD over in the US at MIT. She had her son's friend stay with her over the holiday, and told me that this girl was also studying for a PHD also. This girl is apparently ridiculously intelligent, to the point of being autistic, she has no social skills. She has already been approached by GCHQ and has done a summer placement there. She has been offered a place after completing her PHD.

That's what happens in the real world, these ultra bright kids will be snapped up by places like GCHQ and NSA before they are 21, but, this forum is just like a hollow box where you all like to shout about the positives of bitcoin without ever considering the real world, so I guess none of this matters.

The real world has no relevance on the internet.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto

Quote
all their needs could be handled on 10 year old XP machines or even just a couple of smartphones.

I know several companies that still work with 10 year old XP (SP3) machines. Get's the job done and still runs everything new out there, just a little bit slower.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Or, they were reading the email as you typed it using

1) Rootkit
2) Tempest
3) Robotic mosquito flying behind your head

1. Not likely. Email composed and encrypted offline. Also got tools for this, GMER, etc.
2. Not likely. Faraday cage and all that.
3. Not likely. All insects don't get past the door and air filters.

Of course, it's still possible. Just not likely.

@gmaxwell, nice post. I almost understood everything. hehehe.
sr. member
Activity: 251
Merit: 250
3) Robotic mosquito flying behind your head

I'm living under constant fear that this happens day in and day out, how do I keep going?

Kill all the mosquitoes at sight and you should be safe  Tongue
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
3) Robotic mosquito flying behind your head

I'm living under constant fear that this happens day in and day out, how do I keep going?
legendary
Activity: 966
Merit: 1001
Energy is Wealth
legendary
Activity: 1264
Merit: 1008
I use gmail. But I also use GPG with 4096 bit RSA keys. They can store my encrypted message and keep it for all eternity, but they'll never read it.

Even with their quantum computer?

Even with their quantum computer. If you live long enough to read my email, you are effectively immortal. That, or someone stole my private key.

Or, they were reading the email as you typed it using

1) Rootkit
2) Tempest
3) Robotic mosquito flying behind your head
staff
Activity: 4284
Merit: 8808
Public key is always going to be trickier to keep secure as they all rely on assumptions, and that will lead to a never ending "arms race".
Well, careful, symmetric ciphers depend on the existence of one way functions. If P happened to practically equal NP, then one way functions couldn't exist and I could solve for the symmetric keys that turns your ciphertext into ascii (there is probably only one).

NOT. BLOODLY. LIKELY.  (kinda sadly, there would be a lot of other befits to such a world)

It's possible to construct public key signature systems that depend only on the existence of one way functions.  (Lamport!)

The soundness assumptions in error correcting code crypto-systems are also generally pretty solid (well, we keep breaking them trying to make their overheads tolerable…)  (solving for random linear codes is NP-HARD ... the only question is can the attacker turn your public key back into an easy linear code)

Considering that for encrypted messages overhead is mostly immaterial I'm surprised that no one has created a stone soup protocol that just takes "one from each column":

NIST-521 bit ECDH, just in case the NSA made it stronger
1024 bit ECDH with parameters selected the best known public art techniques (e.g. like the brainpool curves)
Supersingular isogenies key agreement
Wrapped up inside an error correcting code public key encryption
And that encrypted with a symmetric key which is from the recipient, a starter one is in the public key.. though thats not very useful.
Feed it to a pair of orthogonal strong KDFs which then feed separate passes of multiple standard ciphers (unrelated keys) in some long block modes.

Then inside the encrypted messages you send symmetric keys generated using H(random, data_thats_part_of_your_private_key) which your receiver will save and use as an additional key in your KDFs in messages they send to you in the future (perhaps up to N of them with octave spacing, so a spy that can break the public key stuff will get locked out with high probability if they miss any of your messages).

Perhaps then the whole message gets thrown through a gnarly unkeyed cryptographic permutation and coded up with a RS code and you replace it with the non-systematic outputs and, at your option send, the message in as many parts as you like over different communications channels... so an attacker who can't snoop all of them learns almost nothing about the whole message.

Care would need to be taken to avoid interactions that hurt security.. but for encrypted messages.. who gives a crap if there is 50K of overhead and it takes a half second to decrypt?  There are plenty of applications where thats totally unacceptable, like Bitcoin... but also plenty where it is.

... wait. what board is this?? woah .. way offtopic.



donator
Activity: 1218
Merit: 1079
Gerald Davis
Ok. I stand corrected. The word "never" was used as hyperbole. 2030 to 2060 is just about right, and maybe even sooner. Obligatory cartoon here:

No problem I personally use 4096 bit keys for PGP and don't worry.  I does what its name says it does "pretty good privacy".  I also agree even if 4096 bit can be broken someday it is more likely someone is going to beat me with a wrench instead.  Smiley  Someone uninformed however might reach the wrong conclusion.  I guess it all depends on how secret your secrets are or maybe more importantly how long they need to remain a secret.

Quote
However, those same studies find 256 bit symmetric keys and hashes going far beyond the year 2080. We can already start using 512 bit hash functions.

Symmetric cryptography and hashing functions (assuming the algorithm itself is secure) don't have the same attack vectors that public key cryptography does.  They also aren't vulnerable to Shor's algorithm. It is very like we will never need larger than 256 bit symmetric encryption or 512 bit hashes due to thermodynamics*.   Public key is always going to be trickier to keep secure as they all rely on assumptions, and that will lead to a never ending "arms race".  BTW I like that cartoon I have a signed print on my wall.  Good reminder to see the forest from the trees when dealing with security.


* Brute forcing a 256 bit key is a "never" scenario (more energy than available in our star system).  
https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Ok. I stand corrected. The word "never" was used as hyperbole. 2030 to 2060 is just about right, and maybe even sooner. Obligatory cartoon here:

http://xkcd.com/538/



However, those same studies find 256 bit symmetric keys and hashes going far beyond the year 2080. We can already start using 512 bit hash functions.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I use gmail. But I also use GPG with 4096 bit RSA keys. They can store my encrypted message and keep it for all eternity, but they'll never read it.

I wouldn't be so sure that RSA with 4096 bits will really never be cracked.  Especially asymmetric algorithms seem quite vulnerable, given enough time for new methods and hardware to develop.  (Nevertheless I also consider my GPG mails with this setting to be reasonable secure.)

This.  There is a high probability that 4096 bit asymmetric encryption will eventually be broken (by classical computing).  Various agencies estimate a high probability that 4096 bit will no longer be secure after 2030-2060.   That being said 4096 bit RSA provides reasonable security for the intermediate future however "never" is a long time.  If it must be longer than your lifespan you should be looking at something like 15,360 bit RSA or 512 bit ECC.

Pages:
Jump to: