Pages:
Author

Topic: SHA-256 is designed by the NSA - do they have a backdoor? - page 3. (Read 27840 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I use gmail. But I also use GPG with 4096 bit RSA keys. They can store my encrypted message and keep it for all eternity, but they'll never read it.

Even with their quantum computer?

Even with their quantum computer. If you live long enough to read my email, you are effectively immortal. That, or someone stole my private key.
legendary
Activity: 966
Merit: 1001
Energy is Wealth

They would be dump as hell if there is no chance in at all to access it if there is a need to do so. As it stands there is no need to blow the cover and sacrifice years of work and huge amounts of money spend. In the big picture S.R. is laughable and Bitcoin is endorsed by the system at the moment (growing economy: hardware sales, exchanges, new products...).
Any rough element or country could simply send encrypted messages back and forth using a few satoshis and they would be totally defenceless defending themselves and country using a tool they created. If u believe this, well Santa Clause is coming to town too. If they see the need to switch the switch then they will.
legendary
Activity: 1190
Merit: 1001
A friend of mine's son has studied maths at Cambridge in the UK, he is now doing a PHD over in the US at MIT. She had her son's friend stay with her over the holiday, and told me that this girl was also studying for a PHD also. This girl is apparently ridiculously intelligent, to the point of being autistic, she has no social skills. She has already been approached by GCHQ and has done a summer placement there. She has been offered a place after completing her PHD.

It's true...the NSA drives around on campus' in black vans looking for people with bad haircuts and mismatching orange and pink socks.  They then throw a bunch of matches out the car window, if the target starts frantically counting the matches and repeating the total sum they put a brown bag over their head and bring them to area 51 for some super secret smart ass shit.
legendary
Activity: 2142
Merit: 1010
Newbie
I use gmail. But I also use GPG with 4096 bit RSA keys. They can store my encrypted message and keep it for all eternity, but they'll never read it.

Even with their quantum computer?
legendary
Activity: 1135
Merit: 1166
I use gmail. But I also use GPG with 4096 bit RSA keys. They can store my encrypted message and keep it for all eternity, but they'll never read it.

I wouldn't be so sure that RSA with 4096 bits will really never be cracked.  Especially asymmetric algorithms seem quite vulnerable, given enough time for new methods and hardware to develop.  (Nevertheless I also consider my GPG mails with this setting to be reasonable secure.)
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I use gmail. But I also use GPG with 4096 bit RSA keys. They can store my encrypted message and keep it for all eternity, but they'll never read it.
legendary
Activity: 1135
Merit: 1166
I have a sneaking suspicion that the NSA's alleged superpowers are overrated. Maybe they once were way ahead of the curve back when crypto was a nerd curiosity. But now? In 2013, when the whole world understands the importance of crypto and scads of people are interested in it, including hackers who stand to become fabulously wealthy if they could find a flaw? I just don't buy it. More likely the government just wants people to think there's no point in using cryptography.

And we have a winner! Ding ding ding!

After Prism we started to hear lots of stories coming from two sides.

Side 1) We need to start using crypto in everything now! Secure all the things! (This is us, the geeks)

Side 2) Oh fudge if people start securing everything the future is going to be very dark indeed. Very dark because our capturing data centers will be redundant. (This is the NSA)

If the NSA had really broken core cryptographic functions they would be neutral on people using encryption as it wouldn't matter. They would stay in the dark like they always do. Just watching us.

However instead we started to get FUD all over the place about encryption. I remember reading that the government recommended people not to use encryption because it would mean the NSA would keep your data forever, and when that didn't work they started to give hints that all this encryption is useless anyway.

Very good points!  I also believe that they are very far from actually breaking the algorithms themselves.  (Except possibly if they managed to build a quantum computer, which I see as faint possibility.)

EDIT: I think SSL is compromised because they rely on certificates which is trivial for the NSA to acquire.

Very true.  SSL/TLS may be secure by itself, but the CA infrastructure is not.  In fact, not only the NSA but a lot of other governments also directly or indirectly "own" a CA which is trusted by all major browsers/systems.
legendary
Activity: 1176
Merit: 1015
I have a sneaking suspicion that the NSA's alleged superpowers are overrated. Maybe they once were way ahead of the curve back when crypto was a nerd curiosity. But now? In 2013, when the whole world understands the importance of crypto and scads of people are interested in it, including hackers who stand to become fabulously wealthy if they could find a flaw? I just don't buy it. More likely the government just wants people to think there's no point in using cryptography.

And we have a winner! Ding ding ding!

After Prism we started to hear lots of stories coming from two sides.

Side 1) We need to start using crypto in everything now! Secure all the things! (This is us, the geeks)

Side 2) Oh fudge if people start securing everything the future is going to be very dark indeed. Very dark because our capturing data centers will be redundant. (This is the NSA)

If the NSA had really broken core cryptographic functions they would be neutral on people using encryption as it wouldn't matter. They would stay in the dark like they always do. Just watching us.

However instead we started to get FUD all over the place about encryption. I remember reading that the government recommended people not to use encryption because it would mean the NSA would keep your data forever, and when that didn't work they started to give hints that all this encryption is useless anyway.

This is what they want people to think, that its all broken so why waste your time? Just go back to using closed source please.

If there is something they have done, that is they are "cheating" in that they are compromising many communication lines, certificates and closed source software.

NSA most likely have access to gmail, skype, perhaps even windows backdoors.

This is a campaign of FUD from the government.

EDIT: I think SSL is compromised because they rely on certificates which is trivial for the NSA to acquire.
sr. member
Activity: 280
Merit: 250
as evidence Linux is gaining in popularity:

http://blog.cryptographyengineering.com/2013/09/on-nsa.html



These are SSL servers.

But in the PC world it's:

Windows... 86.0%
Apple......... 7.5% 
Linux.......... 1.5%

You're average person has never seen or used a Linux box.

http://en.wikipedia.org/wiki/Usage_share_of_operating_systems
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Well, SHA-512 was also designed by the NSA right? And HMAC-SHA-512 uses the same hash function. Does anyone think they can crack that better than brute-force?
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Why would the NSA ever release a 'secure' algorithm? It's like shooting yourself in the foot, it would make their job so much harder. They would only ever release something that they could control. It's just the way the world works.

Because you can never definitively prove a cryptographic system is secure.  The only way to "know" a cipher is secure is to make it publicly available and let the best in the world take a crack at it.  It is very easy to write a cryptographic system that you yourself can't break but that is next to useless.  Secret cryptography usually is weak cryptography.  History is littered with examples of failed "strong" systems.  One classic one is WEP which is so unbelievably broken it is hard to believe cryptographers came up with it.  Security through obscurity doesn't work.  Had the specs for WEP been made publicly available in the design phase people would have found the flaws in a matter of weeks and saved everyone a ton of problems down the road.  For every good cipher there are dozens and dozens of flawed ones.  No matter how smart a single developer is the combined intellect of the planet is better, that is the entire rationale for open source.  The NSA is not only responsible for finding the secrets of others they are responsible for ensuring others don't find the secrets of the United States. 

The US government uses SHA-2 in secure cryptographic systems including SIPERNet.  I know this from personal experience.

Hmmm, you are sounding more and more like a spook or ex-spook ... doth protest too much?
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Are you really that naive?

Do you underestimate the brightest minds in the world? Do you believe that the minds in the NSA are somehow brighter than those outside of it?

It is not who is brighter or has the most talent ... it is about an asymmetry of knowledge (as it has always been, the designer of the lock is the guy who knows where it is vulnerable.)

NSA designed the SHA256 algorithm, you don't think they had an eye on what their hardware is capable of whilst doing so?
legendary
Activity: 2142
Merit: 1010
Newbie
The US government uses SHA-2 in secure cryptographic systems including SIPERNet.  I know this from personal experience.

Quoted for future references when I prove that
1. D&T = Satoshi
2. Bitcoin was created by NSA

Hehe
legendary
Activity: 905
Merit: 1000
By the way: What might have been the reason that Mr. Nakamoto decided to use an NSA algorithm (SHA-256) for Bitcoin?

There are more than a few hints that Mr Nakamoto himself (themselves) may be linked to NSA. just saying...

A cite?  The only comments I remember is when Gavin went to CIA for a presentation on Bitcoin, Satoshi wasn't interested.

This is quoted from the defunct Bruce Wagner Bitcoin podcast:

Bruce Wagner : When was the last time you chatted to satoshi
Gavin Andresen: Um... I haven't had email from satoshi in a couple months actually. The last email I sent him I actually told him I was going to talk at the CIA. So it's possible , that.... that may have um had something to with his deciding



Link to source/timestamp?

I'd love to hear this part, but not enough to listen through Bruce Wagner's podcast.

http://itunes.apple.com/us/podcast/onlyonetv.com-bitcoin-show/id464967190

It should be around 17:53. First episode.

legendary
Activity: 1764
Merit: 1002
donator
Activity: 1218
Merit: 1079
Gerald Davis
By the way: What might have been the reason that Mr. Nakamoto decided to use an NSA algorithm (SHA-256) for Bitcoin?

There are more than a few hints that Mr Nakamoto himself (themselves) may be linked to NSA. just saying...

A cite?  The only comments I remember is when Gavin went to CIA for a presentation on Bitcoin, Satoshi wasn't interested.
full member
Activity: 133
Merit: 100
By the way: What might have been the reason that Mr. Nakamoto decided to use an NSA algorithm (SHA-256) for Bitcoin?

There are more than a few hints that Mr Nakamoto himself (themselves) may be linked to NSA. just saying...
full member
Activity: 190
Merit: 100
I won't be following this topic now as I want to avoid an irrational troll. The only thing which could add to this discussion now for me would be an explanation of what they have cracked.
legendary
Activity: 1036
Merit: 1000
I have a sneaking suspicion that the NSA's alleged superpowers are overrated. Maybe they once were way ahead of the curve back when crypto was a nerd curiosity. But now? In 2013, when the whole world understands the importance of crypto and scads of people are interested in it, including hackers who stand to become fabulously wealthy if they could find a flaw? I just don't buy it. More likely the government just wants people to think there's no point in using cryptography.
legendary
Activity: 1764
Merit: 1002
if open source is so insecure, why are all these gov't agencies using it including the NSA itself via SELinux?  i think the same can be said of SHA 1&2:

http://en.wikipedia.org/wiki/List_of_Linux_adopters

Government

As local governments come under pressure from institutions such as the World Trade Organization and the International Intellectual Property Alliance, some have turned to Linux and other Free Software as an affordable, legal alternative to both pirated software and expensive proprietary computer products from Microsoft, Apple and other commercial companies. The spread of Linux affords some leverage for these countries when companies from the developed world bid for government contracts (since a low-cost option exists), while furnishing an alternative path to development for countries like India and Pakistan that have many citizens skilled in computer applications but cannot afford technological investment at "First World" prices.

    In July 2001[1] the White House started moving their computers to a Linux platform based on Red Hat Linux and Apache HTTP Server.[2] The installation was completed in February 2009.[3][4] In October 2009 the White House servers adopted Drupal, an open source content management system software distribution.[5][6]
    Brazil uses PC Conectado, a program utilizing Linux.
    The City government of Munich chose in 2003 to start to migrate its 14,000 desktops to Debian-based LiMux.[7] Even though more than 80% of workstations used OpenOffice and 100% used Firefox/Thunderbird five years later (November 2008),[8] an adoption rate of Linux itself of only 20.0% (June 2010) was achieved.[9][10] The effort was later reorganized, focusing on smaller deployments and winning over staff to the value of the program. By the end of 2011 the program had exceeded its goal and changed over 9000 desktops to Linux.[11] The city of Munich reported at the end of 2012 that the migration to Linux was highly successful and has already saved the city over €11 million (US$14 million).[12]
    The United States Department of Defense uses Linux - "the U.S. Army is “the” single largest install base for Red Hat Linux"[13] and the US Navy nuclear submarine fleet runs on Linux.[14]
    The city of Vienna has chosen to start migrating its desktop PCs to Debian-based Wienux.[15] However, the idea was largely abandoned, because the necessary software was incompatible with Linux.[16]
    Spain was noted as the furthest along the road to Linux adoption in 2003,[17] for example with Linux distribution LinEx
    State owned Industrial and Commercial Bank of China (ICBC) is installing Linux in all of its 20,000 retail branches as the basis for its web server and a new terminal platform. (2005) [18]
    In April 2006, the US Federal Aviation Administration announced that it had completed a migration to Red Hat Enterprise Linux in one third of the scheduled time and saved 15 million dollars.[19][dead link]
    The Government of Pakistan established a Technology Resource Mobilization Unit in 2002 to enable groups of professionals to exchange views and coordinate activities in their sectors and to educate users about free software alternatives. Linux is an option for poor countries which have little revenue for public investment; Pakistan is using open source software in public schools and colleges, and hopes to run all government services on Linux eventually.
    The French Parliament has switched to using Ubuntu on desktop PCs.[20][21]
    The Federal Employment Office of Germany (Bundesagentur für Arbeit) has migrated 13,000 public workstations from Windows NT to OpenSuse.[22]
    Czech Post migrated 4000 servers and 12,000 clients to Novell Linux in 2005[23][24]
    Cuba - Students from the Cuban University of Information Science launched its own distribution of Linux called Nova to promote the replace of Microsoft Windows on civilian and government computers, a project that is now supported by the Cuban Government. By early 2011 the Universidad de Ciencias Informáticas announced that they would migrate more than 8000 PCs to this new operating system.[25][26][27]
    The Canton of Solothurn in Switzerland decided in 2001 to migrate its computers to Linux, but in 2010 the Swiss authority has made a U-turn by deciding to use Windows 7 for desktop clients.[28]
    France's national police force, the National Gendarmerie started moving their 90,000 desktops from Windows XP to Ubuntu in 2007 over concerns about the additional training costs of moving to Windows Vista, and following the success of OpenOffice.org roll-outs. The migration should be completed by 2015. The force has saved about €50 million on software licensing between 2004 and 2008.[29][30][31]
    France's Ministry of Agriculture uses Mandriva Linux.[31]
    Macedonia's Ministry of Education and Science deployed more than 180,000 Ubuntu based classroom desktops, and has encouraged every student in the Republic of Macedonia to use Ubuntu computer workstations.[32]
    The People's Republic of China exclusively uses Linux as the operating system for its Loongson processor family, with the aim of technology independence.[33]
    The US National Nuclear Security Administration operates the world's tenth fastest supercomputer, the IBM Roadrunner, which uses Red Hat Enterprise Linux along with Fedora as its operating systems.[34]
    The regional Andalusian Autonomous Government of Andalucía in Spain developed its own Linux distribution, called Guadalinex in 2004.[35]
    The South African Social Security Agency (SASSA) deployed Multi-station Linux Desktops to address budget and infrastructure constraints in 50 rural sites.[36]
    In 2003, the Turkish government decided to create its own Linux distribution, Pardus, developed by UEKAE (National Research Institute of Electronics and Cryptology). The first version, Pardus 1.0, was officially announced in 27 December 2005.[37]
    In 2010 The Philippines fielded an Ubuntu-powered national voting system.[38]
    In July 2010 Malaysia had switched 703 of the state's 724 agencies to Free and Open Source software with a Linux based operating system used.[39] The Chief Secretary to the Government cited, "(the) general acceptance of its promise of better quality, higher reliability, more flexibility and lower cost".[40]
    In late 2010 Vladimir Putin signed a plan to move the Russian Federation government towards free software including Linux in the second quarter of 2012.[41][42]
    The city government of Largo, Florida, USA uses Linux and has won international recognition for their implementation, indicating that it provides "extensive savings over more traditional alternatives in city-wide applications."[43]
    Iceland has announced in March 2012 that it wishes to migrate to open source software in public institutions. Schools have already migrated from Windows to Ubuntu Linux.[44]
    In June 2012 the US Navy signed a US$27,883,883 contract with Raytheon to install Linux ground control software for its fleet of vertical take-off and landing (VTOL) Northrup-Grumman MQ8B Fire Scout drones. The contract involves Naval Air Station Patuxent River, Maryland, which has already spent $5,175,075 in preparation for the Linux systems.[45]
    In 2004 Venezuela's government approved the 3390 decree,[46] to give preference to using free software in public administration. One result of this policy is the development of Canaima, a Deban-based Linux distribution.
Pages:
Jump to: