Pages:
Author

Topic: The Biggest Threat to Bitcoin: The New American NSA Datacenter (Read 3828 times)

legendary
Activity: 1512
Merit: 1049
Death to enemies!
Quote
256-bit should be fine for a while yet, but in 10 more years it may also be breakable, if you have a 2 billion dollar budget.
256-bit is not two times stronger than 128-bit. The strength of encryption grows exponentially, not linearly. 256-bit with current computing technologies and more's law might be safe for more than 10 or probably 200 years. It might be safe till the end of time.
Quote
NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. "
So the TripleDES is finally broken? Or Blowfish, or SHA-1 hash function? What is complex encryption scheme? Some Rube-Goldberg encryption using data destruction and outdated ciphers or TrueCrypt? TrueCrypt is actually not so complex at all, in terms of usability and ease-of-use. This statement by incomptetent spokesperson makes no sense at all to me.
Quote
A far more likely use would be a fishnet over GSM-encrypted phone calls in realtime
GSM is no encryption at all, it is merely a obfuscation. NSA and any government agency can listen at will, they already have copies of GSM encryption keys and direct access to operator's infrastructure. Maybe using voice recognition and data mining all conversations nationwide is one of the purposes?
Quote
I'm drunk, so don't take me seriously.
In some countries being drunk while committing crime (such as telling it will be good if someone nuke arseholes in NSA) is going to ad additional years to sentence.
Quote
You just got every person in this thread on a domestic terrorist watchlist.
I'm located in Eastern Europe and I have veiled Arab man in my avatar, now I'm a foreign terrorist! Cheesy Nuke with dirty Iranian nuclear bomb the capitalist terrorists and abduct CIA president while sniffing train of anthrax letter cocaine and buy Rolex replica watches cheap! Sh*t, that smoke was a strong one!
Quote
NDAA
Is it something similar to MDMA? I will visit Silk Road to find out more Cheesy
Quote
Using larger key sizes won't really do any difference unless your password also has double the entropy. We're slowly reaching a point where humans are having trouble remembering pass phrases with sufficient entropy (we're not there yet though!)
The password in GPG is used to protect the private key in case if the file containing key is fallen in hands of enemy. It is not related to quality of the keypair. If enemy only have your public key, the quality of the password protecting your private key does not matter. Only the source of randomness is important, and computers are known to be poor at generating truly random data without hardware random number generator.

Where passwords are the weakest link, they must be strong and random. In 1 month average human can remember password containing 30+ ASCII characters.
legendary
Activity: 980
Merit: 1008
Quote
mmmmmmm imagine the Ghash's, but there more likely to use it for cracking pgp and truecrypt
Since they will just have a lot of parrallel processing power, and have not discovered any real vulnerability in those protocols, it seems it will be enough for truecrypt and gpg users to double they maximum key size and be done with it. As I understand it, the difficulty to crack them increases exponentially with longer keys.
I use 4096 bits for everything, so I'm fine.
Using larger key sizes won't really do any difference unless your password also has double the entropy. We're slowly reaching a point where humans are having trouble remembering pass phrases with sufficient entropy (we're not there yet though!).

Once you get to that point, you can just hash the part you remember and use the hash as the password. The part you hash would still need to be strong, and it would force the cracker to either, use hashed values, the actual values, or both. We could also go the route of using patterns instead of characters.
Well that's true. You could, for example as Armory does, use a really slow key derivation function, and apply it so many times that it takes, for example, one second to get the key from the password. That would limit the cracker's attempts to one key per second as far as I can tell (unless the key derivation function is compromised).

Interesting idea about using shapes to gain entropy. Though I have a hard time figuring out how much entropy this actually provides.
sr. member
Activity: 350
Merit: 251
Quote
mmmmmmm imagine the Ghash's, but there more likely to use it for cracking pgp and truecrypt
Since they will just have a lot of parrallel processing power, and have not discovered any real vulnerability in those protocols, it seems it will be enough for truecrypt and gpg users to double they maximum key size and be done with it. As I understand it, the difficulty to crack them increases exponentially with longer keys.
I use 4096 bits for everything, so I'm fine.
Using larger key sizes won't really do any difference unless your password also has double the entropy. We're slowly reaching a point where humans are having trouble remembering pass phrases with sufficient entropy (we're not there yet though!).

Once you get to that point, you can just hash the part you remember and use the hash as the password. The part you hash would still need to be strong, and it would force the cracker to either, use hashed values, the actual values, or both. We could also go the route of using patterns instead of characters.

The red dots are places where red dots on other shapes "lock". The basic idea is that you would be making a vector object, then use that code as the password. Again these are vector objects, so size does not matter. all that matters is that the correct shapes are connected correctly in the right orders, etc..

legendary
Activity: 980
Merit: 1008
Quote
mmmmmmm imagine the Ghash's, but there more likely to use it for cracking pgp and truecrypt
Since they will just have a lot of parrallel processing power, and have not discovered any real vulnerability in those protocols, it seems it will be enough for truecrypt and gpg users to double they maximum key size and be done with it. As I understand it, the difficulty to crack them increases exponentially with longer keys.
I use 4096 bits for everything, so I'm fine.
Using larger key sizes won't really do any difference unless your password also has double the entropy. We're slowly reaching a point where humans are having trouble remembering pass phrases with sufficient entropy (we're not there yet though!).
hero member
Activity: 504
Merit: 504
Decent Programmer to boot!
So they finish this sometime in 2013... Should be plenty of time to scramble together a few nuclear bombs to wipe the place off the fucking map just as they put the finishing touches on it. Anyone in for some fun?

DISCLAIMER: I'm drunk, so don't take me seriously.

Fabulous work, rjk. You just got every person in this thread on a domestic terrorist watchlist.

See you in indefinite detention.

Made possible by the nearly unnoticed NDAA!

legendary
Activity: 1512
Merit: 1036
So they finish this sometime in 2013... Should be plenty of time to scramble together a few nuclear bombs to wipe the place off the fucking map just as they put the finishing touches on it. Anyone in for some fun?

DISCLAIMER: I'm drunk, so don't take me seriously.

Fabulous work, rjk. You just got every person in this thread on a domestic terrorist watchlist.

See you in indefinite detention.
Pretty sure every single one of us has been on the list since 2009 when bitcoin was invented. Cheers.

Now you are:

dirty bomb plutonium palestine abduct anthrax yemen al queda jihad plane truck train liberate occupy
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
So they finish this sometime in 2013... Should be plenty of time to scramble together a few nuclear bombs to wipe the place off the fucking map just as they put the finishing touches on it. Anyone in for some fun?

DISCLAIMER: I'm drunk, so don't take me seriously.

Fabulous work, rjk. You just got every person in this thread on a domestic terrorist watchlist.

See you in indefinite detention.
Pretty sure every single one of us has been on the list since 2009 when bitcoin was invented. Cheers.
Jon
donator
Activity: 98
Merit: 12
No Gods; No Masters; Only You
So they finish this sometime in 2013... Should be plenty of time to scramble together a few nuclear bombs to wipe the place off the fucking map just as they put the finishing touches on it. Anyone in for some fun?

DISCLAIMER: I'm drunk, so don't take me seriously.

Fabulous work, rjk. You just got every person in this thread on a domestic terrorist watchlist.

See you in indefinite detention.
sr. member
Activity: 350
Merit: 251
Ill say what i always say again, its a good idea to keep your data both secret (keep it away from prying eyes) AND encrypted. sometimes both are not possible, but you should try when you can.

For example, bitcoin, this is almost never possible because by design, you give out your public key.

However, secret documents and messages can be both secret and encrypted. You only give the encrypted data to whoever needs it.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
So they finish this sometime in 2013... Should be plenty of time to scramble together a few nuclear bombs to wipe the place off the fucking map just as they put the finishing touches on it. Anyone in for some fun?

DISCLAIMER: I'm drunk, so don't take me seriously.
legendary
Activity: 905
Merit: 1012
A far more likely use would be a fishnet over GSM-encrypted phone calls in realtime.
legendary
Activity: 1274
Merit: 1004
You would think that if the endgame was to bring down BTC, they could do it much cheaper than $2B.
legendary
Activity: 1512
Merit: 1036
They are creating a neural net to model your brain. Once it achieves consciousness, they can just ask it what password you would have used.

Hrm...
"According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. "
legendary
Activity: 1260
Merit: 1000
Drunk Posts
I always use the maximum key size possible, usually 8192 or 16384... Takes a while to generate, but I never notice a difference when I'm actually using them.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh

I guess the new NSA datacenter is not for raw bruteforcing but for mining semantic data from all your intercepted e-mails and other unencrypted junk travelling trough internet backbones.

+1!  Probably far easier and more cost effective to simply find the IP's of most bitcoiners, and destroy all their stuff, set them up on rigged cocaine charges, and put them in prison. That'd be a better attack vector.
According to the article, they are specifically targeting AES encryption, and are hoping to break 128-bit and lesser stuff from 10 years ago to do analysis of the old data to see if there are patterns. They have collected information for a long time, and are only now having a go at actually breaking the encryption. 256-bit should be fine for a while yet, but in 10 more years it may also be breakable, if you have a 2 billion dollar budget.
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack

I guess the new NSA datacenter is not for raw bruteforcing but for mining semantic data from all your intercepted e-mails and other unencrypted junk travelling trough internet backbones.

+1!  Probably far easier and more cost effective to simply find the IP's of most bitcoiners, and destroy all their stuff, set them up on rigged cocaine charges, and put them in prison. That'd be a better attack vector.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
mmmmmmm imagine the Ghash's, but there more likely to use it for cracking pgp and truecrypt

How vulnerable is pgp and truecrypt to brute force attack by so much hashing power?
Imagine a safe made from steel. The walls is thicker than diameter of Milky Way galaxy. That's how strong is properly deployed TrueCrypt. The 2billion diamond saw will not cut trough the steel wall hundreds of light-years thick in reasonable time. With reasonable I mean before Earth takes plunge into Sun.

I guess the new NSA datacenter is not for raw bruteforcing but for mining semantic data from all your intercepted e-mails and other unencrypted junk travelling trough internet backbones.
hero member
Activity: 812
Merit: 1001
-
2 billion$ for cracking a typical password for anything remotely important

W39aJtvjcvOBJ20f
Should not take more than a few milleanias. Good luck with this.

Rubber hoses and predators and bent senators are so much more cost effective than those datacentres.


legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
I use 4096 bits for everything, so I'm fine.

But now I'm going with 8192 bits just to be sure.

~Bruno~
legendary
Activity: 1232
Merit: 1076
I use 4096 bits for everything, so I'm fine.
Pages:
Jump to: