No, The Nsa Can't Really Bruteforce Your Encryption!

"Micah Lee's Blog." Micah Lees Blog. N.p., n.d. Web. 30 Dec. 2015.

Also see:
"NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds." MIT Technology Review. N.p., 09 Sept. 2013. Web. 30 Dec. 2015.


Now this last paper here (which I have quoted from below, and cited below the quotation), this is particular interesting. A Related Key Attack has been discovered that can reduce the computational complexity of AES-256 and AES-192 to 299.5 and 2176 , respectively. This to me suggests that AES-192 may be more secure than AES-256 despite a shorter key length due to some very technical mathematical reasons.

Don't know if that last part makes me feel better or not, I'm confortable with 2^176, but 2^99.5 is starting to seem sketchy. Using a bit of python (which i barely know to save my life, but it's good for doing math) I was able to calculate that an attacker that had such computing power that they could try 200,000,000,000,000,000 keys per second utilizing this break reducing the complexity to 299.5 (which would cost about $100 trillion to build a cluster capable of this much computational power) could bruteforce the 256 bit key (single key) in only just over 142,117 years! (142,117.633117 to be precise.) AFAIK, this is the best cryptographic break for AES existing in adacemics.

source: Biryukov, Alex, and Dmitry Khovratovich. "Related-key Cryptanalysis of the Full AES-192 and AES-256." (n.d.): n. pag. Web. h[1]

 

I thought it was common knowledge that NSA can and does break encryption regularly to spy on internet users every single day. Even if it wasn't common knowledge, it's kind of one of those "DUH" things.

Whoever you quoted is a fucking moron. To say the NSA doesn't receive "that much funding," much less doesn't have the ability to hack into people's internet activity is naive at best and plain ignorant at worst. Most people who say shit like this are completely ignorant of the technology and the funding the government has at its disposal. I laugh at these hackers and computer nerds who think they've got anything on the NSA's supercomputers simply because they have some understanding of code.

 

These guys are doctorates in computer science and cryptology who wrote that paper last academic article. Also, this applies to AES-256. SSL/TLS has been broken before due to poor implementation, as well as WEP/RC-4 (which was susceptible to IV based attacks and is now deprecated due to this flaw in its IV generation algo) These encryption schemes are "fundamentally different", and theres a difference between something like WEP and "strong encryption" like AES, or RSA (and PGP, which uses iirc a CAST5 block cipher to encrypt the plaintext with a randomly generated one time key, which is then encrypted (the one time key) with the RSA public key).

Did you read the academic paper I cited at the end?

Yeah sure, they can break poorly implemented crypto used by people who don't know what their doing, or people that use strong crypto are dumb enough pick "god" as their password (which is hashed to generate the 256 bit key) And yes, they collect metadata all the time, most of which cant be encrypted. But a file sitting on a disk somewhere encrypted with AES-256 is a completely different story than what you are talking about.

Theres a difference between a block cipher, and stream ciphers, and symmetric vs assymetric key encryption, there are thngs like block chaining modes and codebook modes like XTS, and IV generation algorithms, all of which are part of a properly implemented crypto system.

Please at least skim the academic literature before going back to the tinfoil salesman to get your fix And I mean that in the nicest way possible. These scientists and mathematicians are far smarter than I, and if they say it's hard to break.. then it probably really is.

The tin foil gets you no where, and the gobernm3nt relies on a steady supply of tinfoil users in order to be successful at "breaking crypto".

 

If you follow the news you should know that encryption is becoming part of the political debate. Not sure where I read it, but at one time and maybe still today, encryption is illegal.

Don't quote me on encryption being illegal as all tech encrypts on some level. But I see a future where encryption that takes up to many resources from the Government, being illegal. Just watch!

I'm sure if you watched someones internet activity that isn't encrypted, you could come up with some common ideas about what they use as keys. Not always, but any computer that is online isn't that safe from being spied on.

 

"

Most corporate environments require by policy to use strong encryption, and strong network security (dont want the script kiddies dumping the server and stealing you bank accounts do you?)

"Inpenetrable encryption technology [such as AES] is a problem to be solved"
"Inpenetrable encrytion [strong crypto e.g. AES] is a threat to our national security"

Both paraphrased quotes by Hilary Clinton. If it was so trivial for the N5A to break then why does she feel its such a "threat"?

She would like it if using strong crypto were made illegal .. of course the terrorists will continue using it, but it'd make it easier to spy on more Americans possibly. And you can bet Im still gonna be using it ... the algorithms are already out there, as well as the code to implement it. They cant just make these things disappear from the academic literature. What's next, make it illegal to major in computer science and just have pakistanis write all our software off shore, outsourcing those jobs there ... lol.

The need really dumb citizens ...

 

Very true. Although I don't think that breaking encryption is trivial. It's a big deal. I don't know how far the rabbit hole goes, but it seems it could be pretty deep. Even prisoners use encryption. They make kites/notes that are encoded in some way. They have gang units in prison that try to break their codes. Encryption goes as far back as languages. If you don't know a language it's encrypted to you!

Just sucks, I have no real need for encryption. I don't know where I stand in being on the G-mans radar. So I don't do much that I can't live with 'them' knowing.

 

Its kind of like russian dolls .. the rabbit hole that is.

And most "gangstas" in prison arent the smartest people .. so i doubt their "crypto" is very good, not even close to something like AES or blowfish etc. Real computational crypto math is a completely different beast.

 

IRQ42, very interesting....

ignore PR, the topic is way beyond his IQ level, he just thinks it's another little soapbox to rant about...LOL

fixed it for ya.

 

Its less like "hackers and nerds" and more like "the top experts in the computer science, cryptology and mathematics fields". Now myself may fall in the "hackers and nerds category", but not the PhDs that write these academic articles on crypto and data security. A PhD in the fields of computer science, math and crypto is nothing to scoff at...maybe especially so the math.

 

I had the program truecrypt and it had all the fancy encryption algorithms. I encrypted a flash drive and someone ended up stealing it. Bet they can't use that know, lol!

I think I just had some girly pics on it and some links for online shopping. But I also had my monthly budget and things like that. They stole a phone and also a checkbook that was a starter and didn't have my name on it yet.

I think encryption should remain legal. Surely businesses require to encrypt somethings. Anyhow, it's illegal and a criminal charge to block an investigation unless your incriminating yourself.

 

Encryption is absolutely necessary, this is the reason that banks and pretty much all corporations are required by policy to implement it, and have their security audited and pentested (i.e. attempted intrustion from a penetration tester, to see if any vulnerabilities exist in their system they need to fix.) This lessons the damage done should some attacker manage to steal some files from a server or something. If they were unencrypted this would be devastating to the company and it's customers.

Some people are so paranoid and have this mentality that's not unlike, "Well, burglars can just pick my locks anyway, so I'm not even gonna bother installing a deadbolt on my front door since they'll just pick the lock anyway". In that case, now not only do you have to worry about burglars that know how to pick locks, but pretty much anyone, you might as well not even have a front door because you literally have no security at all. Picking locks is definitely a whole lot easier than cracking strong crypto systems, and some locks are easier to pick than others .. so if you're worried about "burglars picking your locks" the rational thing to do would be buy better locks that are harder to pick (like cylindrical key locks like some safes have, or the those funny J shaped locks they use for the master key in the NYC subway system where the twists and turns make it very difficult to use lockpicking tools), rather than abandon locks completely. Most burglars go for the low hanging fruit, and if your lock is too hard to pick they'll just pick your neighbors easier lock instead ... or look for places that left their door unlocked or keys under the doormat.

Edit: it's worth noting that these pentesters will do everything a real black hat cracker may try, all the way from recon to execution. This includes, dumpster diving / trashing, social engineering, tail-gating and fake company IDs to enter the building and impersonating company employees or service providers; as well as actual attacks on the network after they have gained as much information about the company as they can through information gathering.

Also worth noting that the N5A itself uses AES, deeming it suitable for "classified" data.

 

And they're gonna spend all of this money to go after ONE person ...

 

Morons, eh ...

"Alex Biryukov is a cryptographer, currently a full professor at the University of Luxembourg. His notable work includes the design of the stream cipher LEX, as well as the cryptanalysis of numerous cryptographic primitives. In 1998, he developed impossible differential cryptanalysis together with Eli Biham and Adi Shamir.[1] In 1999, he developed the slide attack together with David Wagner. In 2009 he developed, together with Dmitry Khovratovich, the first cryptanalytic attack on full-round AES-192 and AES-256 that is faster than a brute-force attack.[2] Since 1994 Alex Biryukov is a member of the International Association for Cryptologic Research."


"Dmitry Khovratovich is a post-doctoral researcher since January 2013. He specializes in the design and cryptanalysis of symmetric primitives, e.g. hash functions and block ciphers. Dmitry is also interested in the practical aspects of cryptography: electronic currencies, tamper-proof designs, etc.. Dmitry is an author of the first attacks on the AES block cipher in various models, the best attacks on Skein, SHA-1 and SHA-2 hash functions, the attacks on the full versions of ALE, Grindahl-512, Luffa, and many others."

Think again

 

Well. Nice to see someone with some actual knowledge. Which I certainly don't have.

 

A couple of weeks ago I skimmed through an article that was saying that people that use heavy encryption, TOR, IP address swappers, and other "out of the norm" ways to access the internet are just asking the NSA to track their every move.


They are on to your shyt...

 

Yep, I'm sure they're watching everybody in academics researching this stuff ... we're criminals! Anyone who knows too much about computers must be a criminal (the criminals I've met typically don't know a goddamn thing about computers but you know....).

http://phrack.org/issues/7/3.html

 

Everybody is a criminal... Until you prove yourself, in a court of law, that you aren't a criminal. Of course by that time you have a criminal record, so yeah.

 

hi IRQ42 is the serpent encryption algorithm secure enough?

 

The NSA can attack AES. The stated goal of the NSA for the Utah Data Center was to make AES breakable by 2016 in an actionable timeframe.

My GPU can attack AES256 at around a million hashes per second. If I were guessing, I would suspect they're using specific ASIC's which are probably 100-1000 times more efficient than my 295x2.

There aren't just problems with implementation. If some non-encrypted data can be captured alongside the keys, the complexity can be drastically reduced. This requires data in the scale of exabytes for plain text.

https://www.iacr.org/archive/ches2004/31560162/31560162.pdf

I reccomend Blowfish for encryption. It's as complex as AES-256, and the NSA didn't publicly say they were going to have it broken within two days.