US and UK intel 'have cracked online banking encryption'

Seen something interesting in the news or on the intertubes? Discuss it here.

Moderators: Zamfir, Hawknc, Moderators General, Prelates

elasto
Posts: 3751
Joined: Mon May 10, 2010 1:53 am UTC

US and UK intel 'have cracked online banking encryption'

Postby elasto » Fri Sep 06, 2013 3:55 am UTC

Wow. If this is true, this is getting seriously deep into Big Brother territory now.

US and UK intelligence have reportedly cracked technology used to encrypt internet services such as online banking, medical records and email.

Disclosures by leaker Edward Snowden allege the US National Security Agency (NSA) and the UK's GCHQ are hacking key online security protocols. The documents allege that Yahoo and Google were among service providers targeted.

The NSA is said to spend $250m (£160m) a year on the top secret program. It is codenamed Bullrun, an American civil war battle, according to the documents published by the Guardian in conjunction with the New York Times and ProPublica. The British counterpart program is called Edgehill, after the first major engagement of the English civil war, say the documents.

The reports say the UK and US intelligence agencies are focusing on the encryption used in 4G smartphones, email, online shopping and remote business communication networks.

Under Bullrun, it is said that the NSA has built powerful supercomputers to try to crack the technology that scrambles and encrypts personal information when internet users log on to access various services.

The NSA also collaborated with unnamed technology companies to build so-called back doors into their software - something that would give the government access to information before it is encrypted and sent over the internet, it is reported.

As well as supercomputers, methods used include "technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications", the New York Times reports.

The US reportedly began investing billions of dollars in the program in 2000 after its initial efforts to install a "back door" in all encryption systems were thwarted. During the next decade, it is said the NSA employed code-breaking computers and began collaborating with technology companies at home and abroad to build entry points into their products.

The documents provided to the Guardian by Mr Snowden do not specify which companies participated.

The NSA also hacked into computers to capture messages prior to encryption, and used broad influence to introduce weaknesses into encryption standards followed by software developers the world over, the New York Times reports.

When British analysts were first told of the extent of the program they were "gobsmacked", according to one memo among more than 50,000 documents shared by the Guardian.

NSA officials continue to defend the agency's actions, claiming it will put the US at considerable risk if messages from terrorists and spies cannot be deciphered. But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government.

It is the latest in a series of intelligence leaks by Mr Snowden, a former NSA contractor, who began providing caches of sensitive government documents to media outlets in June.

Mr Snowden, whom the US wants to extradite, has been granted temporary asylum in Russia.


"But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government."

Duh! We continue to inflict self-injury after self-injury in this 'fight against terrorism'. The economic consequences if the Chinese or whoever can read all company emails and banking records etc. could be immense - and outweigh the cost of 9/11, which kicked all this madness off, by a factor of a thousand.

We're ruled by a bunch of power-mad idiots...

link

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby KnightExemplar » Fri Sep 06, 2013 5:28 am UTC

The NSA is said to spend $250m (£160m) a year on the top secret program.


This is an absurdly small amount of money. Are you sure these numbers are right? No offense, but I somehow doubt that it will take only $250million to actually defeat online encryption. People own houses that cost the same as this government program. It is rumored that the XBox One alone has given AMD $3 Billion for the CPU/GPU alone (let alone the total cost of the XBox One project... like the rest of the damn system).

You cannot legitimately tell me that it costs more to build the XBox One console that it takes to break online encryption! The numbers just don't make sense to me.
First Strike +1/+1 and Indestructible.

elasto
Posts: 3751
Joined: Mon May 10, 2010 1:53 am UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby elasto » Fri Sep 06, 2013 6:08 am UTC

KnightExemplar wrote:
The NSA is said to spend $250m (£160m) a year on the top secret program.


This is an absurdly small amount of money. Are you sure these numbers are right? No offense, but I somehow doubt that it will take only $250million to actually defeat online encryption.

It says they spent $250m a year since 2000 - so $3bn or so. Is that enough to defeat online encryption?

How expensive do you think it is to find a weakness in an algorithm anyhow? Weaknesses in technologies are found and revealed all the time by mathematicians and white hats just working on their own time. I could point you to a dozen articles where flaws have been found in everything from magnetic card strips to electronic car security. A government spending billions and also engaging in "technical trickery, court orders and behind-the-scenes persuasion" and who can packet-sniff and middle-man-attack at will should find it a lot easier than lone hackers to find or induce weaknesses.

vega12
Posts: 34
Joined: Tue May 13, 2008 5:48 am UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby vega12 » Fri Sep 06, 2013 6:57 am UTC

Here is another related, and much longer article about this topic: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all

It is amazing how much this program extends. I just hope this will spur groups to push for even more secure protocols. Although when they simply get your hardware manufacturers to build in vulnerabilities by reading pre-encrypted or post-decrypted data straight from your device, what can you really do to fight back?

gnutrino
Posts: 100
Joined: Sat Sep 06, 2008 9:02 am UTC
Location: Over the edge...

Re: US and UK intel 'have cracked online banking encryption'

Postby gnutrino » Fri Sep 06, 2013 11:02 am UTC

KnightExemplar wrote:
The NSA is said to spend $250m (£160m) a year on the top secret program.


This is an absurdly small amount of money. Are you sure these numbers are right? No offense, but I somehow doubt that it will take only $250million to actually defeat online encryption. People own houses that cost the same as this government program. It is rumored that the XBox One alone has given AMD $3 Billion for the CPU/GPU alone (let alone the total cost of the XBox One project... like the rest of the damn system).

You cannot legitimately tell me that it costs more to build the XBox One console that it takes to break online encryption! The numbers just don't make sense to me.


I could be talking out of my ass here but I'd imagine that figure is mostly the wage bill for the people working on the project, the equipment required for it (I hear the NSA has some pretty rad supercomputers) etc. would be budgeted separately as the general cost of providing the "infrastructure" for running a national spying agency.

User avatar
Zamfir
I built a novelty castle, the irony was lost on some.
Posts: 7588
Joined: Wed Aug 27, 2008 2:43 pm UTC
Location: Nederland

Re: US and UK intel 'have cracked online banking encryption'

Postby Zamfir » Fri Sep 06, 2013 11:22 am UTC

From tgat articke:

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.”


That suggests the quarter billion/year was just the part to make backdoors in commercial products. Although the wording is ambiguous

Tyndmyr
Posts: 11443
Joined: Wed Jul 25, 2012 8:38 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby Tyndmyr » Fri Sep 06, 2013 12:02 pm UTC

There is not just one "encryption". Hang out on slashdot for a while. Find out about different encryption types.

Yeah, some get broken. This is known.

User avatar
JBJ
Posts: 1263
Joined: Fri Dec 12, 2008 6:20 pm UTC
Location: a point or extent in space

Re: US and UK intel 'have cracked online banking encryption'

Postby JBJ » Fri Sep 06, 2013 12:57 pm UTC

elasto wrote:It says they spent $250m a year since 2000 - so $3bn or so. Is that enough to defeat online encryption?

It can certainly buy a lot of wrenches.
So, you sacked the cocky khaki Kicky Sack sock plucker?
The second cocky khaki Kicky Sack sock plucker I've sacked since the sixth sitting sheet slitter got sick.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby KnightExemplar » Fri Sep 06, 2013 1:08 pm UTC

How expensive do you think it is to find a weakness in an algorithm anyhow? Weaknesses in technologies are found and revealed all the time by mathematicians and white hats just working on their own time. I could point you to a dozen articles where flaws have been found in everything from magnetic card strips to electronic car security. A government spending billions and also engaging in "technical trickery, court orders and behind-the-scenes persuasion" and who can packet-sniff and middle-man-attack at will should find it a lot easier than lone hackers to find or induce weaknesses.


Magnetic Card Strips aren't encryption, and most electronic cars aren't encryption.

I work in IT and know a bit about this subject. Encryption is considered "broken" when it is weak to a Chosen Plaintext Attack. This means that the attacker is assumed to have access to:

1. The algorithm
2. Can choose the Plaintext to send
3. Can see the Ciphertext that was sent.

The only part that is missing is the key. (or in the case of PKI, the private key. The attacker in PKI obviously has access to the public key). It is considered a major advancement in the field of cryptography to find a chosen plaintext attack against an algorithm, despite how ridiculous the preconditions are. It doesn't matter if the US owns every single network link in between the computers. If they cannot successfully create a chosen plaintext attack, then they cannot decrypt the message. Period. I think the issue here is that a bunch of reporters are talking about a subject that they don't understand.

Zamfir wrote:From tgat articke:

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.”


That suggests the quarter billion/year was just the part to make backdoors in commercial products. Although the wording is ambiguous


But everyone uses HTTPS / RC4 which was developed in 1987 and consists of 20 lines of C code. Its not like its hard to figure out where an "NSA Backdoor" could be when your code is as simple as: http://www.opensource.apple.com/source/ ... /rc4/rc4.c . I guess in theory, AES has a NSA backdoor in it, but experts disagree on that fact. (And Bruce Schneier has been pretty anti-NSA as of late, but he's good at cryptoanalysis... as the creator of Blowfish). AES itself is a bit larger than RC4, but still small enough for a few people to prove the security of it.

Lets take an example situation. Lets say I have a webserver using AES-256 as my HTTPS layer encryption. Lets assume that the NSA even wrote the damn software that my webserver runs... but it doesn't change the fact that AES-256 is resistant to a chosen plaintext attack. It doesn't change the fact that the AES key is the only weakness, and that if I ensure that the AES key never leaves the computer, then I'm 100% safe. AES keys are not found in HTTPS streams. Its simply not part of the protocol. Even if the NSA wrote the damn backdoor into my server, if it were a compliant HTTPS server (which is necessary if my server needs to communicate to say... Firefox or Chrome), then the encryption stream is uncrackable.

At least, uncrackable when we're talking about what $250 Million can get you. The current best known attacks for AES 256 is the quantum computer attack (which as far as I know... doesn't exist). It will take 2^128 (yes, 340282366920938463463374607431768211456 cycles) to break AES-256 on a quantum computer that doesn't exist yet. If you're building a normal computer, the difficulty rises to 2^256 cycles. (115792089237316195423570985008687907853269984665640564039457584007913129639936 cycles), which is well beyond the means of supercomputers today. IIRC, these numbers are at the "Known Plaintext Attack" level, which is still above and beyond what the US Government allegedly has in these reports. (Which would be ciphertext only attack... which is the most you get from a man-in-the-middle)
Last edited by KnightExemplar on Fri Sep 06, 2013 1:36 pm UTC, edited 1 time in total.
First Strike +1/+1 and Indestructible.

User avatar
PolakoVoador
Posts: 1028
Joined: Fri Jun 10, 2011 11:11 pm UTC
Location: Brazil

Re: US and UK intel 'have cracked online banking encryption'

Postby PolakoVoador » Fri Sep 06, 2013 1:34 pm UTC

Yeah, and I'm pretty sure NSA relys on encription itself for a number of reasons/uses. Finding a weakness in AES is huge, and not to be taken lightly. If NSA can crack AES, then you can be damn sure someone else will do it too, and I doubt this is a risk NSA is willing to take.
Last edited by PolakoVoador on Fri Sep 06, 2013 1:48 pm UTC, edited 1 time in total.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby KnightExemplar » Fri Sep 06, 2013 1:37 pm UTC

PolakoVoador wrote:Yeah, and I'm pretty sure NSA relys on encription itself for a number of reasons/uses. Finding a weakness in AES is huge, and not to be taken lightly. If NSA can crack AES, then you can be damn sure someone else will do it too, and I doubt thisis a risk NSA is willing to take.


I'm sure NSA is trying to break AES. But I'm also sure that it needs to spend more than $250 Million / year on such a project.

Which is why I'm confused by the budget number, it is ridiculously small for the task at hand.

It is amazing how much this program extends. I just hope this will spur groups to push for even more secure protocols. Although when they simply get your hardware manufacturers to build in vulnerabilities by reading pre-encrypted or post-decrypted data straight from your device, what can you really do to fight back?


So the boogiemen can now teleport into your data-center without you knowing? Stick a firewall in there man, and ensure that only the HTTPS traffic can come and go from your web-layer web servers. Of course, physical security into your computers is important, but this sort of stuff is standard procedure.
Last edited by KnightExemplar on Fri Sep 06, 2013 1:47 pm UTC, edited 1 time in total.
First Strike +1/+1 and Indestructible.

User avatar
LaserGuy
Posts: 4581
Joined: Thu Jan 15, 2009 5:33 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby LaserGuy » Fri Sep 06, 2013 1:46 pm UTC

KnightExemplar wrote:
How expensive do you think it is to find a weakness in an algorithm anyhow? Weaknesses in technologies are found and revealed all the time by mathematicians and white hats just working on their own time. I could point you to a dozen articles where flaws have been found in everything from magnetic card strips to electronic car security. A government spending billions and also engaging in "technical trickery, court orders and behind-the-scenes persuasion" and who can packet-sniff and middle-man-attack at will should find it a lot easier than lone hackers to find or induce weaknesses.


Magnetic Card Strips aren't encryption, and most electronic cars aren't encryption.

I work in IT and know a bit about this subject. Encryption is considered "broken" when it is weak to a Chosen Plaintext Attack. This means that the attacker is assumed to have access to:

1. The algorithm
2. Can choose the Plaintext to send
3. Can see the Ciphertext that was sent.

The only part that is missing is the key. (or in the case of PKI, the private key. The attacker in PKI obviously has access to the public key). It is considered a major advancement in the field of cryptography to find a chosen plaintext attack against an algorithm, despite how ridiculous the preconditions are. It doesn't matter if the US owns every single network link in between the computers. If they cannot successfully create a chosen plaintext attack, then they cannot decrypt the message. Period. I think the issue here is that a bunch of reporters are talking about a subject that they don't understand.

Zamfir wrote:From tgat articke:

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.”


That suggests the quarter billion/year was just the part to make backdoors in commercial products. Although the wording is ambiguous


But everyone uses HTTPS / RC4 which was developed in 1987 and consists of 20 lines of C code. Its not like its hard to figure out where an "NSA Backdoor" could be when your code is as simple as: http://www.opensource.apple.com/source/ ... /rc4/rc4.c . I guess in theory, AES has a NSA backdoor in it, but experts disagree on that fact. (And Bruce Schneier has been pretty anti-NSA as of late, but he's good at cryptoanalysis... as the creator of Blowfish). AES itself is a bit larger than RC4, but still small enough for a few people to prove the security of it.

Lets take an example situation. Lets say I have a webserver using AES-256 as my HTTPS layer encryption. Lets assume that the NSA even wrote the damn software that my webserver runs... but it doesn't change the fact that AES-256 is resistant to a chosen plaintext attack. It doesn't change the fact that the AES key is the only weakness, and that if I ensure that the AES key never leaves the computer, then I'm 100% safe. AES keys are not found in HTTPS streams. Its simply not part of the protocol. Even if the NSA wrote the damn backdoor into my server, if it were a compliant HTTPS server (which is necessary if my server needs to communicate to say... Firefox or Chrome), then the encryption stream is uncrackable.

At least, uncrackable when we're talking about what $250 Million can get you. The current best known attacks for AES 256 is the quantum computer attack (which as far as I know... doesn't exist). It will take 2^128 (yes, 340282366920938463463374607431768211456 cycles) to break AES-256 on a quantum computer that doesn't exist yet. If you're building a normal computer, the difficulty rises to 2^256 cycles. (115792089237316195423570985008687907853269984665640564039457584007913129639936 cycles), which is well beyond the means of supercomputers today. IIRC, these numbers are at the "Known Plaintext Attack" level, which is still above and beyond what the US Government allegedly has in these reports. (Which would be ciphertext only attack... which is the most you get from a man-in-the-middle)


Sure, but couldn't they just go and ask company on the other end of the HTTPS stream really nicely to just give them your key? Because, terrorism?

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby KnightExemplar » Fri Sep 06, 2013 1:50 pm UTC

Sure, but couldn't they just go and ask company on the other end of the HTTPS stream really nicely to just give them your key? Because, terrorism?


In HTTPS, the AES key changes every session randomly, based on both the client's request and the server's request. The key is agreed upon with a Diffie Hellman key exchange IIRC.
First Strike +1/+1 and Indestructible.

User avatar
LaserGuy
Posts: 4581
Joined: Thu Jan 15, 2009 5:33 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby LaserGuy » Fri Sep 06, 2013 2:06 pm UTC

KnightExemplar wrote:
Sure, but couldn't they just go and ask company on the other end of the HTTPS stream really nicely to just give them your key? Because, terrorism?


In HTTPS, the AES key changes every session randomly, based on both the client's request and the server's request. The key is agreed upon with a Diffie Hellman key exchange IIRC.


I'm not an expert on the field, but I'll point to a more tech-savvy report on what exactly they're doing. Short answer is, yes, they aren't cracking the encryption directly. They don't have to.

Without the ability to actually crack the strongest algorithms that protect data, the intelligence agencies have systematically worked to thwart or bypass encryption using a variety of underhanded methods, according to revelations published by the New York Times and Guardian newspapers and the journalism non-profit ProPublica, based on documents leaked by NSA whistleblower Edward Snowden.

These methods, part of a highly secret program codenamed Bullrun, have included pressuring vendors to install backdoors in their products to allow intelligence agencies to access data, and obtaining encryption keys by pressuring vendors to hand them over or hacking into systems and stealing them.

Most surprising, however, is the revelation that the agency has worked to covertly undermine the encryption standards developers rely upon to build secure products. Undermining standards and installing backdoors don’t just allow the government to spy on data but create fundamental insecurities in systems that would allow others to spy on the data as well.

[...]

According to today’s media reports, the NSA maintains an internal database, called a Key Provisioning Service, of encryption keys for specific commercial products to automatically decode communications. If the necessary key is missing from the collection, a request goes out to the so-called Key Recovery Service to obtain it.

“How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored,” the Times writes. “To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means.”

[...]

It should be noted that these methods don’t involve cracking the algorithms and the math underlying the encryption, but rather rely upon circumventing and otherwise undermining encryption.

[...]

According to a classified NSA memo obtained by the Times, a fatal weakness in a 2006 standard, discovered by two Microsoft cryptographers in 2007, appeared to have been engineered by the NSA. The agency wrote the standard and aggressively pushed it on the international group, the paper writes, privately calling the effort “a challenge in finesse.” The NSA managed to became “the sole editor” on the standard, ensuring that its underhanded efforts paid off.

The ten-year Bullrun program began after the U.S. government failed in its pla to place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on communications at will. Without the Clipper chip, the government launched a systematic plan using trickery and other methods to circumvent encryption and achieved an unspecified breakthrough in 2010. In the wake of this, according to one document, “vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

[...]

The program, according to the documents, “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” By this year, the Times reports, the program had found ways “inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws.

“The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments,” the paper notes.

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a backdoor into the product before it was shipped, a source told the Times

“Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,” cryptographer Bruce Schneier notes in a story by the Guardian. “If the backdoor is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.”

Some of the agency’s most intensive efforts to gain access to encrypted internet traffic have focused on Secure Sockets Layer, or SSL, virtual private networks and the protections in 4G smartphones.

For at least three years, according to one document, Britain’s GCHQ has been looking for ways to read the encrypted communications of Google, Yahoo, Facebook and Hotmail users. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to one document.


From Wired

Puppyclaws
Posts: 391
Joined: Fri Jul 15, 2011 7:08 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby Puppyclaws » Fri Sep 06, 2013 3:08 pm UTC

KnightExemplar wrote:
The NSA is said to spend $250m (£160m) a year on the top secret program.


This is an absurdly small amount of money. Are you sure these numbers are right? No offense, but I somehow doubt that it will take only $250million to actually defeat online encryption. People own houses that cost the same as this government program. It is rumored that the XBox One alone has given AMD $3 Billion for the CPU/GPU alone (let alone the total cost of the XBox One project... like the rest of the damn system).

You cannot legitimately tell me that it costs more to build the XBox One console that it takes to break online encryption! The numbers just don't make sense to me.


As everyone knows, government agencies are incredibly efficient; corporations are bloated and wasteful (and need to turn profits).

Heisenberg
Posts: 3789
Joined: Wed May 14, 2008 8:48 pm UTC
Location: Uncertain

Re: US and UK intel 'have cracked online banking encryption'

Postby Heisenberg » Fri Sep 06, 2013 3:15 pm UTC

Thank God for Wired. Other news sources have been especially shitty, suggesting that the NSA cracked the encryption algorithm for AES. Glad to know that's not the case.

User avatar
LaserGuy
Posts: 4581
Joined: Thu Jan 15, 2009 5:33 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby LaserGuy » Fri Sep 06, 2013 3:57 pm UTC

The original story as published by ProPublica is here. I won't reproduce in the thread because the details are similar, though I think that they obviously understand what they're talking about better than the second-hand reporting of it (except Wired, of those I've seen so far).

ProPublica has also published an interesting editorial defense explaining their decision to publish in light of the potential risks that revealing could compromise the NSA's ability to investigate terrorists, as well as a statement from the Office of the Director of National Intelligence complaining that they're doing exactly that.

gnutrino
Posts: 100
Joined: Sat Sep 06, 2008 9:02 am UTC
Location: Over the edge...

Re: US and UK intel 'have cracked online banking encryption'

Postby gnutrino » Fri Sep 06, 2013 5:59 pm UTC

KnightExemplar wrote:I work in IT and know a bit about this subject. Encryption is considered "broken" when it is weak to a Chosen Plaintext Attack. This means that the attacker is assumed to have access to:

1. The algorithm
2. Can choose the Plaintext to send
3. Can see the Ciphertext that was sent.

The only part that is missing is the key. (or in the case of PKI, the private key. The attacker in PKI obviously has access to the public key). It is considered a major advancement in the field of cryptography to find a chosen plaintext attack against an algorithm, despite how ridiculous the preconditions are. It doesn't matter if the US owns every single network link in between the computers. If they cannot successfully create a chosen plaintext attack, then they cannot decrypt the message. Period. I think the issue here is that a bunch of reporters are talking about a subject that they don't understand.

KnightExemplar wrote:But everyone uses HTTPS / RC4 which was developed in 1987 and consists of 20 lines of C code. Its not like its hard to figure out where an "NSA Backdoor" could be when your code is as simple as: http://www.opensource.apple.com/source/ ... /rc4/rc4.c . I guess in theory, AES has a NSA backdoor in it, but experts disagree on that fact. (And Bruce Schneier has been pretty anti-NSA as of late, but he's good at cryptoanalysis... as the creator of Blowfish). AES itself is a bit larger than RC4, but still small enough for a few people to prove the security of it.

Lets take an example situation. Lets say I have a webserver using AES-256 as my HTTPS layer encryption. Lets assume that the NSA even wrote the damn software that my webserver runs... but it doesn't change the fact that AES-256 is resistant to a chosen plaintext attack. It doesn't change the fact that the AES key is the only weakness, and that if I ensure that the AES key never leaves the computer, then I'm 100% safe. AES keys are not found in HTTPS streams. Its simply not part of the protocol. Even if the NSA wrote the damn backdoor into my server, if it were a compliant HTTPS server (which is necessary if my server needs to communicate to say... Firefox or Chrome), then the encryption stream is uncrackable.

At least, uncrackable when we're talking about what $250 Million can get you. The current best known attacks for AES 256 is the quantum computer attack (which as far as I know... doesn't exist). It will take 2^128 (yes, 340282366920938463463374607431768211456 cycles) to break AES-256 on a quantum computer that doesn't exist yet. If you're building a normal computer, the difficulty rises to 2^256 cycles. (115792089237316195423570985008687907853269984665640564039457584007913129639936 cycles), which is well beyond the means of supercomputers today. IIRC, these numbers are at the "Known Plaintext Attack" level, which is still above and beyond what the US Government allegedly has in these reports. (Which would be ciphertext only attack... which is the most you get from a man-in-the-middle)


KnightExemplar wrote:In HTTPS, the AES key changes every session randomly, based on both the client's request and the server's request. The key is agreed upon with a Diffie Hellman key exchange IIRC


Oh Dear, Oh Dear, Oh Dear, where to begin? Well let's start with something you (almost certainly) got right: I would bet my life1 that the NSA can't crack AES or any equivalent modern symmetric cipher with unknown, known or chosen plaintext attacks (when properly implemented with sufficiently long keys etc etc). However sadly cryptography isn't as simple as that, to use a symmetric cipher both parties must first share a key and to do that an asymmetric cipher is used. These typically rely for their strength on the difficulty of factoring very large numbers and/or calculating discrete logarithms and I certainly would not bet my life that the NSA hasn't developed an efficient method of doing either. Notably the current round of leaks suggest that the NSA made some sort of major cryptanalytic breakthrough around 2010 (c.f. particularly the second slide shown in that article: "Cryptanalytic Capabilities are now coming online", "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable") the nature of which is entirely unclear but I personally wouldn't be too surprised if they found some sort of weakness in one or more public key algorithms2.

Pay particular attention to section 7. "The TLS Handshake Protocol" in the rfc you linked and you'll see that how the key sharing is done in TLS/SSL is not exactly simple, the TLS standard allows both sides to negotiate on which method to use when initiating the session which means you can't say that there is one "way" in which the key is agreed upon. Ephemeral Diffie-Hellman (EDH) is certainly one way of doing it3 but this paper5 (section 4.2) shows that RSA is the most common method in actual use6. And the thing about RSA is that it uses the same public/private key pair to encrypt the (unique) session keys, which means that if you have access to a server's private key7 you can decrypt all traffic going to that server. And any historic traffic you may have stored while you worked on "acquiring" the private key.

Even if they can't get hold of the private key there are still tricks they can do; for example, if they have access to certificate authority private keys8 they can create a valid certificate claiming they are yourbank.com or whatever and run a man in the middle attack against you. Or they can just cut the pretense and take all your data straight from the server on the other end. Because you never know what could be used to help the trrrists.

Basically crypto is hard in actual, practical, situations and there are plenty of ways someone with as much incentive and funding as the NSA could attack the encryption used on the internet and there's no reason to believe they aren't trying them all and more.

[1] Although I sincerely hope that I would never be in a position to actually have to
[2] This would not actually be the first time I'd heard this, there have been rumors of something like this bouncing around for a while now
[3] and using that provides a nifty property called Perfect Forward Secrecy4
[4] Sometimes just called Forward Secrecy because calling something "perfect" in cryptography is generally frowned upon
[5] Which is actually a pretty good read generally for anyone interested in this stuff
[6] Mostly because it's faster
[7] Either by factoring the public key or by "persuading" the owner to give it to you
[8] Here's a fun experiment: go to some https secured sites and look to see who the root CA is (in firefox click the little padlock next to the url -> More Information -> View Certificate -> Details and look at the top certificate in the certificate hierarchy), if this company is based in America or an ally of America then the NSA almost certainly has the private keys of the CA and the can run a MITM attack against you.

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6568
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: US and UK intel 'have cracked online banking encryption'

Postby Thesh » Fri Sep 06, 2013 8:37 pm UTC

Heisenberg wrote:Thank God for Wired. Other news sources have been especially shitty, suggesting that the NSA cracked the encryption algorithm for AES. Glad to know that's not the case.


When anything major like that comes out, check http://www.schneier.com/ - he will usually have much better insight.
Summum ius, summa iniuria.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby KnightExemplar » Sat Sep 07, 2013 4:48 am UTC

Heisenberg wrote:Thank God for Wired. Other news sources have been especially shitty, suggesting that the NSA cracked the encryption algorithm for AES. Glad to know that's not the case.


I think I've been reading those other crap articles. Wired seems to have Bruce Schneier helping them write the articles, which is probably why their article makes the most sense.
First Strike +1/+1 and Indestructible.

pjk
Posts: 1
Joined: Sun Sep 08, 2013 12:16 pm UTC
Location: Bangkok, Thailand
Contact:

Re: US and UK intel 'have cracked online banking encryption'

Postby pjk » Sun Sep 08, 2013 12:33 pm UTC

I find this article hard to believe. While I'm sure the gov't have the best computer and manpower out there, I doubt they can decrypt everything. I had an interesting discussion with a friend about this earlier.

With that said, keep the simple rule: if you don't want people to see it, don't share it.

cphite
Posts: 1360
Joined: Wed Mar 30, 2011 5:27 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby cphite » Mon Sep 09, 2013 6:44 pm UTC

pjk wrote:I find this article hard to believe. While I'm sure the gov't have the best computer and manpower out there, I doubt they can decrypt everything. I had an interesting discussion with a friend about this earlier.

With that said, keep the simple rule: if you don't want people to see it, don't share it.


Basically what they're doing is keeping a list of encryption keys for various products that encrypt data. How they get those keys isn't entirely clear, but most of the evidence points to them using intimidation tactics and/or outright stealing them. Gotta love that government transparency, eh?

Once you have the keys, you don't need to brute force it anymore, you just loop through the keys for the product you're trying to crack.

Folks who are really serious about keeping their data "NSA-proof" will need to use products that require additional keys that are unique. Actually cracking encryption - which is what most of the news items are reporting but absolutely not what is happening - still takes far too much time even for supercomputers to be feasible.

User avatar
poochyena
Posts: 186
Joined: Fri May 20, 2011 2:02 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby poochyena » Wed Sep 11, 2013 12:46 am UTC

havn't the government been, or at lest attempt to, crack encryptions for like 50+ years? i remember watching a show talk about how they had giant rooms with computers that would try and solve encrypted messages that the soviet union were sending. So its not really news that they are trying to crack stuff, right?

The thing that concerned me the most was "The NSA also collaborated with unnamed technology companies to build so-called back doors into their software - something that would give the government access to information before it is encrypted and sent over the internet".
idk much about hacking, but i assume adding a backdoor makes hacking something kinda easier..


oh, and may be somewhat off topic, but what does the $250million a year go towards? People are saying thats a low amount, whats the ideal amount, and where does the money go, besides just paying people to work their magic.

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6568
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: US and UK intel 'have cracked online banking encryption'

Postby Thesh » Wed Sep 11, 2013 1:06 am UTC

poochyena wrote:oh, and may be somewhat off topic, but what does the $250million a year go towards? People are saying thats a low amount, whats the ideal amount, and where does the money go, besides just paying people to work their magic.


That's not off-topic, that's the cost of this one program to bypass security. In my entirely un-expert opinion, it probably involves stuff like planting agents in companies to steal encryption keys, getting companies to install viruses that allow them to hack in and steal encryption keys, working directly with companies to get them to hand over their keys, etc. Nothing super-difficult or resource intensive.
Summum ius, summa iniuria.

elasto
Posts: 3751
Joined: Mon May 10, 2010 1:53 am UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby elasto » Wed Sep 11, 2013 7:41 am UTC

poochyena wrote:havn't the government been, or at lest attempt to, crack encryptions for like 50+ years? i remember watching a show talk about how they had giant rooms with computers that would try and solve encrypted messages that the soviet union were sending. So its not really news that they are trying to crack stuff, right?


Right. The news is how they're doing it, and a broader principle of should governments be accountable to their voters.

Back in the 90s there was a political debate about 'should the government have the right to automatically be able to read anyone's encrypted transmissions', and the answer came back from both the public and politicians as a resounding 'No!'

They then implemented the program secretly anyway.

The way they did it has also been extremely damaging to the US public's interests: They did it by installing backdoors, hacking keys, and by deliberately encouraging flawed technology to proliferate.

It can only be arrogance at work here: They must presume that there are no foreign spies inside the NSA, because otherwise they've made it far easier than it would otherwise be for foreign agents to spy on US citizens and US companies. But it seems unlikely Snowden is the only one to successfully hack the NSA. He's just the only one with the honor to announce publicly what he found out. So who knows how much of the IP theft that Chinese companies have been engaging in this last decade could have been avoided if the NSA had simply acquiesced to public demands and not undermined secure means of encryption.

So how should they spy on criminals and foreign agents across the world if they don't have a backdoor into encryption? The 'old-fashioned way': Tap the target's houses, cars, computers and phones; Infiltrate organisations; Get warrants for call records and emails etc. Not have a backdoor into the internet and be able to go on massive fishing expeditions for anything at any time...

Apart from anything else, the economic cost of foreigners being able to more easily infiltrate on US companies probably heavily outweighs the economic benefit of the US being able to more easily spy on foreigners. The US has a lot more to lose - a veritable information economic gold-mine compared to most other countries in the world.

Yes, there will be an extra economic cost because it will be harder to stop criminals, and some terrorist actions may succeed when they'd otherwise fail, but we the public already made our choice: We chose personal liberty over big brother. The state ought to respect our wishes. Just who is the master here and who is the subject?

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6568
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: US and UK intel 'have cracked online banking encryption'

Postby Thesh » Wed Sep 11, 2013 10:38 am UTC

If they are obtaining private keys, this would be a good reason to move to a a scheme using ephemeral keys. This is most commonly done with Diffie-Hellman, but there is no reason you couldn't do it with RSA*. If the server provides an ephemeral key, then there would be two parts, the static key providing assurance of the identity of the server, and the ephemeral key guaranteeing that as long as the ephemeral key is not stored, then no one can eavesdrop passively. I believe TLS with ECC Diffie-Hellman uses an approach where the server provides both a static and ephemeral key; not that anyone is using TLS with ECC right now.

They can still perform a man in the middle attack or hack the server, but it requires permanent and direct intervention.

*With Diffie-Hellman, the client usually provides a ephemeral key, but to ensure perfect forward secrecy the server has to provide an ephemeral key as well. A shared secret would be derived using the clients ephemeral key and the server's static key, a second would be derived using the client's ephemeral key and the server's ephemeral key, and then they would be concatenated and hashed to derive the encryption key.

With RSA, either the client or the server can provide an ephemeral key to achieve perfect forward secrecy. TLS actually specifies a way to do key-exchange with ephemeral keys with RSA. In this case, an ephemeral RSA key would be signed with the server's static key, and then the ephemeral key would be used the same way as the static key would when operating in the normal mode. An alternative, which isn't supported by any TLS standard, is to use two keys independently; both public keys would be used to encrypt a shared secret, and the two secrets would be hashed together.
Summum ius, summa iniuria.

User avatar
LaserGuy
Posts: 4581
Joined: Thu Jan 15, 2009 5:33 pm UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby LaserGuy » Wed Sep 11, 2013 7:13 pm UTC

NYT has some more details about how the NSA undermined a world cryptography standard in 2006--the Dual EC DRBG standard--by essentially exclusively writing the random number generator used to make the prime numbers for encryption purposes. The NSA apparently inserted an unspecified "backdoor" into the generator algorithm to allow it to reconstruct the numbers used.

The National Institute of Standards and Technology has apparently reopened public consultations for several new encryption standards based on the same random number generator.

User avatar
Zamfir
I built a novelty castle, the irony was lost on some.
Posts: 7588
Joined: Wed Aug 27, 2008 2:43 pm UTC
Location: Nederland

Re: US and UK intel 'have cracked online banking encryption'

Postby Zamfir » Wed Sep 11, 2013 8:47 pm UTC

The stsndard has 4 options as recommended random number generator. One was apparently suspected as fishy from the start, and people found the possible backdoor in 2007 (Microsoft discovered it). This confirms that it was indeed put in on purpose.


The algorithm is tuned such that all numbers generated come from a specific curve. Apparently, we cannot tell from the constants in the algorithm which curve, but it was shown in 2007 that you could theoretically pick a curve, and derive a set of constants for the algorithm. They did not show that this had happened, just that it was theoretically possible that the constants in the algorithm could have been picked that way.

No one knew where the constants came from, expect that the NSA has told the NIST and ISO that this particular algorithm was very good and should definitely be in the standard and if you do not agree, hey you're no longer on the committee how did that happen? The NIST is now very, very pissed

If the algorithm was tuned in the suspected manner (now basically confirmed), then knowing the specific curve meant that you could figure out the state of the RNG after 32 bytes from it. I don't think you get to see the bits from the RNG directly, but presumably you can loosen a statistical analysis on an encrypted stream.


This standard was used for the handshake part of SSL, when computers talk to each other through an asymmetric key in order to agree on a symmetric encryption for the rest of the exchange. The symmetric encryption itself is presumably unbreakable, but this would allow the NSA to figure out the key from listening in on the handshake.


EDIt: I case you are worried: http://www.qualityfoils.com . They proudly state on their homepage:
We certify the quality of the foil produced at European standards

With a bit of luck, the NSA has not yet put a backdoor in those standards.


EDITEDiT: that's www.qualityfoil.com. My browser just inserted an extra 's' out of the blue, which brings you to a completely different foil company, with no mention of European standards.... Shows how sneaky those backdoors work .

User avatar
Thesh
Made to Fuck Dinosaurs
Posts: 6568
Joined: Tue Jan 12, 2010 1:55 am UTC
Location: Colorado

Re: US and UK intel 'have cracked online banking encryption'

Postby Thesh » Wed Sep 11, 2013 9:09 pm UTC

It makes me wonder again about why SEC/ANSI/NIST chose 521-bit ECC prime curves instead of 512-bit curves. Maybe we should go with ECC Brainpool curves instead of SEC curves (521-bit curves are kind of inconvenient to begin with).
Summum ius, summa iniuria.

User avatar
Zamfir
I built a novelty castle, the irony was lost on some.
Posts: 7588
Joined: Wed Aug 27, 2008 2:43 pm UTC
Location: Nederland

Re: US and UK intel 'have cracked online banking encryption'

Postby Zamfir » Wed Sep 11, 2013 9:20 pm UTC

Print out those extra 9 bits, and read them backwards...

elasto
Posts: 3751
Joined: Mon May 10, 2010 1:53 am UTC

Re: US and UK intel 'have cracked online banking encryption'

Postby elasto » Fri Sep 20, 2013 5:26 pm UTC

RSA have reacted to the NYT piece:

RSA, the internet security firm, has warned customers not to use one of its own encryption algorithms after fears it can be unlocked by the US National Security Agency (NSA).

In an advisory note to its developer customers, RSA said that a default algorithm in one of its toolkits could contain a "back door" that would allow the NSA to decrypt encrypted data.

It "strongly recommends" switching to other random number generators.

RSA is reviewing all its products.

The advice comes in the wake of New York Times allegations that the NSA may have intentionally introduced a flaw into the algorithm - known as Dual Elliptic Curve Deterministic Random Bit Generation - and then tried to get it adopted as a security standard by the US National Institute of Standards and Technology.


Return to “News & Articles”

Who is online

Users browsing this forum: No registered users and 24 guests