LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   can CIA scan communications which is openssl encrypted? (http://www.linuxquestions.org/questions/general-10/can-cia-scan-communications-which-is-openssl-encrypted-4175466566/)

kite 06-19-2013 12:56 AM

can CIA scan communications which is openssl encrypted?
 
One stupid question, can CIA scan and read communications which is openssl encrypted? Or can Chinese great firewall scan and read communications which is openssl encrypted?

volkerdi 06-19-2013 01:49 AM

If you use a sufficiently strong cipher, it would be prohibitively expensive (if not impossible) for them to do so by cracking the encryption. But if your private keys are stored on network connected computers, they might be able to gain access to those and not have to bother with trying to brute-force the encryption.

ponce 06-19-2013 01:56 AM

putting away the various flaws in the SSL implementations, I think they don't need to scan it in real time: assuming that storage is not a problem (and for some organizations actually isn't) they can record the traffic and unencrypt it taking their time.

what yesterday needed cpu power that seemed a lot at the time today isn't, and will be even more easy in the future.
so, in the long term, brute force cracking on recorded traffic is doable.

that is to say that I personally stopped trusting encryption for very delicate matters.

Celyr 06-19-2013 02:04 AM

I know that my point is not going to be the strongest one but I don't think you have to worry about wich kind of aquarium are you selling. Government data collection is not about Chinese aquarium if Chinese don't mean cocaine and aquarium bomb. Come on.

Ilgar 06-19-2013 02:12 AM

If you look at the history of SSL/TLS, you will find that quite a few flaws have been discovered. This is due to the complexity of the mechanism. I find it quite likely that some government agencies are aware of vulnerabilities that are not publicly known yet. If you need TLS for online purchase etc. then you have no other option for now, you have to use the technology that the server/website wants you to use. But if your concern is sending secure emails/data to people, you really must use PGP/GPG style encryption with a good cipher and high key length.

kite 06-19-2013 03:01 AM

Quote:

Originally Posted by Celyr (Post 4974600)
I know that my point is not going to be the strongest one but I don't think you have to worry about wich kind of aquarium are you selling. Government data collection is not about Chinese aquarium if Chinese don't mean cocaine and aquarium bomb. Come on.

Thanks a lot for everyone's opinions.

To: Selyr
You are right, aquarium business is open and I have nothing to hide. But I do sometimes break the great firewall and do some nasty things like searching via google.com or watching porn movies LOL :) I am just wondering whether I would be caught at home watching that kind of things.

Thanks to Slackware, at least I learned how to break that wall as a long time linux user, via ssh tunnelling or VPN.

ChrisAbela 06-19-2013 04:17 AM

This is a pertinent question.

The truth is that some Governments, (and this includes democratically elected ones) have been spoofing our communications without our consent. The secrecy behind this behavior is unjustified and we should be informed about their technical capability. On twitter you can follow #AskSnowden and you can see that even the authors of cryptographic software (such as @ioterror) are asking whether the NSA has the capability to trace whistle blowers and dissidents over the Internet. I am afraid that the Internet has given us a false hope of freedom of speech. Nevertheless using cryptography will make spoofing agents' work much harder. Hopefully, they are not taxing us even further to be able to decrypt it faster.

H_TeXMeX_H 06-19-2013 07:55 AM

I recommend against using the elliptic curve encryption:
http://cyberwarzone.com/did-nsa-put-...ption-standard

I don't think it is part of regular openssl, but it is in the FIPS add-on.

Mark Pettit 06-19-2013 08:12 AM

Forget about brute-force attacks on your keys - rather worry about your knees. If they really really want your data, they will get it ... the easy way ... by making you give it to them. And you will. :-)

tronayne 06-19-2013 09:14 AM

Fact is any encryption is breakable -- especially if you have a "basement full of Crays" to do it with. Throw enough time, horsepower and same pretty smart mathematicians at the problem and, well, it's breakable. As @H_TeXMeX_H says, elliptic curve encryption (which looks really good on paper) may not be good enough. It sort of breaks down to if a machine did it another machine can undo it (think Bletchley Park and Enigma -- if you're in the UK sometime, it's worth a trip to see, by the way).

It's worth some time to periodically read Bruce Schneier's commentaries (and helpful advice) at http://www.schneier.com/; might also scare the pants off you.

You can encrypt, you've got or can get tools to do it with, but if you're in the naughty trades somebody, somewhere, sometime is going to notice and start paying attention to you -- then all bets are off.

An interesting historical paper: Robert Morris, Ken Thompson Password Security: A Case History (Murray Hill, NJ: Bell Laboratories, 3 April 1978) http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps.

Hope this helps some.

BrZ 06-19-2013 11:57 AM

Quote:

Originally Posted by Mark Pettit (Post 4974744)
Forget about brute-force attacks on your keys - rather worry about your knees. If they really really want your data, they will get it ... the easy way ... by making you give it to them. And you will. :-)

https://xkcd.com/538/ :D

dugan 06-19-2013 12:29 PM

It is very unlikely that they'll brute-force the encryption instead of say, installing remote-access malware on your computer.

Darth Vader 06-19-2013 02:29 PM

Quote:

Originally Posted by kite (Post 4974568)
One stupid question, can CIA scan and read communications which is openssl encrypted?

Yes. But you should be a very very very huge figure as Enemy of State, i.e. something like The Funny Osama, to make them to pay the time and energy of one Cray supercomputer for reading your nice emails.

Quote:

Originally Posted by kite (Post 4974568)
Or can Chinese great firewall scan and read communications which is openssl encrypted?

Yes. But you should be a very very very huge figure as Enemy of State, i.e. something like The Tibet Spiritual Leader, to make them to pay the time and energy of one Cray-like supercomputer for reading your nice emails.

ReaperX7 06-19-2013 02:53 PM

Kite, you may also want to look into GnuTLS also.

XavierP 06-19-2013 03:00 PM

This isn't a Slack specific question - and ties in with a good number of other similar questions. So I am sending this thread to General with a bag over its head.

And I have forwarded all your questions to the NSA where they assure me that they will read them all and respond to them in person. At 4am.


All times are GMT -5. The time now is 02:17 AM.