LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
LinkBack Search this Thread
Old 06-19-2013, 12:56 AM   #1
kite
Member
 
Registered: Aug 2003
Location: Shenzhen, China
Distribution: Slackware
Posts: 296

Rep: Reputation: 47
can CIA scan communications which is openssl encrypted?


One stupid question, can CIA scan and read communications which is openssl encrypted? Or can Chinese great firewall scan and read communications which is openssl encrypted?
 
Old 06-19-2013, 01:49 AM   #2
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 836

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
If you use a sufficiently strong cipher, it would be prohibitively expensive (if not impossible) for them to do so by cracking the encryption. But if your private keys are stored on network connected computers, they might be able to gain access to those and not have to bother with trying to brute-force the encryption.
 
Old 06-19-2013, 01:56 AM   #3
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,314

Rep: Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816
putting away the various flaws in the SSL implementations, I think they don't need to scan it in real time: assuming that storage is not a problem (and for some organizations actually isn't) they can record the traffic and unencrypt it taking their time.

what yesterday needed cpu power that seemed a lot at the time today isn't, and will be even more easy in the future.
so, in the long term, brute force cracking on recorded traffic is doable.

that is to say that I personally stopped trusting encryption for very delicate matters.

Last edited by ponce; 06-19-2013 at 02:03 AM.
 
Old 06-19-2013, 02:04 AM   #4
Celyr
Member
 
Registered: Mar 2012
Location: Italy
Distribution: Slackware+Debian
Posts: 314

Rep: Reputation: 77
I know that my point is not going to be the strongest one but I don't think you have to worry about wich kind of aquarium are you selling. Government data collection is not about Chinese aquarium if Chinese don't mean cocaine and aquarium bomb. Come on.
 
Old 06-19-2013, 02:12 AM   #5
Ilgar
Member
 
Registered: Jan 2005
Location: Istanbul, Turkey
Distribution: Slackware 14.1, Slackware64 14.1
Posts: 916

Rep: Reputation: 87
If you look at the history of SSL/TLS, you will find that quite a few flaws have been discovered. This is due to the complexity of the mechanism. I find it quite likely that some government agencies are aware of vulnerabilities that are not publicly known yet. If you need TLS for online purchase etc. then you have no other option for now, you have to use the technology that the server/website wants you to use. But if your concern is sending secure emails/data to people, you really must use PGP/GPG style encryption with a good cipher and high key length.
 
Old 06-19-2013, 03:01 AM   #6
kite
Member
 
Registered: Aug 2003
Location: Shenzhen, China
Distribution: Slackware
Posts: 296

Original Poster
Rep: Reputation: 47
Quote:
Originally Posted by Celyr View Post
I know that my point is not going to be the strongest one but I don't think you have to worry about wich kind of aquarium are you selling. Government data collection is not about Chinese aquarium if Chinese don't mean cocaine and aquarium bomb. Come on.
Thanks a lot for everyone's opinions.

To: Selyr
You are right, aquarium business is open and I have nothing to hide. But I do sometimes break the great firewall and do some nasty things like searching via google.com or watching porn movies LOL I am just wondering whether I would be caught at home watching that kind of things.

Thanks to Slackware, at least I learned how to break that wall as a long time linux user, via ssh tunnelling or VPN.
 
Old 06-19-2013, 04:17 AM   #7
ChrisAbela
Member
 
Registered: Mar 2008
Location: Malta
Distribution: Slackware 14.1
Posts: 467

Rep: Reputation: 87
This is a pertinent question.

The truth is that some Governments, (and this includes democratically elected ones) have been spoofing our communications without our consent. The secrecy behind this behavior is unjustified and we should be informed about their technical capability. On twitter you can follow #AskSnowden and you can see that even the authors of cryptographic software (such as @ioterror) are asking whether the NSA has the capability to trace whistle blowers and dissidents over the Internet. I am afraid that the Internet has given us a false hope of freedom of speech. Nevertheless using cryptography will make spoofing agents' work much harder. Hopefully, they are not taxing us even further to be able to decrypt it faster.
 
Old 06-19-2013, 07:55 AM   #8
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266
I recommend against using the elliptic curve encryption:
http://cyberwarzone.com/did-nsa-put-...ption-standard

I don't think it is part of regular openssl, but it is in the FIPS add-on.
 
Old 06-19-2013, 08:12 AM   #9
Mark Pettit
Member
 
Registered: Dec 2008
Location: Cape Town, South Africa
Distribution: Slackware 14.1 64 Multi-Lib
Posts: 393

Rep: Reputation: 116Reputation: 116
Forget about brute-force attacks on your keys - rather worry about your knees. If they really really want your data, they will get it ... the easy way ... by making you give it to them. And you will. :-)
 
Old 06-19-2013, 09:14 AM   #10
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 2,863

Rep: Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698
Fact is any encryption is breakable -- especially if you have a "basement full of Crays" to do it with. Throw enough time, horsepower and same pretty smart mathematicians at the problem and, well, it's breakable. As @H_TeXMeX_H says, elliptic curve encryption (which looks really good on paper) may not be good enough. It sort of breaks down to if a machine did it another machine can undo it (think Bletchley Park and Enigma -- if you're in the UK sometime, it's worth a trip to see, by the way).

It's worth some time to periodically read Bruce Schneier's commentaries (and helpful advice) at http://www.schneier.com/; might also scare the pants off you.

You can encrypt, you've got or can get tools to do it with, but if you're in the naughty trades somebody, somewhere, sometime is going to notice and start paying attention to you -- then all bets are off.

An interesting historical paper: Robert Morris, Ken Thompson Password Security: A Case History (Murray Hill, NJ: Bell Laboratories, 3 April 1978) http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps.

Hope this helps some.
 
Old 06-19-2013, 11:57 AM   #11
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 485

Rep: Reputation: 79
Quote:
Originally Posted by Mark Pettit View Post
Forget about brute-force attacks on your keys - rather worry about your knees. If they really really want your data, they will get it ... the easy way ... by making you give it to them. And you will. :-)
https://xkcd.com/538/
 
Old 06-19-2013, 12:29 PM   #12
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,238

Rep: Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299
It is very unlikely that they'll brute-force the encryption instead of say, installing remote-access malware on your computer.
 
Old 06-19-2013, 02:29 PM   #13
Darth Vader
Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 553

Rep: Reputation: 103Reputation: 103
Quote:
Originally Posted by kite View Post
One stupid question, can CIA scan and read communications which is openssl encrypted?
Yes. But you should be a very very very huge figure as Enemy of State, i.e. something like The Funny Osama, to make them to pay the time and energy of one Cray supercomputer for reading your nice emails.

Quote:
Originally Posted by kite View Post
Or can Chinese great firewall scan and read communications which is openssl encrypted?
Yes. But you should be a very very very huge figure as Enemy of State, i.e. something like The Tibet Spiritual Leader, to make them to pay the time and energy of one Cray-like supercomputer for reading your nice emails.
 
Old 06-19-2013, 02:53 PM   #14
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,401
Blog Entries: 14

Rep: Reputation: 584Reputation: 584Reputation: 584Reputation: 584Reputation: 584Reputation: 584
Kite, you may also want to look into GnuTLS also.
 
Old 06-19-2013, 03:00 PM   #15
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,165
Blog Entries: 4

Rep: Reputation: 426Reputation: 426Reputation: 426Reputation: 426Reputation: 426
This isn't a Slack specific question - and ties in with a good number of other similar questions. So I am sending this thread to General with a bag over its head.

And I have forwarded all your questions to the NSA where they assure me that they will read them all and respond to them in person. At 4am.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Small doubt for using wget cia SSH!!! rockf1bull Red Hat 2 10-11-2011 12:06 AM
New CIA Task force---WTF jschiwal General 11 12-27-2010 02:44 PM
LXer: CIA gets open source for enterprise search LXer Syndicated Linux News 0 06-19-2009 10:30 AM
nessus scan - openssl vulnerability neocontrol Linux - Security 1 02-25-2007 03:25 PM
how to secure data on HDD Vs FBI, CIA MI5 PeterOnTheNet Slackware 5 03-07-2005 09:13 PM


All times are GMT -5. The time now is 11:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration