GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
"The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'"
So, basically, what they have:
1) Supercomputers designed specifically for breaking encryption.
2) Backdoors into company computers and company products.
3) Backdoors or at least weaknesses introduced into cryptography schemes, to make them more or completely crackable at least by them.
4) Rootkits that can read data before it is encrypted / after it is decrypted.
5) Collaboration with major internet companies (you probably already know them).
6) The ability to obtain (legally and otherwise) master encryption keys if companies are unwilling to cooperate.
7) Influence the development of hardware designed for encryption by adding a backdoor or weakness.
8) Its most intense efforts are focused on SSL, VPN, and 4G.
And there are these notes:
Quote:
A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
...
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
...
Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."
Having said that, it's pretty clear that they see all, they know all. Now, this is their job, but you wonder if all these techniques cannot backfire. The articles also mention this. I mean why can't other people use the backdoors ? Just because they might not know about them ? I would say a full investigation may be a good idea, as their methods may not be 100% towards "national security" as they claim.
Actually without a warrant it is illegal when it comes to citizens of the US. The 4th Amendment states,
[QUOTE]"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."[/CODE]
So for them to collect data like that is illegal. They are criminals plain and simple. The only way it can backfire is if the American people actually took the Constitution (the law) seriously and demanded justice.
The Constitution is the law of the land. They only way to change it is to Ammend it. The Patriot Act as a whole is illegal because it violates the Constitution. There are checks and balances formed when the country was formed. In the Constitution, there is a check for a tyrannical government. In no way did the founders of this country ever intend for us to live under a tyrannical government.
Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.
Quote:
But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.
So I guess https, SSL, gpg and ssh tunneling is useless in today's world...
It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.
So I guess https, SSL, gpg and ssh tunneling is useless in today's world...
It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.
I wouldn't say useless, but certainly not safe from the NSA.
Quote:
Originally Posted by tangle
Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.
Yeah, he too would be in Guantanamo if here were alive today.
I think the "totally anonymous and safe" part might be a stretch. Internet traffic is only one of the communications channels that the NSA is (supposed to be) monitoring.
Also, I don't know what "terrorists" this is meant to catch, because Bin Laden was communicating exclusively via hand-couriered letters.
"In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
As for encryption algorithms that have been compromised, you need to look at each one.
Personally, I would look for ones that have not been compromised, but that have been thoroughly used and analyzed. And, of course, not developed with the "help" of the NSA. I currently recommend twofish, but that's not to say that the NSA can't crack it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.