Well, I guess he answered his own question

This seems relavant to this discussion.
http://www.theregister.co.uk/2013/09...tion_standard/
I'd suppose if they had access to a "backdoor" you wouldn't necessarily have a need to weaken it.
Also, The fact that Serpent has a higher security margin than Rijndael, (from what little I understand), Would seem to support the statement the standard was weakened in favor of a faster and easier way for implementation.

Last time I tried encryption was with TruCrypt using Serpent and whirlpool for the hash funtion.

Maybe it's time to start playing/familiarizing myself with it again.

NIST is a front for government propagada. They lost all crediility when they delivered their WTC7 "report"
http://www.youtube.com/watch?v=FPTuAcZV_2s

It was actually FEMA that broke the lie wide open by devoting an entire appendix to unusual melting of steel in building 7
http://www.youtube.com/watch?v=VvQDFV1HINw

Nothing is 100% safe anymore..here is english article about FBI cracking Tor.
http://www.crikey.com.au/2013/08/13/...cret-internet/

Nothing has ever been safe.

Freenet was a good alternative, but it is java-based. I don't trust java at all. It does work with openjdk tho.

Anonymity is totally pointless and useless against the NSA today. However, I still do encrypt my files but everything is done locally.

Tor has always been vulnerable to good ol' traffic analysis. If you have the means to sample merely the payload size of the traffic that is being bounced from one node to the next, you can trace the payload back to its source even if you cannot in real time decrypt the messages. You don't have to peel-the-onion if you just want to figure out where a message is ultimately going. (You make guesses ... then you examine what's coming-out of whatever nodes you know the message-of-interest might have gone to, to either substantiate or deny your guesses.)

(Emphasis mine. Furthermore, this paper is just "Low-Cost" Traffic Analysis of Tor. If money were no object . . . )

You also have the perfect "crib" to an upstream message if you are correct in your guess about the identity of the downstream one. In fact, you can snag a "crib" about every layer of the onion, if you have the capability of performing all-inclusive traffic monitoring, such that you captured the (probable) output of every (probable) bounce. NSA has that capability: the core of the Internet, after all, is a government network.

Personally, I have zero sympathy for those who seek to use the Internet to cover themselves in the committing of a felony. I think such people deserve, not just "to get what's coming to them," but to be drawn-and-quartered.

My personal concern about NSA is not so much that "they crack encrypted messages." (That's part of their mission.) My concern is that they are operating wastefully, to the enrichment of private contractors, and outside of the law ... and that no one seems to be able to test whether this or isn't so. (Hence, we must wisely presume that it is. Therefore, "Houston, we have a problem.")

The profound secrecy surrounding this agency creates the penultimate "the cat's away" situation, and the mice have an unlimited secret budget. Which gives us: extremely fat mice, and not-necessarily better "national security." If there is no real oversight, good public decisions will not be made, and bureaucrat-types (yeah, they're in black-ops too) will make self-serving assessments. This is just human nature. If people can lie to Congress, even while keeping most of its Members totally in the dark, the Public's interests cannot be served ... yet "serving the Public's interests" also is "the Mission."

Given the profound importance of this Agency's mission, these issues are a very big matter of legitimate Public concern. We are spending #CLASSIFIED# on this. Are we getting what we paid for? How can we be sure?

If the NSA is collecting private data that belongs to US citizens without a warrant. They are breaking the law.

1. Guilt requires proof.
2. It's not whether you do it, it's whether you get caught.
3. Laws are like spider webs, they catch the small, the big just break on through to the other side.

This thread really rocks. I say encrypt everything, not to hide anything but to make them work for it. I'm pretty sure they can be swamped by too much data.

So are you saying that the NSA had the right to collect the data without a warrant?

If no one is actively watching the NSA('s contractors with their #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# budgets, and lying to the US Congress about it all, then ... No. "Warrants? We don't need no stinkin' warrants. And, just because you dared to ask, you go to jail Forever." (Very convenient, huh?)

The Due Process Of Law™ is ... "an unnecessary expense," when your real purpose is to sell the US Government another #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# hard-disk drives to go along with their #CLASSIFIED# #WAY-BEYOND-TOP-SECRET# coffee makers.

That's the risk.

On the one hand, we like to think that "The National Security Agency" is an "Agency" with a "Holy Mission."

But ... we also have to consider $$ Human $$ Nature $$.

There are plenty of companies out there whose sole purpose it is to $$contract$$ $$with$$ this faceless entity which, they know all too well, has the capability to spend bottomless amounts of Money and to do it all in Secret. (These companies also know, of course, that "Congress $$ Can $$ Be $$ Bought," and even that the Supreme Court has said that it's not "Bribery.") (Gee, wonder why they saw fit to say that?)

That's the risk. Human Nature.

"The United States Constitution?" Inconvenient. "$$$$$!!!" "Supreme Law of the Land?" Aww, c'mon, I know how to fix THAT! "$$$$$!!!" Forget "who wants to be a millionaire!" We're talking bil- or even tril- here... and $$ no one $$ will $$ ever $$ know!! $$ "Take thine ease, oh my soul!" <<belch!>>

That's the risk. Human. Nature. Some things have not changed since the days of ancient Babylon.

Linus Torvalds at Linuxcon:
http://www.eweek.com/developer/linus...-linuxcon.html
He was asked whether he was asked to insert a backdoor into the kernel.

Personally I have been wondering about the Linux hacking incident that happened a while back, and very few details were ever release about what happened...

Are you surprised? Even basic police structures do this whole time behind your and mine back. Afterall the 'excuse of security' argument never gets old or rusty. If someone will ask why they did it they will just say they did it for safety reasons which is purpose of such organisations in first place and they won't face any charges with this anyway.
Had to quote this so it won't go away later. Brilliant post. Money really makes world events go 'round..some things really never change. Have a look at this for example how they spend our money:
http://teaparty.yepperee.com/2010/02...-to-plague-us/

No, I'm not saying it's right. I'm saying when you live in a twisted Orwellian universe you must not rely on Cartesian concepts like right and wrong. If the NSA breaks the law, what are you going to do about it? Call the Police or write your Congressman? Better to complain to your bank that you doubt their ability to protect your financial security and get them to fight the battle. After all, you fight fire with fire, fight government with big business.