GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
"The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'"
So, basically, what they have:
1) Supercomputers designed specifically for breaking encryption.
2) Backdoors into company computers and company products.
3) Backdoors or at least weaknesses introduced into cryptography schemes, to make them more or completely crackable at least by them.
4) Rootkits that can read data before it is encrypted / after it is decrypted.
5) Collaboration with major internet companies (you probably already know them).
6) The ability to obtain (legally and otherwise) master encryption keys if companies are unwilling to cooperate.
7) Influence the development of hardware designed for encryption by adding a backdoor or weakness.
8) Its most intense efforts are focused on SSL, VPN, and 4G.
And there are these notes:
A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."
Having said that, it's pretty clear that they see all, they know all. Now, this is their job, but you wonder if all these techniques cannot backfire. The articles also mention this. I mean why can't other people use the backdoors ? Just because they might not know about them ? I would say a full investigation may be a good idea, as their methods may not be 100% towards "national security" as they claim.
Actually without a warrant it is illegal when it comes to citizens of the US. The 4th Amendment states,
[QUOTE]"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."[/CODE]
So for them to collect data like that is illegal. They are criminals plain and simple. The only way it can backfire is if the American people actually took the Constitution (the law) seriously and demanded justice.
The Constitution is the law of the land. They only way to change it is to Ammend it. The Patriot Act as a whole is illegal because it violates the Constitution. There are checks and balances formed when the country was formed. In the Constitution, there is a check for a tyrannical government. In no way did the founders of this country ever intend for us to live under a tyrannical government.
Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.
But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.
"In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
As for encryption algorithms that have been compromised, you need to look at each one.
Personally, I would look for ones that have not been compromised, but that have been thoroughly used and analyzed. And, of course, not developed with the "help" of the NSA. I currently recommend twofish, but that's not to say that the NSA can't crack it.