can CIA scan communications which is openssl encrypted?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd think China would be watching you more closely than the CIA. You don't believe China is building massive supercomputers to make better noodles do you?
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
if i might add. yes, any and i do mean ANY encryption is breakable, but preventing access to data isn't really the end goal of encryption, as that task is essentially impossible
the second fact is that data has a 'shelf life', that is a length of time after which it becomes irrelevant that someone else knows it.
the real point of encryption is to keep data out of the wrong hands long enough for it's 'shelf life' to expire, then it doesn't matter if the encryption is broken or not since the data no longer needs to be kept secret anyways.
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
The article in the links mentions a specific cipher which uses Elliptic Curve Cryptography (ECC). As far as I know, ECC is not unsafe in general (compared to the other main method, RSA). Indeed, ECC may even be more secure in the near future because we already do have quantum computer algorithms (see here) to break RSA, we just don't have the computers yet. Some primitive quantum computers have been constructed but they are more like proof-of-concept laboratory toys. This might of course change in a couple of decades.
I'll believe in quantum computing and quantum anything when I see it.
The problem with elliptic curve cryptography is that, as mentioned in the article, there is a slight bias, and there is a mathematical relationship between the constants employed in the standard such that a backdoor likely exists. Without the backdoor, it would be reasonably secure.
Indeed, ECC may even be more secure in the near future because we already do have quantum computer algorithms (see here) to break RSA
Quantum computers can break ECC as easily as RSA.
Quote:
Originally Posted by H_TeXMeX_H
The problem with elliptic curve cryptography is that, as mentioned in the article, there is a slight bias, and there is a mathematical relationship between the constants employed in the standard such that a backdoor likely exists. Without the backdoor, it would be reasonably secure.
As as I can tell from that article, the problem is specific to the random number generator (which uses a particular elliptic curve), not ECC in general.
Right now, I think that you should assume that "everything" is being watched.
Only now that the public's attention is being confronted with the reality of it, is the public finally beginning to push back and to ask questions that needed to have been asked a decade ago. Sen. Udall recently observed that the most egregious program in question has not yet produced one useful intelligence result, and may never do so, for all the #CLASSIFIED# dollars that have been so-far spent on it. "A prudent use of public money?" I think not.
I still remember the hell the feds put Zimmerman through, which happened to be right after the failed 1993 bombing of the World Trade Center. He had projects like PGPhone in the works at the time too, as I recall He got paid off like Assange and his legal problems went away.
To answer the original question: given enough time and computing power, nothing is uncrackable.
Actually, a one-time pad, implemented and used correctly with true random data in uncrackable.
However, it can only be implemented correctly outside of a computer, i.e. a sketch pad with metal back plate and some dice. The cypher text can then be sent using any means at your disposal, including internet. The only problems left are keeping the pad secret and safe, and transmitting the data without arousing suspicion. Both can be solved with some cleverness.
We Chinese admire you so much for your democracy and freedom. We are suffering a lot from evil liar bureaucracy. But now it seems that American people are not a exception now (as least in some aspects). Politicians = Liars!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.