can CIA scan communications which is openssl encrypted?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
can CIA scan communications which is openssl encrypted?
One stupid question, can CIA scan and read communications which is openssl encrypted? Or can Chinese great firewall scan and read communications which is openssl encrypted?
If you use a sufficiently strong cipher, it would be prohibitively expensive (if not impossible) for them to do so by cracking the encryption. But if your private keys are stored on network connected computers, they might be able to gain access to those and not have to bother with trying to brute-force the encryption.
putting away the various flaws in the SSL implementations, I think they don't need to scan it in real time: assuming that storage is not a problem (and for some organizations actually isn't) they can record the traffic and unencrypt it taking their time.
what yesterday needed cpu power that seemed a lot at the time today isn't, and will be even more easy in the future.
so, in the long term, brute force cracking on recorded traffic is doable.
that is to say that I personally stopped trusting encryption for very delicate matters.
I know that my point is not going to be the strongest one but I don't think you have to worry about wich kind of aquarium are you selling. Government data collection is not about Chinese aquarium if Chinese don't mean cocaine and aquarium bomb. Come on.
If you look at the history of SSL/TLS, you will find that quite a few flaws have been discovered. This is due to the complexity of the mechanism. I find it quite likely that some government agencies are aware of vulnerabilities that are not publicly known yet. If you need TLS for online purchase etc. then you have no other option for now, you have to use the technology that the server/website wants you to use. But if your concern is sending secure emails/data to people, you really must use PGP/GPG style encryption with a good cipher and high key length.
I know that my point is not going to be the strongest one but I don't think you have to worry about wich kind of aquarium are you selling. Government data collection is not about Chinese aquarium if Chinese don't mean cocaine and aquarium bomb. Come on.
Thanks a lot for everyone's opinions.
To: Selyr
You are right, aquarium business is open and I have nothing to hide. But I do sometimes break the great firewall and do some nasty things like searching via google.com or watching porn movies LOL I am just wondering whether I would be caught at home watching that kind of things.
Thanks to Slackware, at least I learned how to break that wall as a long time linux user, via ssh tunnelling or VPN.
The truth is that some Governments, (and this includes democratically elected ones) have been spoofing our communications without our consent. The secrecy behind this behavior is unjustified and we should be informed about their technical capability. On twitter you can follow #AskSnowden and you can see that even the authors of cryptographic software (such as @ioterror) are asking whether the NSA has the capability to trace whistle blowers and dissidents over the Internet. I am afraid that the Internet has given us a false hope of freedom of speech. Nevertheless using cryptography will make spoofing agents' work much harder. Hopefully, they are not taxing us even further to be able to decrypt it faster.
Forget about brute-force attacks on your keys - rather worry about your knees. If they really really want your data, they will get it ... the easy way ... by making you give it to them. And you will. :-)
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
Fact is any encryption is breakable -- especially if you have a "basement full of Crays" to do it with. Throw enough time, horsepower and same pretty smart mathematicians at the problem and, well, it's breakable. As @H_TeXMeX_H says, elliptic curve encryption (which looks really good on paper) may not be good enough. It sort of breaks down to if a machine did it another machine can undo it (think Bletchley Park and Enigma -- if you're in the UK sometime, it's worth a trip to see, by the way).
It's worth some time to periodically read Bruce Schneier's commentaries (and helpful advice) at http://www.schneier.com/; might also scare the pants off you.
You can encrypt, you've got or can get tools to do it with, but if you're in the naughty trades somebody, somewhere, sometime is going to notice and start paying attention to you -- then all bets are off.
An interesting historical paper: Robert Morris, Ken Thompson Password Security: A Case History (Murray Hill, NJ: Bell Laboratories, 3 April 1978) http://cm.bell-labs.com/cm/cs/who/dmr/passwd.ps.
Forget about brute-force attacks on your keys - rather worry about your knees. If they really really want your data, they will get it ... the easy way ... by making you give it to them. And you will. :-)
One stupid question, can CIA scan and read communications which is openssl encrypted?
Yes. But you should be a very very very huge figure as Enemy of State, i.e. something like The Funny Osama, to make them to pay the time and energy of one Cray supercomputer for reading your nice emails.
Quote:
Originally Posted by kite
Or can Chinese great firewall scan and read communications which is openssl encrypted?
Yes. But you should be a very very very huge figure as Enemy of State, i.e. something like The Tibet Spiritual Leader, to make them to pay the time and energy of one Cray-like supercomputer for reading your nice emails.
This isn't a Slack specific question - and ties in with a good number of other similar questions. So I am sending this thread to General with a bag over its head.
And I have forwarded all your questions to the NSA where they assure me that they will read them all and respond to them in person. At 4am.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.