GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Considering the resources intelligence agencies have available, they can probably crack anything anybody comes up with.
Except for the one-time pad. You can also find a link to Claude Shannon's article where he proves that the one-time pad can not only provide perfect secrecy IF implemented properly, but also that any perfectly secret encryption requires one independently random key for every symbol in the message. The one-time pad has been used during the Cold War, and the great majority of the messages sent have never been or will ever be cracked. The ones that were cracked were because the implementation rules were not followed, and thus the pads were two or three or more-time pads, rather than one-time pads.
Note that this type of encryption is only practical to use when sending an important message, not for storing data locally, like block cyphers of today. Imagine having to store a key as large as the HDD you were trying to encrypt. That would be quite useless, as you could simply lock the HDD inside a vault instead.
The Constitution is the law of the land. They only way to change it is to Ammend it. The Patriot Act as a whole is illegal because it violates the Constitution. There are checks and balances formed when the country was formed. In the Constitution, there is a check for a tyrannical government. In no way did the founders of this country ever intend for us to live under a tyrannical government.
Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.
They have all the guns and all the encryption and the election process is tightly controlled to avoid giving alternatives to the current power structure. Just shut up and go along, its easier, and if going along causes problems for you, im sure some govt agency can find an appropriate drug and dosage.
They have all the guns and all the encryption and the election process is tightly controlled to avoid giving alternatives to the current power structure. Just shut up and go along, its easier, and if going along causes problems for you, im sure some govt agency can find an appropriate drug and dosage.
Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?
-- Patrick Henry March 23, 1775
"The Constitution of the United States" doesn't mean a damn thing unless the people of the country constantly force it to have meaning. Plenty of banana republics have very nice Constitutions.
Never expect real people to have "terribly high" motivations when Simple Greed will get the job done. There is a tremendous (and secret) amount of m-o-n-e-y to be made by, for example, "convincing a government that it must Spy on Everyone and Everything." (Just imagine how many billions of disk-drives that this is selling right now, so that top men might get to look-at the information some day ... or, for that matter, even if they never get around to it.)
So far, 95% of the US Congress isn't even "allowed" to know what they're voting for: they don't have "security clearances." But, amid all that very contented grunting and slobbering, I don't notice any of the pigs complaining about that. Nor will they ever ... why on earth should they? "They've got theirs. You can just Eat Cake."
The real lesson of the Parable of the Prodigal Son is that people tend to drive themselves downward until there is simply nowhere else farther down to go, before they first start to think (if they ever do) about what it is that caused them to wind up in a sty, alone and friendless. Entire societies can have the same ailment.
Last edited by sundialsvcs; 09-09-2013 at 08:32 AM.
So I guess https, SSL, gpg and ssh tunneling is useless in today's world...
It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.
SSL as always had issues, you don't need to attack the cypher itself, you can hit it with side channel attacks, such as BREACH which attacks the https servers compression algorithm, because of the way it compresses the requests one can inject clear text into the header and then solve for parts of the session key (if your really good at it, you can get the whole session key in 30 secs).
OpenPGP, will never be cracked in a very long time, (they have not yet been able to factor 1024bit keys, assuming they can and have, 2048 is miles away from being cracked..) What you are trying to achieve when cracking RSA encryption is solving n to solve n you need the prime number... if you can factor the prime number (the whole length of the key) then it is possible to solve for n which mean they could break it. the problem is (even with quantum computers) this won't be crackable in some time. Everyone seems keen on quantum computers, but have no idea how they work or why... a quantum computer will not solve RSA in our life times, if you try to crack a 4096bit key assuming you could build a quantum computer large enough (4 trillion quid bits) that are in full swing for about 90 years, then yes you could crack 4096Bit encryption (assuming there are no huge leaps in this field that is) and by 90 years from now we wouldn't be using 4096bit keys anymore anyways.
Also quantum computers do not solve problems any faster then a regular computer, because they can see whole sets of data and does not operate serially (like modern pcs do) doesn't magically give them the ability to solve problems any faster. You here people mention quantum and computer in the same sentence and it's like it's a magic box or something that can do anything.
So SSH/PGP/RSA unless you are using 1024bit keys are still safe, and even then there is no evidence that 1024bit keys have even been broken yet.
Last edited by /dev/random; 09-09-2013 at 11:49 AM.
Remember that the NSA has computers designed specifically to do there kinds of operations very quickly.
The NSA will surely be able to break an encryption BEFORE there is any evidence that anyone can do so. I'm not saying RSA can be broken, but you shouldn't assume that it can't be.
a quantum computer will not solve RSA in our life times,
A quantum computer should be able to solve factoring (and hence RSA) quite quickly, however, it might turn out to be like cold fusion: always 20 years away...
Quote:
if you try to crack a 4096bit key assuming you could build a quantum computer large enough (4 trillion quid bits)
I'm pretty sure only 4096 qbits would be required.
Quote:
Also quantum computers do not solve problems any faster then a regular computer, because they can see whole sets of data and does not operate serially (like modern pcs do) doesn't magically give them the ability to solve problems any faster. You here people mention quantum and computer in the same sentence and it's like it's a magic box or something that can do anything.
Quantum computers can't magically solve everything faster, but factoring is one of the things they can solve faster given our current knowledge. It is also possible that factoring can be solved quickly on a classical computer if some mathematical advance is discovered.
Quote:
So SSH/PGP/RSA unless you are using 1024bit keys are still safe, and even then there is no evidence that 1024bit keys have even been broken yet.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by sundialsvcs
"The Constitution of the United States" doesn't mean a damn thing unless the people of the country constantly force it to have meaning. Plenty of banana republics have very nice Constitutions.
Never expect real people to have "terribly high" motivations when Simple Greed will get the job done. There is a tremendous (and secret) amount of m-o-n-e-y to be made by, for example, "convincing a government that it must Spy on Everyone and Everything." (Just imagine how many billions of disk-drives that this is selling right now, so that top men might get to look-at the information some day ... or, for that matter, even if they never get around to it.)
So far, 95% of the US Congress isn't even "allowed" to know what they're voting for: they don't have "security clearances." But, amid all that very contented grunting and slobbering, I don't notice any of the pigs complaining about that. Nor will they ever ... why on earth should they? "They've got theirs. You can just Eat Cake."
The real lesson of the Parable of the Prodigal Son is that people tend to drive themselves downward until there is simply nowhere else farther down to go, before they first start to think (if they ever do) about what it is that caused them to wind up in a sty, alone and friendless. Entire societies can have the same ailment.
"In the wake of Bruce Schneier's statements that he no longer trusts the constants selected for elliptic curve cryptography, people have started trying to reproduce the process that led to those constants being selected ... and found it cannot be done. As background, the most basic standard elliptic curves used for digital signatures and other cryptography are called the SEC random curves (SEC is 'Standards for Efficient Cryptography'), a good example being secp256r1. The random numbers in these curve parameters were supposed to be selected via a "verifiably random" process (output of SHA1 on some seed), which is a reasonable way to obtain a nothing up my sleeve number if the input to the hash function is trustworthy, like a small counter or the digits of PI. Unfortunately it turns out the actual inputs used were opaque 256 bit numbers, chosen ad-hoc with no justifications provided. Worse, the curve parameters for SEC were generated by head of elliptic curve research at the NSA — opening the possibility that they were found via a brute force search for a publicly unknown class of weak curves. Although no attack against the selected values are currently known, it's common practice to never use unexplainable magic numbers in cryptography standards, especially when those numbers are being chosen by intelligence agencies. Now that the world received strong confirmation that the much more obscure and less widely used standard Dual_EC_DRBG was in fact an NSA undercover operation, NIST re-opened the confirmed-bad standards for public comment. Unless NIST/the NSA can explain why the random curve seed values are trustworthy, it might be time to re-evaluate all NIST based elliptic curve crypto in general."
Another reason for my recommendation that you look up the encryption on the net, on wiki. Search the page for "NSA", if the search comes up positive, choose another encryption.
Another reason to use twofish is because Bruce Schneier, Niels Ferguson, and others designed it, and at least these two seem more trustworthy.
EDIT: My other concern is hash algorithms, because there aren't that many that weren't designed by the NSA (like the SHA). I'm currently using whirlpool because it is supported in the kernel, but would rather use something like: https://blake2.net/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
