Fear mongering... NSA can "break" internet securities?
I nearly died laughing when I read through this article.
One of my news apps shows me the headlines and I immediately think "someone being able to easily break common internet encryptions is huge". I'm thinking they have either discovered a security flaw in common 128/256 bit encryption algorithms. And that would be huge. The basic premise of these encryption algorithms is simple; Without access to both the public and private keys (as well as the correct algorithm) you could try brute force guessing the algorithm and private key, but it wouldn't help you. The reasoning being that these algorithms and their key pairs provide so much entropy to the encrypted message that virtually any message could be decoded into virtually any other message. In other words, you could decrypt an encrypted file with a random key, get back perfectly readable English, including grammar and punctuation and still have not gotten back the original message.
Even worse. You may get back the original message, but using the wrong key. This would be a false positive because, it being the wrong key, it won't necessarily decode any other messages correctly back to the original.
So, you can understand what a huge thing it would be if the NSA had the ability to easily crack these encryption methods. And you can also see how incredibly unlikely it is that this is true barring some flaw in the encryption strategy that would make the above statements incorrect under certain conditions. Based on the title of the article, this was my first impression of what must have happened.
Then it goes on to say that they accomplish this by placing backdoors into firmware (well they say hardware, but that is likely just nonsense) and software. Well guess what? That isn't breaking the encryption. That is BYPASSING the encryption. This may not seem like a big difference, but it is the biggest difference.
This is would be the difference between watching someone writing and encoded message vs. actually figuring out how to decrypt it yourself. By only intercepting that message, all you know is the contents of that message. By knowing how to break the encryption you have the ability to decrypt ANY message encrypted in the same fashion.
IF the NSA were able to easily decrypt your encoded messages, then you can bet that others are not far behind them. But, if they are only able to accomplish this via back door hacks, then we are really talking about something entirely different.
You wouldn't expect your passwords to be protected against someone looking over shoulder just because you typed it into an SSL encrypted site. And this is really just the digital version of that. Heck, it isn't much different than having a key logger installed. This is FAR from any advanced technology is what I'm going after. While it is still a big deal if true. It isn't the NSA breaking internet encryption.
One of my news apps shows me the headlines and I immediately think "someone being able to easily break common internet encryptions is huge". I'm thinking they have either discovered a security flaw in common 128/256 bit encryption algorithms. And that would be huge. The basic premise of these encryption algorithms is simple; Without access to both the public and private keys (as well as the correct algorithm) you could try brute force guessing the algorithm and private key, but it wouldn't help you. The reasoning being that these algorithms and their key pairs provide so much entropy to the encrypted message that virtually any message could be decoded into virtually any other message. In other words, you could decrypt an encrypted file with a random key, get back perfectly readable English, including grammar and punctuation and still have not gotten back the original message.
Even worse. You may get back the original message, but using the wrong key. This would be a false positive because, it being the wrong key, it won't necessarily decode any other messages correctly back to the original.
So, you can understand what a huge thing it would be if the NSA had the ability to easily crack these encryption methods. And you can also see how incredibly unlikely it is that this is true barring some flaw in the encryption strategy that would make the above statements incorrect under certain conditions. Based on the title of the article, this was my first impression of what must have happened.
Then it goes on to say that they accomplish this by placing backdoors into firmware (well they say hardware, but that is likely just nonsense) and software. Well guess what? That isn't breaking the encryption. That is BYPASSING the encryption. This may not seem like a big difference, but it is the biggest difference.
This is would be the difference between watching someone writing and encoded message vs. actually figuring out how to decrypt it yourself. By only intercepting that message, all you know is the contents of that message. By knowing how to break the encryption you have the ability to decrypt ANY message encrypted in the same fashion.
IF the NSA were able to easily decrypt your encoded messages, then you can bet that others are not far behind them. But, if they are only able to accomplish this via back door hacks, then we are really talking about something entirely different.
You wouldn't expect your passwords to be protected against someone looking over shoulder just because you typed it into an SSL encrypted site. And this is really just the digital version of that. Heck, it isn't much different than having a key logger installed. This is FAR from any advanced technology is what I'm going after. While it is still a big deal if true. It isn't the NSA breaking internet encryption.
Comments
Post a Comment