Google PR Blitz
Google is rushing to complete a project to encrypt the links between their server farms with a TLS 128-bit AES system, obviously to counteract the impression that they are handing client data to NSA. Of course, if they receive an order from the FISA court, they will hand over their client data to NSA, so this is more about PR than reality.
It is a good and necessary thing that they are doing, and something they, and every other Cloud seller should have done before to protect their systems from non-government intruders, but this is transit encryption, and users should be encrypting their own data, using their own systems.
Bruce Schneier has a couple of posts up on what we now know about NSA activities and some basic things you can do to protect your data.
The best current solution is to use Open Source software, things like GPG [Gnu Privacy Guard], based on Open PGP, is a good place to start. There is no corporation that can be strong-armed into providing a NSA backdoor, and a lot of paranoid people looking at the source code to make sure one doesn’t ‘magically’ appear.
Bear in mind – there is no unbreakable code. When I was in codes were graded on estimates of how long it would take to break them, e.g. there were 1-day, 1-week, 1-month, and 1-year codes. Given the advances in computers and algorithms I would assume that my 1-month codes are now 1-day codes.
Something like targeting information only needed to be secret for a limited time – I mean, after you drop the bombs it isn’t exactly a secret that the area was a target. The purpose of the encryption was to make the information worthless by the time it was decrypted, because the assumption was that it would be decrypted.
If you are in business you want codes that will hold until the statute of limitations runs out. 😈
9 comments
“users should be encrypting their own data, using their own systems.”
BadTux says that if NSA wants that material, they’ll simply break in physically and insert a sniffer somewhere before the point of encryption, say a keyboard logger, to get what they want. That leads me to rename the NSA “Alexander’s Bag Crime Band” <grin_duck_run />
The FBI has actually done that to defeat PGP, Steve. I saw a court case about that one some time ago, where a Mafioso had encrypted his files with PGP so the FBI broke in and put a key logger to capture the passphrase. Then there’s Edwin Edwards. The FBI installed a pinhole camera over his keyboard in that case to defeat PGP. And these are just a couple of the cases we know about, where it was done legally with a warrant so that the information could be used in court. The NSA isn’t worried about using the information in court so ….
128-bit AES is difficult enough that it would take a few centuries with the fastest computers theoretically possible (basically eons with current computers) to crack the key if the key is random and not accessible in any other way, though personally I’d use 256-bit AES myself (heat death of universe with fastest computers theoretically possible). But generally the key is accessible in other ways. For example, if the AES is being used for SSL/TLSv1.2 stream encryption, the key is encrypted in the stream via RSA public key encryption, likely 2048 bit. RSA is the prime factorization problem and we have no mathematical insight into ways to factor large numbers to their prime factors in a rapid manner, but it is a sparse field so 2048 bit RSA is probably equivalent in strength to 78-bit AES (if such a thing existed) but still would require years with current computers (still-commonly-used 1024 bit RSA is a few months of computation time with current computers). But: As with PGP, it’s not necessarily the case that you’d need to crack the key the hard way. The thing about SSL/TLSv2 is that it was designed based on NSA input and a) has a lot of flaws allowing access to data under certain circumstances (hmm), and b) requires that the private key be available on an easily-subpoena’ed public web server that, 99.9% of the time, is not under your physical control. And thanks to the USA Patriot Act you wouldn’t even know if the ISP paused your virtual machine, mounted the virtual hard drive read-only on another virtual machine, grabbed the key, then unpaused your virtual machine, other than perhaps a few seconds of clock loss. The ISP is legally prohibited from telling you that your key got subpoena’ed.
And of course this is also presuming that key information is not being leaked in other ways. As I noted, there are some flaws in SSL/TLS that are… suggestive. I would never rely on a SSL VPN for security against a TLA. Even against criminals you need to be running the latest TLSv1.2 for reasonable security, with certain options such as compression disabled, and nobody runs that. If you’re looking for an encryption standard that the NSA has neutered and cracked, SSL/TLS is my prime candidate, it has simply seen too many exploits over the years to be trusted.
-Badtux the Encryption Penguin
Badtix. regarding those eons, is anyone seriously thinking about (let alone worried about) possible advances in quantum computers? if you’re allowed to say, of course…
Via Washington Monthly, from NYT:
==========
Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.
“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”
==========
Who knew… we are living in a golden age! 😈
The FBI will do it, Steve, like my Mother said. I’ll know when a neighbor asks me to reimburse for the shells used to chase off a burglar. This is not a safe area to attempt break-ins because of the long response time by deputies. People tend to shoot first and let the deputies decide who the people were afterwards. Those without guns [there are a few] have large dogs, so this isn’t a good area for anything but a trojan attack, and the Slovaks have been good at stopping them.
I do copy and paste from a thumb drive file for passwords, so control-C, control-V isn’t going to be much help to them unless they have a man-in-the-middle exploit going.
No one believes that SSL is secure, and TSL 1.2 is still under scrutiny. The browsers need to catch up and default to it. Certificates really only guarantee that you are at a particular site. What is really needed is an encryption only open source category that defaults to the strongest encryption that the visitor’s browser will support. The category is an opening for FF and Opera, if they go for it.
An obvious weakness for encryption is the random number generator. If that gets compromised, no matter what you do the encryption will be weakened. I know it was a problem in the early days of micros because I was doing something that used a lot of random numbers and I started seeing a pattern in the numbers being output. That didn’t happen on minis or big iron. I wrote my own function to overcome that limitation.
If they want to ‘brute force’ decrypt, they can do it, but not quickly, and not economically. Like an guerrilla conflict, you raise the cost of accomplishing the goal to an unacceptable level.
Bryan, it depends on your definition of a key logger. If I worked for the NSA and had access to the Microsoft OS components signing key — and you have to assume the NSA does — as well as your ISP’s data so that I know your IP address, I could have a driver install on your computer at the next update cycle that claims to be a Microsoft driver, is signed by the Microsoft key, eSET thinks it’s a Microsoft driver, but it actually intercepts the data being cut and paste as well as the actual keystrokes.
Back in CRT days, electron guns were energetic enough that you could reproduce the picture on the screen by intercepting the RF output from a fair distance away. LCD’s are a bit less… energetic… so you’d need something sniffing from far closer. But I can think of ways to do that with a LCD monitor too, it’d just require a black bag job to insert something into the monitor itself.
And… err. Anyhow. I can think of several different ways to get your passphrase if I’m the NSA even with the steps you’ve taken. If I can think of those ways, I’m sure the NSA has, also. But the reality of course is that the NSA isn’t going to dispatch the FBI to blackbag your monitor unless they think you’re a terrorist or spy. And your scheme *probably* stops criminals from sniffing your passphrase. Probably. There are zero-days that even the Slovaks don’t catch until day one…
*sigh* Yes. If security/intel agencies *really* want your data, they can get it. We could easily do it in the 80’s. *shrug*
Here’s the latest roundup:
The Verge:
Most common encryption protocols are useless against NSA surveillance, new leak reveals
Spiegel Online International:
Privacy Scandal: NSA Can Spy on Smart Phone Data
ZDnet:
New claims NSA can access data on iOS, Android, BlackBerry
Privacy can be had. But it requires a lot of knowledge, hard work and willingness to be vigilant and not get lax. So, for most people… it’s not going to happen. *shrug*
I’m working on a security model (that I developed with others within my security company 10 years ago) with my host that if it proves successful, will become their standard model. Security needs to be layered, to overlap, and be dynamic to be a real challenge to anyone who wants your data.
Your first layer of defense is NOT to tell anyone what your security is or even what your OS is! And to make sure you have no identifying tell-tales. Half the battle for any hacker (of any type) is finding out what you use and how you use it. NSA & others used to rely mainly on “Social Engineering” which actually worked (and was a part of my work), but is a lot of work! The white hat hacker, computer security consultant, and writer for Phrack Magazine, Archangel was considered “The Greatest Social Engineer of All Time” (look up Wiki if you want to know more). But the agencies have become lazy, looking for the easy way! *shrug*
I’ll be posting a series of articles when my blog is up.
Kryten, security via obscurity is only barely better than no security at all. With some determined work if your system is on the Internet I can figure out what OS you’re running, what web software you’re running, even in many cases what versions of critical subsystems your OS is running without ever touching your system or logging in to it. The point being that there is no obscurity on the public Internet, so you should plan as if the hackers have complete details of everything about your network. Otherwise you are pawned.
I assume the M$ systems are probably toast, but the Linux stuff is a bit hardier, and I have an ‘air gap’ machine for some of the things I do for clients who never go near the ‘Net. They have the basics on the ‘Net, as any business must these days, but their intranet has no connection to it, it is handled by marketing.
You can locate my ISP, but my IP is dynamic and changes at least twice a day, which can be a major pain if I’m downloading something large and it stalls. They do check for activity before doing it, but it isn’t perfect.
If they are determined to do it, they will. They tapped a comm line on the bottom of the Sea of Okhotsk, so there ‘ain’t no mountain high enough, ain’t no sea deep enough’ to stop them. The best shot is figuring out they have done it.