NSA broke or close to breaking AES?

Discussion in 'privacy technology' started by TheRussian, Jun 13, 2013.

Thread Status:
Not open for further replies.
  1. TheRussian

    TheRussian Registered Member

    Joined:
    Apr 19, 2013
    Posts:
    21
    Here is very interesting lengthy article
    http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/5/

    At the end they say that they have had a breakthrough recently, incredible one, and don't use just brute force but analyse of the encrypted data.
    They don't go into technical details about it, but i got the feeling that they try to analyse and find patterns (which was how the first encryptions were broke because they were just moving the letters few spots to the right, which based on the language leaves a pattern)
    Anyway, that's just speculation on my part.
    The article is over an year old and I haven't heard anything about that until now.
    And everyone seems to consider AES like still secure...


    Hopefully someone with more experience will be able to give us some light on that :)
     
  2. Bnuu

    Bnuu Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    2
    I think when people think the AES-algorithm itself (Not accounting the implementation) is still safe, they don't think about the fact of that the mayor intelligence/security agencies have quantom computers and if they succeed to program one effecient to crack algorithms, it is magnitudes faster in decrypting then standard supercomputers.

    I think AES itself is safe, the formula is availeble online and it has been used for so long I think if there would be a flaw in it, it would have been spotted by now.

    Besides, the NSA uses AES-256 for their Top Secret intellegence themselves. I think if there are rumors the NSA is switching for a different algorithm it will be time to switch yourself :D.
     
  3. natsecurity

    natsecurity Registered Member

    Joined:
    Dec 19, 2012
    Posts:
    31
    Location:
    australia
    what does bruce schneier have to say about all this??
     
  4. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    AES is still safe.

    AES in not future-proof. AES currently at its key length will be good for another 5-10 years. Then the key length will have to be upgraded to 512 or 1024.

    I use Two-fish because its more future-proof. I trust it more, even if its slightly slower.
     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Ask and you shall receive.
     
  6. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I don't think anyone can really *know* whether these are broken already. At least not before it's too late. The only people who *know* certainly aren't going to tell you.
     
  7. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    AES encryption would be better off cascading method with serpent and twofish. Of course, my FDE computer setup consists of destruction password and partition destroyer mechanism.

    Your enemy can attempt to break the first layer of AES but that will destroy the password and partition.
     
  8. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Cascading multiple encryption methods can lower encryption integrity in some situations actually making your encryption weaker and a lot slower. Much better to go with one method with a longer key length.
     
  9. TheRussian

    TheRussian Registered Member

    Joined:
    Apr 19, 2013
    Posts:
    21
    The quantum computers are pure speculation. Don't represent it as a fact please.

    The AES algo is safe, meaning it hasn't been compromised. But every encryption can be brute forced. The thing is how long it takes?
    And that's what they MAYBE do.

    If NSA is the only one that have the power to break AES, why they still shouldn't be using it? Especially if there is nothing better.
    So I don't think that's a factor either.
    Not to mention that we don't know what encryption they really use. (Official info is for the masses)
     
  10. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Also, Quantum computers are not like you would imagine "running windows" and in a logical GUI. Quantum computers in part are semi-illogical in the way they theoretically work. Right now for all we know the model of quantum computer that exists in theory could be completely useless.
     
  11. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Does the NSA's ability to break AES have any practical implications on the average person's life?
     
  12. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    If they could the only problem would be if you commit a crime now, and they take your computer. AES may be secure now but your computer with its "Now Proof" HDD encryption could be taken into storage for 20 years and decrypted later.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    If it takes 20 years all the statutes of limitations would run out unless you're accused of murder or sexual assault of a child. At least in the USA.
     
  14. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    They can make the argument that you still own the computer even if its been sitting in lock up for 20 years. You own it and all the data on the computer still belongs to you even if its 20 years old, the data is still your belonging.
     
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Again, unless it's murder or child sexual assault - it doesn't matter. SOL begin running from the moment of the alleged crime.
     
  16. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    That's true and its gonna be a rare case, but here in the UK your forced to give up your passwords by law or go to prison anyway. So you get the problem of a person going to prison and not being able to run and later down the road his crimes get found out anyway.
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Ahhh. I see what you're saying. Very true.
     
  18. TheRussian

    TheRussian Registered Member

    Joined:
    Apr 19, 2013
    Posts:
    21
    So, how do you guys understand the article, does it sound to you like they found a way to brute force encryption in a timely manner by doing some kind of analysis or it's just me?

    Why this isn't discussed more widely? It seems like a big thing to me.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    "Broken" in cryptography is more of "breakthrough", it doesn't mean that they've cracked it wide open, it just means they've made progress. This is expected, and it will continue to happen until AES has a reduced keyspace that can be bruteforced easily.

    Cryptanalysis is how you make these breakthroughs. You analyze the algorithm and find ways to shorten instructions, or perform a certain set of instructions faster, or with fewer instructions.

    DES, which was 56bit, as the article states, lasted 25 years. AES, which is 128bit to 256bit, has been estimated to last about 30 years.

    The thing they really talk about is the massive computer array they have, which is fit for cracking encryption.
     
  20. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    That's how I read the part about 'the breakthrough' also.
    The move from R&D towards 'actually attacking extremely difficult encryption systems', made possible by their new Jaguar-like cluster, is considered the breakthrough. link
     
  21. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    So was PRISM few weeks ago. I assume that if NSA got its hands on quantum computers it would be known by a very few individuals and would be kept that way.
     
  22. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    what happens if you play it dumb and claim you forgot?
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Quantum computers aren't the issue here. It just leads to faster implementations of the algorithm, which just means that we need to expand the number of rounds in AES. We can already make up for this by using SHA for key generation first. Even if you can speed up SHA via quantum 1,000,000 times, you can iterate it just as many times.

    Attacking the keyspace through some quantum algorithm idk maybe there's something there, but the reason people were like "omg quantum + encryption = bad" is because of RSA and generating large primes, not AES.
     
  24. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    If you are committing crimes of such nature--crimes that require encryption like child porn, credit card theft and terrorism--than it would be a good idea to not get caught in the first place. :D :D Or better yet, not commit those crimes at all!!! Don't be a criminal.
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Unfortunately I think the government, specifically the NSA, is willing to use more resources catching activists and whistleblowers than child pornographers.
     
Loading...
Thread Status:
Not open for further replies.