General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThe NSA is Making Us All Less Safe
https://www.eff.org/deeplinks/2013/10/nsa-making-us-less-safeBy weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackerswhether they are foreign governments or criminals. As security expert Bruce Schneier explained, Its sheer folly to believe that only the NSA can exploit the vulnerabilities they create.
The New York Times presented internal NSA documents with some specifics. They are written in bureaucratese, but we have some basic translations:
Insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devices used by targets Sabotage our systems by inserting backdoors and otherwise weakening them if theres a chance that a target might also use them.
"actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" Secretly infiltrate companies to conduct this sabotage, or work with companies to build in weaknesses to their systems, or coerce them into going along with it in secret.
Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS Ensure that the global market only has compromised systems, so that people dont have access to the safest technology.
"These design changes make the systems in question exploitable through Sigint collection with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact." Make sure no one knows that the systems have been compromised.
influence policies, standards and specifications for commercial public key technologies Make sure that the standards that everyone relies on have vulnerabilities that are hidden from users.
defacto7
(13,485 posts)the FBI and other nondescript US gov IPs redressed from anonymous proxies. They're out there.
Stay close to your AES256 and IDEA encryption algorithms and never let your certs go below an rsa:2048 on your CAs. I use 4096 -AES256 myself of all my certs. Other encryption methods are around that are nice to work with on general data, take your pick, and don't touch MD5 with a long stick.
JDPriestly
(57,936 posts)What are all those things?
Spitfire of ATJ
(32,723 posts)Zorra
(27,670 posts)randome
(34,845 posts)Online child pornographers try to hide behind encryption. So does organized crime.
I doubt we would want them to feel safe.
I also laugh at the idea that there are 'back doors' to circuits and encryption schemes. There are thousands of smart IT people -smarter than are employed at the NSA- who would know of such things.
This is another 'let's all panic' article.
[hr][font color="blue"][center]I'm always right. When I'm wrong I admit it.
So then I'm right about being wrong.[/center][/font][hr]
eridani
(51,907 posts)--professional computer people.