Switching to 2048 bit keys is a minor reconfiguration, and it would render the ability to crack 1024 bit keys irrelevant

Making and breaking encryption is one of the main roles of a signals intelligence agency. That NSA engages in such activities is not surprising. Aspects of this work aren’t even secret: NSA involvement in the development of some cryptographic standards was legally mandated and openly acknowledged.

The attacks against cyphered data depend on implementation flaws, bad passwords, weak algorithms, corporate cooperation, and, perhaps, backdoors

NSA apparently takes advantage of a pre existent trusted relationship between 2 machines: malware is installed on the PC of any person of interest, and that malware is used to extract data from any iPhones that trust the PC.

uncertainty surrounds reports that NSA can crack some VPNs to eavesdrop on their traffic. At one end of the spectrum, this could mean that NSA can crack properly configured VPNs using strong encryption and protocols such as IPSec, ssh, or TLS. The other end of the scale is cracking Microsoft PPTP VPNs using MS-CHAP authentication. Flaws in this protocol have been known for a long time, and in 2012 a cloud service for cracking the protocol was published.

among protocols that can’t, generally, be cracked, there are known limitations. RSA asymmetric encryption with 1024 bit keys—widely used in SSL/TLS connections—can’t be broken by a common-or-garden hacker. Though algorithms for cracking RSA are known, they’re out of reach to individuals, because they require massive computational resources. But that’s not a problem for NSA (or any other organizations that have or can afford large supercomputers). Nobody knows with absolute certainty if NSA has supercomputers that can be used to attack 1024-bit RSA in a reasonable timeframe, but it’s certainly well within the realms of possibility.

NIST, whose responsibilities include developing standard rules for use of encryption says that use of 1024-bit RSA is deprecated through to the end of this year and disallowed subsequently, precisely because it is susceptible to being broken. 2048-bit RSA, in comparison, is approved until 2030 and disallowed thereafter

1024-bit RSA is vulnerable since at least 2007

As such, if NSA can crack this level of encryption, it’s not a big surprise and it’s not a big revelation.

Switching to 2048 bit keys is a minor reconfiguration, and it would render the ability to crack 1024 bit keys irrelevant

Is it possible that the NSA can go far beyond the state of the art, breaking even encryption believed to be secure? Sure. It can’t be ruled out. But it’s not the only interpretation of the information that’s been leaked so far—and if experts remain confident that the basics of cryptography are all still sound (a belief that appears to be shared by Snowden himself), it’s arguably not even the most likely one.


Explore posts in the same categories: techs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: