article says encryption no longer private?

MaryP
2013-09-06
2013-10-26
  • I cannot be sure about how NSA breaks the security, but I believe that they do brute-force attacks to get the password of the private keys. Brute force attacks are very expensive as they need a tremendous amount of CPU power, and quite some time (we still talk about years) thus this only makes sense for "interesting" targets. An interesting target is typically the private key of a server which is used for for may (at least millions) of connections per day. Thus keys like the ones from Google, Yahoo and a few other large players are in their focus.

    A single person's private key cannot be interesting to NSA unless they have very good reason to assume that they would gain a lot from knowing it. But even then I'd say it would be a lot cheaper to break into your computer and install a backdoor, than to try to break your password.

     
  • MaryP
    MaryP
    2013-09-08

    Thanks. The article mentions the following: >>>>...the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.

    "For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," according to a 2010 briefing document about the NSA's accomplishments meant for its UK counterpart, Government Communications Headquarters, or GCHQ. <<<<

     
  • MaryP
    MaryP
    2013-09-08

    That article also said: "Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers."

    I have gotten sick of the idea I can't even have a conversation about my health to family members or a health care related person in email - or to a friend about something personal without the government making a freaking permanent record of it -- without my permission even though it's my tax dollars funding it via black budget - the government has decided it doesn't matter what the public wants in privacy or any other policy.

    Another recent article:
    * http://www.usatoday.com/story/news/nation/2013/09/05/nsa-snowden-encryption-cracked/2772721/

    {{"Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the Internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance.''

    The spy agencies have focused on compromising encryption found in Secure Sockets Layer (SSL), virtual private networks (VPNs) and 4G smartphones and tablets. The NSA spent $255 million this year on the decryption program — code named Bullrun — which aims to "covertly influence" software designs and "insert vulnerabilities into commercial encryption systems" that would be known only to the agency.}}

     
    Last edit: MaryP 2013-09-08
  • MaryP
    MaryP
    2013-09-08

    I guess my question is partly whether there's any point to learning how to do this in order to have some feeling I have privacy of family medical discussion or anything else, if the government has now somehow cracked all encryption? On principle I resent this now apparently routine intrusion into my privacy. And so that's why I've come to think about it. I think the govt is aware people are becoming more aware of their loss of privacy because of the Snowden discussion and that there will be an increased interest in encryption but none of this has to do with "terrorism" - it has to do with excessive intrusion into non-terror related private communications about every day personal matters that we do not care to share with the government because it's none of their business to snoop into every breath a person takes or to record private matters like health and family or friends' love life matters, arguments etc. It's horrifying to realize they are trying to save all this stuff that is not related to national security in ANY WAY!

     
    Last edit: MaryP 2013-09-08
  • Alex
    Alex
    2013-10-26

    You want true privacy then pen and paper is the way to go. Just a thought and even if you are really good there is still so many risks that it would be pointless to mention them all. I would take Patrick's advice and not be overly concerned about the NSA. If you are concerned then contact Congress and vote and throw out the politicians who have let this policy become practice in the first place with elections. Change can happen but it takes time.