Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

hootinholler

(26,449 posts)
Sat Dec 21, 2013, 12:45 PM Dec 2013

Many here are now owed Beer and Travel Money with an apology

Last edited Sat Dec 21, 2013, 01:27 PM - Edit history (1)

"The generation of random numbers is too important to be left to chance."
- Robert R. Coveyou, Oak Ridge National Laboratory

To all you people who said I was crazy that the NSA could have a back door into encryption, my inference back in July is now confirmed.

My mistake back then was I thought Cisco was compromised and it now turns out that RSA itself is compromised. How was it compromised? A subtle flaw in the random number generation that I suspect allows the private key to be deduced from the public key.

This would be funny if it wasn't so sickening.

So to all who said I was nuts, who hassled me for attending the anti-NSA rally, it's your turn to be mocked. Unless you want to stand up and say Sorry, Hoot I guess you did know a little about this tech stuff.
Many here are now owed Beer and Travel Money with an apology (Original Post) hootinholler Dec 2013 OP
Rec for the marvelous allusion Feral Child Dec 2013 #1
Rec for the same reason as the other rec. nolabear Dec 2013 #2
…and many experiences. Jackpine Radical Dec 2013 #3
Ah yes, Random Thoughts... awoke_in_2003 Dec 2013 #26
Here you go. woo me with science Dec 2013 #39
I loved Twilighr Zone heaven05 Dec 2013 #74
Before I clicked on the thread I though Random Thouhgts was back! Jazzgirl Dec 2013 #84
Ha ha dreamnightwind Dec 2013 #86
I was trying to think of a way to say pretty much what you did here. Jackpine Radical Dec 2013 #87
Me too, but I always tried to understand tavalon Dec 2013 #110
I wouldn't hold your breath waiting for an apology. sibelian Dec 2013 #4
I considered posting a list of user names hootinholler Dec 2013 #7
I've forgotten most of their names. i could go and look at my ignore list... sibelian Dec 2013 #15
I double-dare them. It's time that sort gets openly ridiculed. So sick of people that ridicule ChisolmTrailDem Dec 2013 #31
It would be nice if "Being an Authoritarian Toady" was an alertable offense. Maedhros Dec 2013 #67
wow, "authoritarian toady" is such a perfect label. thx Vattel Dec 2013 #96
No need to post names. By their works shall ye know them. Maedhros Dec 2013 #66
Or post flame bait just to riducule those who prefer not to make Big Pharma richer or injest ChisolmTrailDem Dec 2013 #98
k&r for beer and travel money. Not to mention many experiences. Hassin Bin Sober Dec 2013 #5
mmmm beer JVS Dec 2013 #6
Have a beer, or at least a virtual beer. malthaussen Dec 2013 #9
BitCoin works hootinholler Dec 2013 #22
Perhaps the NSA invented BitCoin MannyGoldstein Dec 2013 #53
IDK if BitCoin uses RSA algorithims hootinholler Dec 2013 #54
Nobody knows who "Satoshi Nakamoto" is... reACTIONary Dec 2013 #60
Well, I doubt they speak in script kiddie hootinholler Dec 2013 #63
Bitmessage, based on Bitcoin, is broken and easily tracable. joshcryer Dec 2013 #102
FYI - BitCoin Random Number Generator Attack reACTIONary Dec 2013 #59
Oh man! OUCH! hootinholler Dec 2013 #61
Somebody owes me... MannyGoldstein Dec 2013 #70
NIST has actually been actively finding bugs and reporting them: joshcryer Dec 2013 #105
Let's see... I'm going to conduct an illegal transaction... reACTIONary Dec 2013 #108
Looks like you were right. Lasher Dec 2013 #8
Well it does eliminate that cause hootinholler Dec 2013 #11
Now you're just freaking me out. pintobean Dec 2013 #17
Why would anyone want to shut down discussion of the national security state? Octafish Dec 2013 #10
Shout it from the fucking hilltops my friend hootinholler Dec 2013 #14
I hear ya' PeoViejo Dec 2013 #73
Riders in the Sky Octafish Dec 2013 #94
I mentioned that pic upthread... awoke_in_2003 Dec 2013 #28
I think it's from Twilight Zone suffragette Dec 2013 #33
Burgess Meredith Octafish Dec 2013 #36
Ah, of course... awoke_in_2003 Dec 2013 #41
i think it may be from a much earlier movie. stella by starlight tiny elvis Dec 2013 #88
Thank you, tiny elvis! Octafish Dec 2013 #93
Doubleplusgood! nt woo me with science Dec 2013 #40
I can think of three reasons. One is denial. Discussions are tough on those living in denial. rhett o rick Dec 2013 #55
I'll leave this here, since it's on topic... Maedhros Dec 2013 #68
It's a harder life, not to bow down to authority, tavalon Dec 2013 #111
I think very few Americans are raised to be open-minded and not just trust authorities rhett o rick Dec 2013 #115
We live in an authoritarian society tavalon Dec 2013 #120
+1 . . . .n/t annabanana Dec 2013 #107
It is DU dear nadinbrzezinski Dec 2013 #12
K&R As are many of us. Egalitarian Thug Dec 2013 #13
That is true hootinholler Dec 2013 #21
So, fuck 'em, we'll get our own damned beer! Egalitarian Thug Dec 2013 #24
You are a prophet. undeterred Dec 2013 #16
Not at all hootinholler Dec 2013 #19
Rec for "Beer and Travel Money" progressoid Dec 2013 #18
K&R! Hatchling Dec 2013 #20
I did not respond to you you at all. I thought you were nuts, but I kept it to myself. Even so ... 11 Bravo Dec 2013 #23
I've always held you in high regard hootinholler Dec 2013 #43
I appreciate that. (But I still WISH you had been wrong. I love this country, and right now ... 11 Bravo Dec 2013 #47
I would love to have been wrong! hootinholler Dec 2013 #49
Friendly correction: the Internets seem to think it is Coveyou who said that. eomer Dec 2013 #25
Thank you for that! hootinholler Dec 2013 #29
K & R !!! WillyT Dec 2013 #27
Sorry, I am too broke right now awoke_in_2003 Dec 2013 #30
They won't apologize. But everyone can go back to those threads and see ChisolmTrailDem Dec 2013 #32
Well I don't owe you a thing. zeemike Dec 2013 #34
K&R DeSwiss Dec 2013 #35
We'll all meet in Vallhalla Demeter Dec 2013 #37
Random Thoughts! TwilightGardener Dec 2013 #38
K&R woo me with science Dec 2013 #42
K&R Keep on truckin. nt raouldukelives Dec 2013 #44
I refuse to apologize. Glassunion Dec 2013 #45
Don't say you weren't warned when the NSA comes sniffing around your packets hootinholler Dec 2013 #46
But, but, but he had boxes in his garage and ran to Russia for god's sakes! Scuba Dec 2013 #48
He had an altar to Ayn Rand too! hootinholler Dec 2013 #50
I heard he was the product of Ayn Rand's frozen eggs MannyGoldstein Dec 2013 #71
Now THAT'S one damn disgusting mental image..... paleotn Dec 2013 #92
As I was typing that MannyGoldstein Dec 2013 #97
Scary but not surprising PrestonLocke Dec 2013 #51
Regarding certain aspects of modern life randr Dec 2013 #52
There was no tinhat involved hootinholler Dec 2013 #56
Is that the same people bvar22 Dec 2013 #57
I doubt the apologies, beer or travel money will appear from that quarter suffragette Dec 2013 #58
How have you been? hootinholler Dec 2013 #64
Been deluged at work suffragette Dec 2013 #78
It's been crazy around here hootinholler Dec 2013 #82
Hope the dinner was great! suffragette Dec 2013 #100
Recommended! NYC_SKP Dec 2013 #62
Oh, you great big narcissist, you. sibelian Dec 2013 #65
I don't think you're nuts, but I think you are getting some of this wrong. DanTex Dec 2013 #69
You have good points... hootinholler Dec 2013 #72
I've seen that slide and I'm not clear what the implications are. DanTex Dec 2013 #75
If what you are suggesting was scalable... hootinholler Dec 2013 #79
Well, I'm sure they are trying to get the content. DanTex Dec 2013 #83
It's grabbing all plaintext. joshcryer Dec 2013 #104
Good info..... Logical Dec 2013 #109
The Snowden Haters And NSA Apologists Will Never Come Clean cantbeserious Dec 2013 #76
I never doubted you although I didnt openly support you either. I guess I just rhett o rick Dec 2013 #77
I remember you being one of the few, if not the only one, of our KoKo Dec 2013 #80
I don't know a thing about 'random number generators' Lifelong Protester Dec 2013 #81
I've always imagined a dial where you tune it till,...oh wait,...that's an old TV set.... Spitfire of ATJ Dec 2013 #85
I thought Cisco was compromised and it now turns out that RSA itself is compromised. lunasun Dec 2013 #89
rec. nt Demo_Chris Dec 2013 #90
Forget the apology Incitatus Dec 2013 #91
"The generation of random numbers is too important to be left to chance." Xipe Totec Dec 2013 #95
I miss Random Thoughts. Aristus Dec 2013 #99
Top of the Greatest Page. woo me with science Dec 2013 #101
RSA is not compromised, FIPS 140-2 is, if Dual EC_DRBG is enabled. joshcryer Dec 2013 #103
Yes, I was technically imprecise hootinholler Dec 2013 #114
Remember, SecureIDs root keys were leaked. joshcryer Dec 2013 #116
Where did the "beer and travel money" meme come from, and what does it mean? Owl Dec 2013 #106
A beloved (and by some, not so beloved) tavalon Dec 2013 #112
WOW you've been around a long time hootinholler Dec 2013 #118
Recced for the call back to a famous Duer tavalon Dec 2013 #113
I'll take some beer and travel money Aerows Dec 2013 #117
kick woo me with science Dec 2013 #119

Jackpine Radical

(45,274 posts)
3. …and many experiences.
Sat Dec 21, 2013, 12:50 PM
Dec 2013

For those who remember our old friend Random Thoughts.

I'm not enough of a geek to have ever gotten into the details of the matter, but in my dark little paranoid soul I never doubted that They were Watching Us in myriad ways, or that They could access anything we put online.

 

heaven05

(18,124 posts)
74. I loved Twilighr Zone
Sat Dec 21, 2013, 04:18 PM
Dec 2013

watched every episode I could and still do during sci fi station marathons usually on a holiday. Rod Serling had a sterling mind. He died too young.

Jazzgirl

(3,744 posts)
84. Before I clicked on the thread I though Random Thouhgts was back!
Sat Dec 21, 2013, 05:05 PM
Dec 2013

I used to think I was always missing something whenever I read his responses.

sibelian

(7,804 posts)
4. I wouldn't hold your breath waiting for an apology.
Sat Dec 21, 2013, 12:52 PM
Dec 2013

Image managers know how important it is to hide when they've finally been rumbled.

hootinholler

(26,449 posts)
7. I considered posting a list of user names
Sat Dec 21, 2013, 12:58 PM
Dec 2013

But I know I couldn't be complete, because those are just my OPs in which I was told I was nuts. It doesn't reflect the myriad of other threads where I heard the same thing. At least the person ridiculing the anti-NSA rally was tombstoned, but many who agree with him remain.

I seriously doubt that any of them will come by to say anything, but catharsis happened by putting this on the record.

 

ChisolmTrailDem

(9,463 posts)
31. I double-dare them. It's time that sort gets openly ridiculed. So sick of people that ridicule
Sat Dec 21, 2013, 01:28 PM
Dec 2013

others for daring to disseminate bullshit and come to conclusions that turn out later to be true. And the NEVER belly up to their crow dinner. That says all about them that needs to be said.

 

Maedhros

(10,007 posts)
67. It would be nice if "Being an Authoritarian Toady" was an alertable offense.
Sat Dec 21, 2013, 03:47 PM
Dec 2013

Would seem reasonable for an ostensibly Liberal board.

 

Maedhros

(10,007 posts)
66. No need to post names. By their works shall ye know them.
Sat Dec 21, 2013, 03:46 PM
Dec 2013

It's easy to spot them. They never actually post anything - articles, analysis, funny pictures - but only show up to discourage people from paying attention or to sneer at people who do.

 

ChisolmTrailDem

(9,463 posts)
98. Or post flame bait just to riducule those who prefer not to make Big Pharma richer or injest
Sun Dec 22, 2013, 02:00 AM
Dec 2013

their poisons which are proven to kill people every day, and who even say so in their TV spots, while calling that "science". We can call them "Big Pharma Toadies".

And some of them are even forum hosts for God's sake!

reACTIONary

(5,700 posts)
60. Nobody knows who "Satoshi Nakamoto" is...
Sat Dec 21, 2013, 03:26 PM
Dec 2013

... and the NSA employs a lot of talent with the skillez to pull this off. 4 the Lulz.

hootinholler

(26,449 posts)
63. Well, I doubt they speak in script kiddie
Sat Dec 21, 2013, 03:30 PM
Dec 2013

In communications.

But yeah there are some really sharp tacks in the box.

joshcryer

(62,242 posts)
102. Bitmessage, based on Bitcoin, is broken and easily tracable.
Sun Dec 22, 2013, 08:19 AM
Dec 2013

Interesting that Snowden used it with his chats with Greenwald.

And of course Bitcoin is not anonymous at all despite its supporters ignorant claims.

reACTIONary

(5,700 posts)
59. FYI - BitCoin Random Number Generator Attack
Sat Dec 21, 2013, 03:19 PM
Dec 2013
http://en.wikipedia.org/wiki/Random_number_generator_attack#Java_nonce_collision

Java nonce collision

In August 2013, it was revealed that bugs in the Java class SecureRandom could generate collisions in the k nonce values used for ECDSA in implementations of Bitcoin on Android. When this occurred the private key could be recovered, in turn allowing stealing BitCoins from the containing wallet.

"Bugs". Yah, sure, just a "bug".

joshcryer

(62,242 posts)
105. NIST has actually been actively finding bugs and reporting them:
Sun Dec 22, 2013, 08:50 AM
Dec 2013
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Not to say that this is not correct but I think the US government needs it to succeed since it works as a honypot for illegal behavior and is 100% not anonymous.

reACTIONary

(5,700 posts)
108. Let's see... I'm going to conduct an illegal transaction...
Sun Dec 22, 2013, 09:46 AM
Dec 2013

... I'm going to buy/sell an illegal substance from someone, somewhere, I know not who. I'm going to give my delivery information to that person, and make payment using an information system that posts the entire ledger to the internet where anyone, anywhere can access it without warrant or reason. Then I'm going to entrust the illegal substance to a courier service staffed and run by government agents that photograph and electronically record everything they touch.

What could possibly go wrong?

Oh yes, AND I'm going to do this relying on the privacy provided by routers and clients developed by the Navel Research Laboratory.

Octafish

(55,745 posts)
10. Why would anyone want to shut down discussion of the national security state?
Sat Dec 21, 2013, 01:04 PM
Dec 2013


Shutting people up isn't fascistic, it's for their own good, hootinholler. Otherwise they might forget that this is mostly like a free country, apart from the wars without end for profit, stolen elections, KKKoch brothers fiscal policies and the bankster-run just-us department. Do you want me to report that you're not with the Program?

hootinholler

(26,449 posts)
14. Shout it from the fucking hilltops my friend
Sat Dec 21, 2013, 01:08 PM
Dec 2013

That is a breach I will gladly fill.

You know it's funny that I have this penchant towards revealing truth as I know it.

Thank you for helping me to preserve what sanity I have left.

Octafish

(55,745 posts)
94. Riders in the Sky
Sat Dec 21, 2013, 09:18 PM
Dec 2013


Not much in the way of reward, wot, other than doing the right thing for the sake of democracy and justice.

Octafish

(55,745 posts)
36. Burgess Meredith
Sat Dec 21, 2013, 01:41 PM
Dec 2013

I believe from a Twilight Zone episode.

http://en.wikipedia.org/wiki/Time_Enough_at_Last

Wiki says he was in four episodes, so it may be another one. The guy was tops in every way -- a genius and a war hero.

Octafish

(55,745 posts)
93. Thank you, tiny elvis!
Sat Dec 21, 2013, 09:08 PM
Dec 2013

Mr. Meredith sports a moustache as Mr. Bemis in the TZ episode in which he plays the bibliophile:



 

rhett o rick

(55,981 posts)
55. I can think of three reasons. One is denial. Discussions are tough on those living in denial.
Sat Dec 21, 2013, 03:05 PM
Dec 2013

The second is cowardice. These cowards are really authoritarian (bully) followers. They hope that the almighty authority (bully) will appreciate their loyalty and bestow kindness upon them. The third is also an authoritarian follower, but enjoys being on the side of the almighty bully. Reasons two and three overlap.

We live in an authoritarian state. We are taught from a very young age to blindly follow authoritarian leaders, whether parents, teachers, coaches, Scout leaders, and religious leaders. Some of us resist these teachings, but IMHO most Americans are authoritarian followers to some degree.

tavalon

(27,983 posts)
111. It's a harder life, not to bow down to authority,
Sun Dec 22, 2013, 11:52 AM
Dec 2013

but it seems I never have and it's likely I never will.

 

rhett o rick

(55,981 posts)
115. I think very few Americans are raised to be open-minded and not just trust authorities
Sun Dec 22, 2013, 02:18 PM
Dec 2013

on faith. That's why there is such a problem with priests. The Church promotes the idea that priests are not mere men, but should be revered and trusted. It's easier to control people if you can get them to believe in you blindly. As you see here in DU that some here support the NSA blindly because they dont want their blind faith in authority shaken. We live in an authoritarian society.

tavalon

(27,983 posts)
120. We live in an authoritarian society
Tue Dec 24, 2013, 12:15 PM
Dec 2013

Cannot agree with that more. I could say it's patriarchal and it is to an extent but as a pagan, I can tell you I've seen plenty of women rule with an iron fist.

 

nadinbrzezinski

(154,021 posts)
12. It is DU dear
Sat Dec 21, 2013, 01:07 PM
Dec 2013

Apologies for pile ons are just not done



It is what makes DU suck in so many ways.

That said, you did get the experiences.

 

Egalitarian Thug

(12,448 posts)
13. K&R As are many of us.
Sat Dec 21, 2013, 01:08 PM
Dec 2013

Unfortunately another aspect of the authoritarian personality, in addition to their need to feel they are in control, is that they are deadbeats and don't pay unless publicly shamed into it.

hootinholler

(26,449 posts)
19. Not at all
Sat Dec 21, 2013, 01:16 PM
Dec 2013

Nor am I clairvoyant.

I just know how systems hang together. I've built a career of 30+ years building and troubleshooting large and complex systems.

11 Bravo

(23,888 posts)
23. I did not respond to you you at all. I thought you were nuts, but I kept it to myself. Even so ...
Sat Dec 21, 2013, 01:20 PM
Dec 2013

for that I have no problem whatsoever in admitting that you were right and I was wrong.

11 Bravo

(23,888 posts)
47. I appreciate that. (But I still WISH you had been wrong. I love this country, and right now ...
Sat Dec 21, 2013, 02:07 PM
Dec 2013

our behavior pretty much sucks on several levels!)

back at you!

hootinholler

(26,449 posts)
49. I would love to have been wrong!
Sat Dec 21, 2013, 02:14 PM
Dec 2013

There is so much at stake. In the realm of pure speculation, I will bet that the Koch Brothers have someone with capabilities like Snowden had on their payroll and have access to what ever private correspondence they desire.

Think about it, I bet they have a lock on the Orange Market Report before anyone sees it. Where Orange Market Report is a variable to be replaced with any other industry of interest. Want to know what Exxon-Mobile is up to?

eomer

(3,845 posts)
25. Friendly correction: the Internets seem to think it is Coveyou who said that.
Sat Dec 21, 2013, 01:22 PM
Dec 2013
The generation of random numbers is too important to be left to chance.
—Robert R. Coveyou, Oak Ridge National Laboratory


And then there's this:
Random numbers should not be generated with a method chosen at random.
—Donald Knuth

hootinholler

(26,449 posts)
29. Thank you for that!
Sat Dec 21, 2013, 01:25 PM
Dec 2013

It's been a very long time since I read Knuth and it was indeed random number that took me to the bible of IT (Is it still taught? Is the dragon book still taught?)

I will correct forthwith. That's what I get for relying on *my* memory. Apologies to Mr Coveyou!

 

ChisolmTrailDem

(9,463 posts)
32. They won't apologize. But everyone can go back to those threads and see
Sat Dec 21, 2013, 01:33 PM
Dec 2013

exactly who they were.

NSA is monitoring this website. There's no reason not to believe they are also participating on this website.

And they are not apologetic.

zeemike

(18,998 posts)
34. Well I don't owe you a thing.
Sat Dec 21, 2013, 01:36 PM
Dec 2013

Because that shit is way over my head...
But I would buy you a beer just for being right and speaking up...

PrestonLocke

(217 posts)
51. Scary but not surprising
Sat Dec 21, 2013, 02:28 PM
Dec 2013

Good thing there are many open source algorithms available.

What else has been tampered with?

Yay for GnuPG!

hootinholler

(26,449 posts)
56. There was no tinhat involved
Sat Dec 21, 2013, 03:09 PM
Dec 2013

It was simply making logical inferences from stated capabilities.

They say they can do this, well how could that happen?

bvar22

(39,909 posts)
57. Is that the same people
Sat Dec 21, 2013, 03:10 PM
Dec 2013

...who kept insisting that there was nothing to worry about when Fukushima blew up?

Everyone RELAX.
They are just venting a little steam.
I know Science, and these nuclear plants are perfectly safe
because they have redundant back up systems.
Did I mention that I know science, and you are just a dumb ass?


Those people?
I don't remember any retractions or apologies then either.

suffragette

(12,232 posts)
58. I doubt the apologies, beer or travel money will appear from that quarter
Sat Dec 21, 2013, 03:17 PM
Dec 2013

But I'm always glad to raise a glass with you (wine for me though, please)



And thanks for posting on the tech aspects of this. I'm fairly geeky in some areas, but wouldn't be aware of what some of this means without your explanations.

suffragette

(12,232 posts)
78. Been deluged at work
Sat Dec 21, 2013, 04:36 PM
Dec 2013

And haven't been posting much recently.
But now I have some well-deserved time off and am looking forward to relaxing and catching up.

How have you been?

And back atcha:

hootinholler

(26,449 posts)
82. It's been crazy around here
Sat Dec 21, 2013, 04:48 PM
Dec 2013

My Sis came up for a visit and had a heart attack, She's gonna be ok.

Work has been a zoo with nebulous desires by the customer.

I'm happy to be alive and employed on this fine solstice day. I think I should take my pet out for a nice dinner tonight.

DanTex

(20,709 posts)
69. I don't think you're nuts, but I think you are getting some of this wrong.
Sat Dec 21, 2013, 03:57 PM
Dec 2013

RSA is two things. One, it is a public key encryption algorithm, and two, it is a company. The RSA algorithm is not compromised. What is compromised is some of the software that the company RSA produced. According to the article, the problem is that RSA's Bsafe crypto software's default random number generator (Dual_EC_DRBG) is vulnerable to a back door. And the NSA paid RSA $10M to use Dual_EC_DRBG, so it is a pretty good guess that the suspicions that NSA put a back door into Dual_EC_DRBG are true.

But this is pretty far from saying that VPN traffic can be read by the NSA. At worst, it means traffic encrypted by providers using Bsafe can be read by the NSA, but I have no idea how many of them do (and I don't think you do either).

What's more, the fact that the Dual_EC_DRBG random number generator had a potential back door has been known since at least 2007, so people that knew what they were doing have considered Dual_EC_DRBG to be broken for some time now. Which means that VPN or any other crypto software written by people who were actually trying to provide security, as opposed to intentionally letting the NSA in, probably were not using Dual_EC_DRBG to begin with. And now that this has all become public, nobody is going to use Dual_EC_DRBG anymore.

This is not to say that the NSA isn't doing things they shouldn't be doing, and of course, it's also possible that the NSA has other hacks that we don't know about. But simply claiming that the NSA has "a back door into encryption" is a pretty big overstatement.

hootinholler

(26,449 posts)
72. You have good points...
Sat Dec 21, 2013, 04:10 PM
Dec 2013

Thanks for that article! I wasn't aware as I don't generally get that involved in the encryption side of things.

I would remind you that the notion that the NSA has the capability to decrypt VPN traffic comes directly from the NSA:


At the time I was speculating on how it could be accomplished.

DanTex

(20,709 posts)
75. I've seen that slide and I'm not clear what the implications are.
Sat Dec 21, 2013, 04:26 PM
Dec 2013

It's unsettling, but it certainly doesn't mean that they can read all VPN traffic. Particularly since different VPNs use different encryption protocols, it is doubtful that this is true. For example, I haven't seen any suggestion that the open source OpenVPN is compromised, nor have I read any security experts who think it is.

Also, VPN also refers to more than one thing (sort of). First, a VPN is a virtual private network, the way you described in your other OP -- basically a way to be securely connected to your office network while you are at home or at Starbucks.

But what this slide is talking about by "VPN startups" is most likely VPN services (for example) that let users surf the internet anonymously via proxy servers, using a VPN protocol for the connection to the proxy server. This is something the NSA would be particularly interested in, since people using VPN services in this way are trying to avoid detection.

Notice, though, that the slide doesn't say that the NSA can actually read encrypted packets. Instead, it says that if they have the "data" they can decrypt and discover the users. To me, this doesn't mean they are hacking the actual VPN encryption, but instead that they have (or want) some way to figure out who is using these VPN services. I have no idea what they have in mind exactly, but it could be any number of things, not necessarily involving breaking crypto. It could even mean hacking into the servers at the VPN startups and stealing their logs.

For a recent example of a non-codebreaking method of tracking people through supposedly secure connections, the guy who used TOR to mail bomb threats to Harvard got caught not because the police were able to crack TOR, but because they simply got hold of the logs of everyone who was connected from the Harvard network to TOR at the time the threat was sent.

hootinholler

(26,449 posts)
79. If what you are suggesting was scalable...
Sat Dec 21, 2013, 04:41 PM
Dec 2013

I might tend to agree. But there is a scalability caveat on the slide as well suggesting that this is the tool to do bulk decryption. Capturing logs for analysis is a tedious process and likely not to require bulk decryption.

Maybe they are only mapping the connections and not the content, but at this point, as a practical matter, I think it would be incredibly naive to trust that assertion.

With luck we will actually know.

DanTex

(20,709 posts)
83. Well, I'm sure they are trying to get the content.
Sat Dec 21, 2013, 04:54 PM
Dec 2013

I just don't know if they can. I also don't know if they can get the users either. I don't think the NSA is limiting themselves based on some concern for the privacy of VPN users in other countries. It's just that that slide doesn't say much about their actual decryption capabilities.

joshcryer

(62,242 posts)
104. It's grabbing all plaintext.
Sun Dec 22, 2013, 08:42 AM
Dec 2013

All plaintext. On the entire internet. This is being grabbed. This discussion is likely causing headaches to the automated software.

What they're saying on that slide is obvious, they say on the slide before they can't download everything because there's too much.

 

rhett o rick

(55,981 posts)
77. I never doubted you although I didnt openly support you either. I guess I just
Sat Dec 21, 2013, 04:30 PM
Dec 2013

ignored you. But I will gladly set up a pint of Mongoose IPA for you tomorrow. If you dont show up, it wont go to waste.

KoKo

(84,711 posts)
80. I remember you being one of the few, if not the only one, of our
Sat Dec 21, 2013, 04:42 PM
Dec 2013

DU Tech Savvy who didn't trash Snowden and those of us non-tech savvy who post here who supported him because we knew the NSA's history of spying and figured why wouldn't they be taking advantage of exactly what Snowden has revealed.

Yes you are owed and here's a Toast to You (from someone who welcomed your input).

and

Lifelong Protester

(8,421 posts)
81. I don't know a thing about 'random number generators'
Sat Dec 21, 2013, 04:45 PM
Dec 2013

I am too tech-ignorant. But I do feel that the spying-surveillance thing is out of hand.

And I give you a K & R. I don't think you are nuts, and would gladly attend an anti-NSA rally with you.

 

Spitfire of ATJ

(32,723 posts)
85. I've always imagined a dial where you tune it till,...oh wait,...that's an old TV set....
Sat Dec 21, 2013, 05:47 PM
Dec 2013

Tin foil actually got you a better picture too.

lunasun

(21,646 posts)
89. I thought Cisco was compromised and it now turns out that RSA itself is compromised.
Sat Dec 21, 2013, 07:28 PM
Dec 2013

Beer won't help me at this point.....but thanks

Aristus

(64,882 posts)
99. I miss Random Thoughts.
Sun Dec 22, 2013, 02:11 AM
Dec 2013

And crim son
And Haole Girl
And NewWaveChick
And nuevocat
And sffreeways
And slinkerwink
And God_Bush_n_Cheney - RIP
And GOPisEvil
And Jimmy Jazz

And so many more...

joshcryer

(62,242 posts)
103. RSA is not compromised, FIPS 140-2 is, if Dual EC_DRBG is enabled.
Sun Dec 22, 2013, 08:28 AM
Dec 2013

It's actually likely that Cisco's routers are using Dual EC_DRBG which is why their sales have dropped dramatically and how the NSA has been able to so easily snoop on everyone.

Ever since Dual EC_DRBG was announced almost every sane security person didn't use it. Now EMC's implementation of it defaults to Dual EC_DRBG but that is easily changed by changing a configuration process. Simple, and if you were a sane developer, you'd do it.

What's more important is how the NSA and US government shut down lavabit for providing truly anonymous email. In other words, those who want to provide anonymity, must be forced to do so by the government.



As Bruce Schneier says (one of the original people to break the Dual EC_DRBG, and btw he wasn't afraid to call it that), what the NSA is doing and has been doing is unsurprising and it's good that it's finally out in the open.

hootinholler

(26,449 posts)
114. Yes, I was technically imprecise
Sun Dec 22, 2013, 12:12 PM
Dec 2013

I meant RSA the company. It could be that only one of the protocols are compromised, but at this point RSA as a company is not IMHO trustworthy.

joshcryer

(62,242 posts)
116. Remember, SecureIDs root keys were leaked.
Sun Dec 22, 2013, 02:41 PM
Dec 2013

We're talking about networked systems that allowed 30,000 customers to be affected and L3 and Lockheed Martin were compromised. I think that's when RSA lacked trustworthiness. Not when they signed up with the NSA.

http://en.wikipedia.org/wiki/SecurID#March_2011_system_compromise

At that moment RSA (the company) / EMC should've lost all contracts with the government. For the same reason that if we were serious here if what Booz Allen contends Snowden did then Booz Allen should be summarily fired from working for the government. Forever. Every person who worked with Booz Allen completely ostracized.

(Note: I am not saying what Snowden did was wrong, I am saying that if he pulled off what he did, which I am not certain he did, then that is a huge, major security breach and the corporations who lobbied to get the power to take taxpayer funding and turn the country into a surveillance state should be punished.)

Owl

(3,596 posts)
106. Where did the "beer and travel money" meme come from, and what does it mean?
Sun Dec 22, 2013, 09:14 AM
Dec 2013

I admit I'm stupid on this one.

tavalon

(27,983 posts)
112. A beloved (and by some, not so beloved)
Sun Dec 22, 2013, 12:08 PM
Dec 2013

DUer of old. It's like the tombstoning of Walt Starr. He became far more famous after he demanded to be tombstoned. Or like spelling Moron, "Moran" because of the famous picture. DU loves it's memes and especially loves it's self made memes.

I miss Random Thoughts. He was genuinely mystifying to many of us, myself included, but I'll never forget the many times he demanded beer and travel money. And experiences.

Hence, the reason I clicked on what is a mystifying topic for me. I know the NSA has compromised something and I get that it's about encryption but I wasn't even able to wrap my mind around PGP in the day. I think this is something like that. Or not?

That's one way I know I'm not one of the called outs. I couldn't write a coherent enough post about this topic if my life depended on it.

hootinholler

(26,449 posts)
118. WOW you've been around a long time
Sun Dec 22, 2013, 02:55 PM
Dec 2013

It is indeed a reference to Random Thoughts, who often posted what some consider word salad, but every now and then posted something that would really take you places through abstract profundity.

 

Aerows

(39,961 posts)
117. I'll take some beer and travel money
Sun Dec 22, 2013, 02:43 PM
Dec 2013

because I agreed with you. I even offered my opinion on why that was true, too. So send forth the beer and travel money.

Latest Discussions»General Discussion»Many here are now owed Be...