1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Snowden leaks point to cryptography backdoors

Discussion in 'Article Discussion' started by Gareth Halfacree, 6 Sep 2013.

  1. Gradius

    Gradius IT Consultant

    Joined:
    3 Feb 2009
    Posts:
    284
    Likes Received:
    1
    As for Gmail, just register a domain, even if is dynamic IP you can use noip.com, opendns, etc.

    Then just install an e-mail server on your "open source" will be enough to drop gmail forever. About android it would be a bit more secure by using Firefox (drop Chrome forever!) and your e-mail server.
     
  2. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    HDCP isn't "High Definition Content Protection"; it's "High-bandwidth Digital Content Protection". http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection

    To be honest I don't much care what the NSA can see about my online activities - I'm not doing anything they'd be likely to take an interest in; and as for anyone who IS doing something they'd be interested in, to be honest I'm quite glad that their communications may not be as secure as they'd thought. The problem is if the back doors fall into the wrong hands. I'd really prefer my credit card details to remain out of the hands of thieves, thanks all the same. And you can be damn sure that these latest allegations from that idiot Snowden are going to have sent many misanthropic, but talented, hands to work trying to work out the secrets to the purported back doors.

    Because, of course, there is absolutely no risk whatsoever that a Chinese company would be coerced by its own government into doing exactly what you describe, what with China's flawless track record on transparency, freedom of information and espionage.

    No obligation to use the RNG in an "Acumen" chip, of course - OSS developers are perfectly at liberty to code their own RNG seeded by any convenient entropy source. Sampling a large enough amount of network traffic should do the job.

    Isn't the problem though that the SSL layer covering all your supposedly secure internet traffic may be compromised? If (say) Amazon is using an SSL certificate generated by compromised code, then anyone with access to the back door to said code could feasibly crack Amazon's SSL certificate, and from that obtain details of any credit card transaction on which they can snoop on the ciphertext, thereby obtaining credit card information regardless of whether the user is using a system which is itself affected by any such back door?
     
    Last edited by a moderator: 8 Sep 2013
  3. GravitySmacked

    GravitySmacked Mostly Harmless

    Joined:
    2 Mar 2009
    Posts:
    3,933
    Likes Received:
    73
    Wouldn't it be easier to use multi-quote?
     
  4. DC74

    DC74 Doh!

    Joined:
    4 Jan 2011
    Posts:
    71
    Likes Received:
    2
    And when the governments are asked about such things they always rely on either of the following excuses.

    1. We're doing this for your own protection to prevent terrorists from coordinating attacks.
    2. It's a matter of National Security.(which is a broad term meaning we can get away with anything).

    You have to love democracy, the illusion we are free to make our own choices and have power over our own lives. Honestly the more things change, the more the state becomes like in George Orwell's 1984, scary isn't it!
     
  5. Nexxo

    Nexxo Queue Jumper

    Joined:
    23 Oct 2001
    Posts:
    33,626
    Likes Received:
    1,275
    The future is amongst us.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,708
    Likes Received:
    1,977
  7. debs3759

    debs3759 Was that a warranty I just broke?

    Joined:
    10 Oct 2011
    Posts:
    1,769
    Likes Received:
    92
    I had to sign up to gmail for something standard on my android device. Have never used it for anything, or told anyone I have the gmail email, yet it still got hacked less than 6 months after getting the phone!
     
  8. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,354
    Likes Received:
    331
    I think its safe to say nothing on the internet is secure, or safe from being hacked.
    Its just a sliding scale of how easily third party's can access your data, imho the cloud and other online based accounts being the least secure.

    Google scans all Gmail traffic to target advertising, and argues for right to continue scanning Gmail
    And the NSA has apparently spied on Smart Phone Data since 2009.

    If your data is that important you wouldn't trust sending it on a network open to the entire world.
     
  9. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    Probably, if I had thought of all the things I wanted to quote on simultaneously. I commented on things as I read them. No big deal. Seems an admin has kindly tidied all my posts into one.
     
  10. faceplant

    faceplant New Member

    Joined:
    25 Mar 2011
    Posts:
    34
    Likes Received:
    0
    Whilst working for a rather large corp in the banking sector creating encryption methods many moons ago with the folks at Oakley and Benhall (I think that's where it was) (nowadays...the shiny doughnut people) a little story emerged......

    in the 90's the US gov intercepted files being sent from a company in the UK to its US counterpart.....the US gov could not crack the encryption. From that point both UK and US govs passed laws that encryption methods should have backdoors.
     
  11. Adnoctum

    Adnoctum Kill_All_Humans

    Joined:
    27 Apr 2008
    Posts:
    486
    Likes Received:
    31
    The First Rule of the NSA's Bullrun Cryptographic Club is "Do not ask about or speculate on sources or methods."
    The Second Rule of the NSA's Bullrun Cryptographic Club is "DO NOT ask about or speculate on sources or methods."
     
  12. Adnoctum

    Adnoctum Kill_All_Humans

    Joined:
    27 Apr 2008
    Posts:
    486
    Likes Received:
    31
    Not to rain on the unbiased logical arguments of the cool-headed and well known friend of Big Business Richard Stallman, and I'm not going to say that it is beyond the realms of the possible, but it would take massive balls on "Acumen's" part to risk their entire company on the whims of the NSA/US Government. Especially doing something that would be very vulnerable to being audited, discovered, exposed and then have all manner of effluent hitting various cooling devices in every market on the planet.

    What would be the pay off for Acumen? A truck load of money they don't need (ACRONYM is more likely to want that blinged up truck)? Relief from spook-related arm twisting? Some sweet government contracts they are already getting? Some political mutual loving?

    What would be the pay off for the NSA/US Govt? Access to something they can't already brute force, bribe, subvert, legislate, criminalise or otherwise glean with their contractor (Google et al) supplied analytic programs? Is there such a mythical beast?

    What is the risk for Acumen? If they are caught with subverted RNG and crypto logic they are f**ked. No "ifs" or "buts". This is the end of Acumen as a supplier than can be trusted to process and transport encrypted data. There would be customer boycotts and I have no doubt import bans on the national level. Can you see the EU/Russia/China/India/me/you being all laid back about it? Hell no.

    What is the risk for NSA/US Govt? How about the biggest security flaw ever introduced into a secure communications network, sitting there bubbling away like a massive subterranean super-volcano and waiting for someone to discover, bribe or blab all about it? You think the US Govt will use some special "fixed" batch of Acumen chips. Nope, all of the US Govt's computers will use the same borked commercial chips to secure and transmit the US Govts most sensitive alien-probe secrets.

    Further risk to Acumen is how hard it would be to do and not have someone spill the beans. It is not a software backdoor that could be injected fairly easily and silently. A hardware backdoor would require a lot of people being "in the know" from Acumen and the NSA, both inside and outside the US, and it would require that many people outside these organisations also keep their mouths shut. People such as their rival, ACRONYM, who might have a financial interest in getting Acumen in hot water. People such as those pesky foreign governments and their communist electron microscopes and socialist x-ray machines. People such as a scientist who wonders why their research data isn't turning out quite as they expected and decides to investigate the anomaly.

    The good news is that you don't have to use Acumen's RxRAND if you are a Linux user, and the code is fairly open to inspection and modification. Too bad if you are speedballing on MS's gravy, that's a closed shop, man.

    TL:DR Version.
    Basically, my argument is that Acumen and the NSA would have to require a lot of people who aren't involved in The Big Secret to keep their blabbing mouths shut and/or not try to exploit it against the US Govt.
     
  13. ferret141

    ferret141 Well-Known Member

    Joined:
    18 Oct 2010
    Posts:
    1,311
    Likes Received:
    36
    I try not get involved in conspiracy theories as nothing is absolutely impossible. You could go crazy/paranoid in following and believing them all. I would rather just get on with life.

    I feel it comes back to the longest running theory of a Bilderberg Group/Illuminati group who operate the world. They supposedly puppeteer/own governments and mega corporations. Having all these back doors makes staying in control easier.

    As for keeping secrets. People have lost their lives to silence for less.


    Sorry I didn't write a well thought out argument but I'm under the weather.
     

Share This Page