[Discuss] NSA capabilities

[Richard Pieri]

Tom Metro wrote:
> I haven't looked at reference material to refresh my understanding on
> this, so it may be wrong, but my recollection is that a CA compromise
> would only facilitate man-in-the-middle attacks.

Certificate escrow is the easiest way for a three-letter agency to 
obtain site certificates.


> This strikes me as a wild assertion and I don't follow the logic.
> References?

CRIME and BREACH are examples of SSL side-channel attacks using known 
text to recover session keys. The more text you have, the more text you 
have available for making such attacks.

> Superficially, it sounds like it could be right, as we've all heard of
> attack vectors that make use of known plain text. But the NSA doesn't
> *know* what is in a given document.

But they do. For example, there are static data in every Google account 
sign-in process. If you capture many sessions of SSL-wrapped data and 
compare them to the clear-text data then you can draw correlations 
between known plain-text and the cipher-text. You can then apply those 
correlations to any arbitrary user's sign-in sessions.



> Yeah, but why is that useful? If a repeat[1] occurs every 2^64, and you
> send a high volume of messages, that means the NSA will be able to
> decrypt 2 messages out of 18,446,744,073,709,551,615 messages. That's
> assuming they've brute forced one to begin with.

This assumes a truly random spread. Computers don't do truly random numbers.

-- 
Rich P.