Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I got a chuckle out of Ned's response, here. You're so certain about what the NSA can't do, so confident that contemporary encryption does anything at all to slow down NSA analysis. I'm not so confident. Just yesterday, a group of researchers published a paper demonstrating that the PRNGs used in contemporary encryption and not as cryptographically secure as the industry has believed. Just yesterday, Google researchers revealed the weakness in their own cryptographic system -- incorrect initialization of the OpenSSL PRNG -- that allowed thieves to steal supposedly cryptographically secure Bitcoins. You think in terms of averages. That's the wrong way to think when it comes to security and cryptography. You need to start thinking in terms of worst cases. NSA supporters claim that PRISM and XKeyscore have prevented terrorist attacks. Yet why wasn't the Boston Marathon bombing detected and stopped? Worst case answer: it was detected, but the Tsarnaev brothers decided to do a "live fire" run for the Marathon at the last minute (the original plan allegedly was to attack the 4th of July concert). This left the NSA without enough time to create a plausible cover story for detaining the brothers. The NSA chose to remain quiet, not tip their hand because a few hundred injured and dead is a tiny price to pay for retaining the secrecy of their signals intelligence. Crazy talk? But that's precisely how US and British intelligence handled Ultra SIGINT during World War II. They never acted on Ultra SIGINT without first creating a plausible cover. And while there was some doubt in the German military leadership about the security of Enigma-coded messages, the German high command had total faith in their Engima machines and the machines' operators. So go ahead. Encrypt everything if it makes you feel better. Worst case? That's all it does. -- Rich P.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |