You may have heard speculation that the NSA has secretly broken the strong cryptographic systems used to keep data secret -- after all, why collect all that scrambled data if they can't unscramble it? But Bruce Schneier argues (convincingly) that this is so impossible as to be fanciful. So why have they done this? My guess is that they're counting on flaws being revealed in the cryptographic implementations in the field (or maybe they've discovered such flaws and are keeping them secret). Or they're hoping for a big breakthrough in the future (quantum computing, anyone?).
Right now the upper practical limit on brute force is somewhere under 80 bits. However, using that as a guide gives us some indication as to how good an attack has to be to break any of the modern algorithms. These days, encryption algorithms have, at a minimum, 128-bit keys. That means any NSA cryptoanalytic breakthrough has to reduce the effective key length by at least 48 bits in order to be practical.
There’s more, though. That DES attack requires an impractical 70 terabytes of known plaintext encrypted with the key we’re trying to break. Other mathematical attacks require similar amounts of data. In order to be effective in decrypting actual operational traffic, the NSA needs an attack that can be executed with the known plaintext in a common MS-Word header: much, much less.
So while the NSA certainly has symmetric cryptanalysis capabilities that we in the academic world do not, converting that into practical attacks on the sorts of data it is likely to encounter seems so impossible as to be fanciful.
How Advanced Is the NSA’s Cryptanalysis — And Can We Resist It?
(Image: A Stick Figure Guide to the Advanced Encryption Standard (AES) )
One of UK Prime Minister Theresa May’s government ministers told a reporter from The Sun that the government is planning on invoking the “Technical Capabilities Orders” section of the Snoopers Charter, a 2016 domestic spying bill; the “orders” allow the government to demand that companies cease using working cryptography in their products and services, substituting […]
The TSA will be testing out expanded screening for carry-on electronics larger than a phone and certain food items at selected airports around the country. The new rules come just two days after a major terrorist attack in Manchester, UK, and stepped-up security in response. The TSA says they’re “testing security screening procedures for carry-on […]
1Password has taken Maciej Cegłowski’s demand for a “travel mode” for our technology to heart, introducing a new feature that locks you out of your own accounts when you’re in situations where you might lose control of your devices or be compelled to log into your accounts without your consent.
Boasting an IPX6 waterproof rating, the Trakk Bullet Ultra Compact Waterproof Bluetooth Speaker resists dust and heavy rainfall. It’s currently available in the Boing Boing Store.The Trakk Bullet offers the same wireless convenience as other portable speakers, but few are built as tough as this one. Its utilitarian construction is designed to be a totally low-maintenance […]
The Ticwatch 2 Active Smartwatch is a simpler take on an active wearable that raised over $2m dollars on Kickstarter and is currently offered in the Boing Boing Store.Somewhere in between the single-day battery life and platform-specificity of the Apple Watch and Android Wear devices, there exists the Ticwatch. Instead of trying to shoehorn another […]
Loot Crate is a subscription service that delivers a box of curated pop culture goods to your doorstep. To sample their geeky wares, you can order a single mystery box exclusively from the Boing Boing Store.Each month Loot Crate sends you 6-7 unique items and apparel, including collectibles, books, and t-shirts. Pulling inspiration from all […]