You may have heard speculation that the NSA has secretly broken the strong cryptographic systems used to keep data secret -- after all, why collect all that scrambled data if they can't unscramble it? But Bruce Schneier argues (convincingly) that this is so impossible as to be fanciful. So why have they done this? My guess is that they're counting on flaws being revealed in the cryptographic implementations in the field (or maybe they've discovered such flaws and are keeping them secret). Or they're hoping for a big breakthrough in the future (quantum computing, anyone?).
Right now the upper practical limit on brute force is somewhere under 80 bits. However, using that as a guide gives us some indication as to how good an attack has to be to break any of the modern algorithms. These days, encryption algorithms have, at a minimum, 128-bit keys. That means any NSA cryptoanalytic breakthrough has to reduce the effective key length by at least 48 bits in order to be practical.
There’s more, though. That DES attack requires an impractical 70 terabytes of known plaintext encrypted with the key we’re trying to break. Other mathematical attacks require similar amounts of data. In order to be effective in decrypting actual operational traffic, the NSA needs an attack that can be executed with the known plaintext in a common MS-Word header: much, much less.
So while the NSA certainly has symmetric cryptanalysis capabilities that we in the academic world do not, converting that into practical attacks on the sorts of data it is likely to encounter seems so impossible as to be fanciful.
How Advanced Is the NSA’s Cryptanalysis — And Can We Resist It?
(Image: A Stick Figure Guide to the Advanced Encryption Standard (AES) )
I use and love Waze every day to make driving in Los Angeles manageable for me. I still use it despite periodic bursts of tech news reports that the app leaves me vulnerable to security attacks and surveillance.
The Electronic Frontier Foundation just filed comments with the FDA in its embedded device cybersecurity docket, warning the agency that manufacturers have abused the Digital Millennium Copyright Act, threatening security researchers with lawsuits if they came forward with embarrassing news about defects in the manufacturers’ products.
Apparently America’s spy agencies have a seven-year plan for cryptographic adoption: James Clapper, the Director of National Intelligence, has credited Edward Snowden with the acceleration of commercial adoption of encryption by 7 years.
Isn’t it about time to stretch what your Mac can do? I mean, you’ve got plenty of great programs now…but don’t you think you could use some new tools to get your creative, analytical and organizational juices really flowing? It’s spring, so we cleaned up a whole bunch of super-cool apps lying around and packaged […]
In the world of app development, there’s no greater arena to find success than with Android users. About 80% of the smartphones in use today worldwide operate on the Android operating system, so if you build a great app that Android users love, you’re an international rock star. You’ll be able to make sure your […]
Unless you’re a programmer or webmaster, the term SQL probably doesn’t mean much to you. But for those looking to understand more about how and why the web works the way that it does, know this – SQL and its process of managing and presenting large data sets is everywhere…and it’s the most in-demand programming […]