On Mon, Sep 9, 2013 at 9:53 AM, shawn wilson <ag4ve...@gmail.com> wrote: > > On Sun, Sep 8, 2013 at 8:20 PM, Joel Rees <joel.r...@gmail.com> wrote: >> >> On Mon, Sep 9, 2013 at 3:27 AM, <lati...@vcn.bc.ca> wrote: >> > Hello list. >> > What do you think about it? >> > >> > https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html >> >> "Those that didn't know about it were gobsmacked." >> >> If any of that surprises you, you haven't been paying attention. >> > If you even vaguely understand te math behind hashing and pki, you're > amazed.
Why? They aren't saying that they are beating the primes. They're saying they're sugaring them and finessing them. Erk. Non-technical terms there. Some big primes are easier to beat that others. If you get constants that push towards the easy ones into the standards, you've made your job a lot easier. Like putting sugar in the other guy's tank at the race track. And, of course, it's usually going to be easiest of all to just go brow-beat a few people at the big ISP until someone vulnerable gives in and spills the secret passwords. Which pretty much sums up all the biggest breakthroughs they've had. The rest is just wasting taxpayer money on more hardware, and more hardware is what brings the algorithms poisoned by weak constants into hitting range some of the time. > That quote was talking about foreign intelligence analysts that were > being read into the program (I didn't read Schneier, but from other articles > with the same quote). I assume that was referring to people that know a > thing or two about how this stuff works. Funny, I'd assume it was not. People who understand are interested, and people who are interested understood what the news articles meant ten and twenty years ago as this played out. The only people who were gobsmacked were the ones who weren't paying attention. > I'd *love* to know w Give it a study. It's not as hard as it looks. Just takes a lot of computing power. >> But keep your nose clean. Don't be a target. >> > And here I thought this was a technical list? Counselor, I keep having > sexual thoughts about my mom, help? Rediculous. Sexual thoughts about your mom aren't going to make you a target. Putting a webcom in your mom's bedroom and publishing it to your blog is going to raise flags. Do I need to explain further? >> Anything that must be private, keep it off the internet. >> > So, you're recommending that all business stop? If you have a business and you have been putting your customers' credit card numbers in a VB database app exposed to the web, yeah, you should pull out the plug and get that off the web until you can at least set up appropriate firewalls and VPN as necessary. The you need to find better solutions, because you can assume that the NSA has a backdoor to your system today, and that backdoor could easily fall into the hands of someone unscrupulous tomorrow. >> Develop a good relationship with God, by whatever name you call That >> Ultimate Entity, because that's going to be your only help in the end. >> > Unless your God can calculate primes and do long devision faster than my > God, I fail to see how either has any room in any discussion of this nature. There is one ultimate reality, and it knows all the prime factors of all the keys. If your god is not that ultimate reality, get a better God. > As per some semi-sane thoughts on the issue, I think most of it is > impressive. If you understand what they've done and are still impressed, you are easily impressed by things that don't matter in the end. > The database of private keys is totally awesome (ie, I wish I > had it) What good, ultimately, would it do you? > - I want to make malware that Windows thinks is a keyboard driver, That's not that hard to do. What would be your purpose? > ok create a cert (burn the private one as they'll change it ASAP after) If you have the keys to make the cert, all you're doing is proving you can follow a recipe. > and > plunder. What good does this do you? Do you live in a country with a repressive government where such a thing would help overthrow the corrupt government? Do you plan on using it to take down the NSA? I assume that you understand that stealing money is just postponing your problems, and that stealing people's pictures of themselves in compromising situations is just setting yourself up to get in trouble. Using other people's data is a good way to make yourself a target. > This femtocell, VPN solution, iPhone sync, vehicle sync (or > automation), etc has a pre-generated key and I want to control it - lets go. You and whose army? The minute you use that to even do a little harmless mischief, you've made yourself a target. > They mentioned that those keys were obtained sometimes by breaking into > companies. I've got a minor issue with that as it makes our argument that > China is being evil by hacking American businesses a bit less richus since > we're obviously doing it. Minor issue? You speak as if you are a US citizen and you speak of what is essentially burning your country's Constitution on the floor of the NSA as a minor issue? > I've got *serious* issue with the NSA weakening crypto standards. If you say this, why do you say that what they did is so impressive? Finesse a few company people with personal vulnerabilities and get a huge machine financed with empty promises to politicians scared of being voted out of office more than anything else from "9/11", and the rest is just watching the numbers grind. > This is > like writing about the hand of God in a study about evolution red herring > - I don't care > what you believe - don't tarnish scientific research with shit. And here, > don't tarnish crypto research with shit - I don't care about your end goal - > it shouldn't be worth getting in the way of science for. If you don't understand that there is a reality outside of yourself, you're going to have a hard time understanding why what the NSA is doing here is wrong. And you're going to have a hard time understanding how to protect yourself from what they are doing. I don't care if you call that God or Ultimate Reality or The Ultimate Entity or just plain reality. You have to understand that there is something real outside yourself before you can properly analyze what to protect in your system and how. -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caar43im7s2rgvyy+jdfvqnx54zs9cdq8vch-06ducf0leak...@mail.gmail.com
