How The NSA Works Hard To Break Encryption Any Way It Can
from the brute-force dept
Spiegel has published a detailed article, relying mostly on documents that Ed Snowden leaked, looking at the many ways in which the NSA breaks encryption (and the few situations where it still has not been able to do so). As we’ve seen from previous leaks, the NSA stupidly treats encryption as a “threat.”
As the report notes, the NSA has the most trouble around open source programs, because it’s much more difficult to insert helpful backdoors:
Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism — an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple — show that the NSA’s efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.” This shows that OTR at least sometimes makes communications impossible to read for the NSA.
When it comes to non-open source systems, well, there the NSA has its ways in. In fact, the NSA seems rather proud of the fact that it can make “cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable.”
The NSA also has apparently been able to crack HTTPS connections, and does so regularly:
The NSA and its allies routinely intercept such connections — by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to “detect the presence of at least 100 password based encryption applications” in each instance some 20,000 times a month.
HTTPS is still a lot more secure against non-NSA-level hackers, but it certainly shows that it’s not a perfect solution.
Another big reveal: the NSA has the ability (at least some of the time) to decrypt SSH (Secure Shell) which many of us use to access computers/servers remotely.
There’s lots more in the article and in the many, many included documents (just a few of which are shown below). It’s well worth reading.
However, the key point is that the NSA is working very, very hard to undermine key encryption systems used around the internet to keep people safe. And rather than sharing when those systems are cracked and helping to make them stronger, the NSA is exploiting those cracks to its own advantage. That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn’t even remotely close to true.
Filed Under: encryption, gchq, nsa, otr, pgp, ssh, ssl, surveillance, zrtp
Comments on “How The NSA Works Hard To Break Encryption Any Way It Can”
Self-delusion and Arrogance
That may not be a surprise, but for years the NSA has insisted that it is helping to make encryption stronger to better protect the public. The revelations from this article suggest that isn’t even remotely close to true.
The problem is, you’re not thinking about it from their point of view. To a ‘good employee'(that being any worker who is obedient and ‘patriotic’ enough to do what they are told) at the NSA, the agency is, without a doubt, at the very top of the list of ‘Good Guys’. And since ‘good guys’ can never do wrong, than anything they do is, by default, ‘good’.
Given they are breaking encryption in order to further their own efforts, and they are, remember, ‘The Good Guys’, then it follows that breaking encryption is a ‘good’ action in their minds, since ‘Good guys’ don’t do ‘bad things’.
Adding to the disconnect with reality, there’s also a massive case of arrogance, where the idea that any individual or group could ever employ similarly skilled and intelligent individuals is seen as laughable. They’re the NSA after all, with incredible resources in manpower, money, and skill, clearly even if they can spot and take advantage of a security weakness, it doesn’t mean that anyone else can, and that means there’s no need to fix it or not introduce it.
(The fact that the above is not even remotely close to reality is rather beyond them, due to the previously mentioned arrogance)
So between the self-delusion and arrogance, it’s no wonder they see nothing wrong with weakening security globally, to them, they’re still the Good Guys, and anything they do is also ‘Good’, despite reality saying otherwise.
Re: Self-delusion and Arrogance
So, the NSA is the US Government equivalent of WWE tag-team faces?
Re: Self-delusion and Arrogance
Re: Self-delusion and Arrogance
I don’t mind them attempting to break encryption, but I don’t like them creating back doors.
Say what?
“… major threat to the NSA’s ability to… defeat adversary malware…”
Thought their job was to create adversary malware.
Re: Say what?
‘Adversary’ in this case is simply ‘Not created by the NSA’. Malware they create isn’t a problem from their point of view, even if it clearly is for everyone who has to deal with it.
Re: Say what?
Must be a typo
If you are innocent
If you have nothing to hide, you have nothing to encrypt.. Right?
Re: If you are innocent
By that logic, whilst a criminal uses encryption, so does the guy looking at porn behind his wife’s back!
Re: If you are innocent
I guess corporations and governments have nothing to hide either……right?
Re: If you are innocent
Y’know, as a consultant, almost every one of my clients makes me sign an NDA (non disclosure agreement)promising Draconian penalties if I disclose their valuable secrets to a third party. Yet when I offer them my public key and ask for theirs, they look at me in blank surprise. They have no concern about sending their valuable secret drawings and business plans in plain text on unencrypted email.
So I guess innocence isn’t about having nothing to hide. It’s about being completely fucking clueless.
Re: If you are innocent
… assuming you’re innocent, please post a publicly accessible link to your webcam, while already having pulled off your clothes. Shouldn’t be much of a problem, i guess …
>OTR, PGP, ZRTP are secure
The only problem is getting other people to use them…
also…
Also, Jacob Appelbaum and Laura Poitras gave an accompanying talk yesterday at 31c3 that has now been posted to Youtube…
https://www.youtube.com/watch?v=0SgGMj3Mf88
Most people who have worked with IPSec (or were paying attention when it was created) will be extremely willing to go on and on about just how insanely difficult it is to set up IPSec properly.
There was a theory that the NSA was actually responsible for this – they couldn’t undermine the crypto itself and so instead they pushed the design to be overly complicated and have as many extremely nuanced options as possible where only a few combinations would validly produce secure communications. There are several companies and products entirely built around doing the IPSec configuration so customers don’t have to.
Regardless, I would still suggest that if IPSec is crackable by the NSA, it is not an inherent weakness in IPSec’s cryptographic groundings but in all odds human error that is giving them a way in.
Re: Re:
For whatever it’s worth, I’m a network engineer who’s set up a large number of IPSec connections and I strongly concur. Additionally, I’m really curious as to the details of cracking SSH. I’d be willing to wager that the sessions they’re able to crack use small key sizes.
Re: Re:
That sounds like something i already thought they would do
Re: Re:
“Most people who have worked with IPSec (or were paying attention when it was created) will be extremely willing to go on and on about just how insanely difficult it is to set up IPSec properly.”
This. This is the primary reason that I don’t really trust IPSec. It’s far too easy to get it wrong.
VeraCrypt
The Spiegel article notes that TrueCrypt posed major difficulties for NSA, but that’s only NSA level 4. NSA Level 5 is 100% unreadable by NSA.
The open-source TrueCrypt project is now continuing as the new open-source project VeraCrypt at https://veracrypt.codeplex.com/. Security improvements have been implemented and issues raised by the TrueCrypt code audit just before the TrueCrypt developers retired have been addressed. The 1.0e version is the current stable release, and the upcoming 1.0f version is currently in its third beta release. Both are available for download right now at https://veracrypt.codeplex.com/releases/view/132239
VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. “Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt”.
A vulnerability in the bootloader was fixed on Windows and various optimizations were made to it as well. The developers added support for SHA-256 to the system boot encryption option and fixed a ShellExecute security issue as well.
Linux and Mac OS X users benefit from support for hard drives with sector sizes larger than 512. Linux on top of that got support for NTFS formatting of volumes.
The VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage format due to VeraCrypt’s security improvements. VeraCrypt believes that the old TrueCrypt format is too vulnerable to NSA attack and that it must now be abandoned – this is the philosophical point of difference between the VeraCrypt project and the competing Ciphershed project (CipherShed is staying with the old TrueCrypt format). A tool to convert TrueCrypt volumes to VeraCrypt format is being developed but is not yet available, so currently the conversion method involves copying unencrypted files from the (opened) legacy TrueCrypt container into the new VeraCrypt container.
http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html – VeraCrypt a Worthy TrueCrypt Alternative
http://www.ghacks.net/2014/12/04/a-second-look-at-veracrypt-an-unofficial-truecrypt-successor/ – A Second Look at VeraCrypt – An Unofficial TrueCrypt Successor
Re: VeraCrypt
That actually sounds like an advert by an NSA analyst.
Re: Re: VeraCrypt
It is listed as being open source, which apparently annoys the NSA to no end, so there is that in defense of the comment, assuming the open source bit is accurate.
Re: Re: Re: VeraCrypt
Seems the source code is available https://veracrypt.codeplex.com/SourceControl/latest
I don’t have the tech expertise to see if it is the code being used but I guess it’s ok.
Re: VeraCrypt
I’m still very, very suspicious of TrueCrypt and avoid it. I never got a good explanation for why the original authors advised everyone away from it. Until I know more, I’ll take them at their word.
VeraCrypt
VeraCrypt needs a Wikipedia page – any Wikipedia experts here who can do this?
only 6000 tor nodes
I’ve toyed with starting up a tor node – just to be a good netizen. But 6000 is a manageable number for targeted attacks. If I start up a node, am I inviting every government in the world to compromise my network?
Hens, meet Fox
“…for years the NSA has insisted that it is helping to make encryption stronger to better protect the public.”
See that fox hanging out by that hen house? He’s just trying to protect the chickens. Honest!
Is it Just me??
3 letter agencies destroying the very thing, they claim to be protecting, is starting to become the norm!
Re: Is it Just me??
No, it’s not just you, they’ve been doing that for a good while now.
Re: Is it Just me??
“Claim” is the word. 3 letter agencies are big liars.
Re: Is it Just me??
If it was’nt the norm, then i’d be hard pressed to explain the global rise in pissed off people
Wouldn’t it have been more helpful if Techdirt had been writing about the NSA back before the NSA broke off its “arrangement” with Google?
Yeah, that would have been nice.
Re: Re:
Oh, you mean before the Snowden leaks, where any discussion of what they might be doing could be easily dismissed as paranoia or baseless conjecture? Yeah, can’t imagine why they didn’t jump on that opportunity… /s
Re: Re: Re:
Put your tinfoil hat back o……..oh wait, i cant use that anymore
Even if they can decrypt some of the encrypted alternatives out there (that haven’t got backdoors) they need horsepower to do it. If the usage is widespread at the very last we can make it hurt financially to grab them all.
Re: Re:
And that, really, is the best that can be attained realistically. If a government agency, Intelligence or otherwise, really wants to know what’s in the emails, calls, or other communications you’re sending, they will be able to do so. It might take them a little bit of time and effort, but if they’re really that interested in you, they will manage it.
Encryption doesn’t really do squat there. It’ll slow them down a bit, but that’s about it. What encryption does do, is make them work for it. If they have a real reason to be looking into your data, then that work will be seen as worth it.
However, if they’re just curious, or ‘merely’ trying to scoop up everything they can, ‘Just in case’, then that extra bit of effort might very well be enough to keep your communications private, as they only have so many resources to spend, and using them to decrypt random bits of data is something they would have trouble justifying.
It’s almost funny when you think about it, encryption’s main use is to protect the innocent, completely turning on it’s head the argument used against it, the ever so popular, ‘If you’ve done nothing wrong, you have nothing to hide’. In the case of encryption, hiding won’t do you much good if you’re guilty, but if you’re innocent, it will do quite a bit in protecting you.
Re: Re: Re:
I wouldn’t say it’s completely breakable. There are protocols out there that are still secure even though I can’t name ’em. But eventually everything will be breakable given enough horsepower and we know computers will always get to this tipping point.
The solution here is to keep improving the existing solutions and develop new ones to keep up with the pace. I particularly like the name the dev gave to PGP. Encryption is pretty good bu never perfect. In this case perfection is achieved by constant evolution and openness.
Re: Re: Re: Re:
What about a system built upon detection, if thats even possible…….i think one of the biggest reasons these abc criminals really want this, is because its essentially undetectable by non techies, if even techs themselves
Re: Re: Re: Re:
That depends on what you mean by “breakable.” Many of the current algorithms are essentially unbreakable in that if you had every computer in existence working on them it would still take longer than the existence of the universe to brute force them. Whether this results in absolute security, however, depends upon a large enough key, the key being random, the software implementation of the algorithm not containing exploitable bugs, etc. Those are mighty big assumptions. But if you’re reasonably smart about crypto and use reasonable practices, you can encrypt things now and through the foreseeable future which neither the NSA nor anyone else will be able to read by breaking the encryption. That doesn’t mean the NSA won’t get your communications, however. A key can get compromised. In order for your recipient to read the message, they have to decrypt it and the system doing the decryption can be compromised and the plain text exposed. Etc. In other words, there are many avenues of attack other than just breaking the encryption and the NSA is quite good at all of them. So if you’re saying that any communication can conceivably be compromised, then yes, I agree. But if you’re saying that any method of encryption can be directly broken given enough computer horsepower, then I’d strongly believe that to be incorrect. If it IS correct, then the NSA has made some startling and revolutionary advances in the field of mathematics which would shock the world.
Re: Re: Re:
Yes, but you still have to think about what their variable definition of “worth it” entails……..and depending on the definition aswell as the illegality of the implementation of an illegal system, they’ll be basically running in the same capacity as criminals, while all thats done by folks, is, lets make it more difficult
Dont get me wrong, i apply to the ideaology of “somethings better then nothing”, but i hope thats just a pre-cursor to real change on their end, either honest remorse as opposed to more lies…..or forced by a nation
Re: Re:
“If the usage is widespread at the very last [sic] we can make it hurt us financially to grab them all.”
FTFY – since this is tax funded agency.
Re: Re: Re:
If the public is going to be paying either way, I’d rather the cost be measured in monetary terms than privacy ones. One of those is replaceable, the other isn’t.
Re: Re: Re: Re:
If the public is going to be paying either way, I’d rather the cost be measured in monetary terms than privacy ones. One of those is replaceable, the other isn’t.
But if all we do is make it more expensive for the NSA to spy on us, we’re being hurt in both ways. We’re paying them even more to take away our privacy.
Re: Re: Re:2 Re:
Well, ideally they would be shut down, or at least forced to stop trying to screw over the public every which way they can think of, but until that happens, making their job more difficult, and hopefully protecting the privacy of people who would have had their information scooped up, listed, categorized and stored, is about as good as the public can manage at this time.
Re: Re:
“widespread at the very last we can make it hurt the Tax Payer financially to grab them all.”
FTFY
HTTPS
HTTPS is still a lot more secure against non-NSA-level hackers, but it certainly shows that it’s not a perfect solution.
Anybody know if there’s work on a more secure protocol?
Re: HTTPS
There’s a lot of thought about such a thing, but it’s an incredibly hard nut to crack — and would be even harder to get websites to adopt whatever the solution would be. Look how insanely long it’s taken just to get websites to use HTTPS!
Right now, it looks like the path of least resistance may be a solution based primarily on IPv6 and DNSSEC, but having those baseline technologies in place is still years away.
Re: HTTPS
HTTPS, when implemented properly with strong algorithms, strong key sizes, sufficient entropy pools, and a cryptographically secure pseudorandom number generator, on hardware and software without backdoors, is plenty secure.
But that’s a lot of caveats to avoid, and most people either can’t be bothered or have to have a less secure fallback (particularly in algorithms) for compatibility with legacy software. Even Microsoft recommends that RC4 be dropped, yet it’s still widely used in HTTPS, even with clients that support newer, more secure algorithms.
Re: Re: HTTPS
Doh, forgot about the certificate authority chain.
Ignore the preceding post; even if all the configuration details are correct, the authority chain is still vulnerable.
Terrific article from der Spiegel!
I read this article a couple of days ago, and since then I’ve been pretty much stumbling around stupified. I wander into another room and five minutes later find myself standing up against a wall wondering how I got there and when. Where the hell did all this totalitarianism come from all of a sudden? IPSec and ssh cracked?!?
I don’t see this stuff when I go outside my little apartment, but it seems everywhere I go on-line is wrapping me up in a tight ball coated with an amalgam of NSA + Nazi SS + Soviet KGB + MI6 + Orwell’s 1984 + … outright and blatantly assaulting each and every one of us every second we’re on-line. The VPN that recent employers put in place to secure their networks and my and others’ work on them was all just a charade. Every time I logged into on-line banking was no more secure and private as clear text to any potential totalitarian prying eye control freak.
Who the hell is pulling the lever here, and why are they pulling it, and why are they getting away with this? Whose crazy idea is it that life is supposed to be like this?
I believe the article also pointed out the crackers still have trouble with tor (I’m not sure whether you mentioned it). Good! Get everyone you know up to speed on it as fast as they can, before it’s too late.
I’m assuming it’s not already too late. It’s all we appear to have left.
Re: Terrific article from der Spiegel!
“IPSec and ssh cracked?!?”
The documents don’t actually indicate that these have been cracked. They indicate that they have often been circumvented by the NSA obtaining private keys. IPSec should, as always, be avoided simply because it’s easy to configure it wrong (rendering it vulnerable), but SSL itself is still apparently mathematically solid. The lesson I take is what we’ve already known: don’t trust any communication where you have to trust a third party to keep a secret.
Glad I use OpenVPN instead of PPTP or IPsec. It’s good to know Phil Zimmermann’s PGP and ZRTP encryption designs still appear secure.
HTTPS has the potential to be secure too, if it didn’t rely on centralized certificate authorities. The big worry is a Certificate Authority’s signing key being stolen or handed over voluntarily. If your web browser trusts that Certificate Authority’s signing key, you’re toast.
At which point nation-state sponsored man-in-the-middle attacks can deployed, using that Certificate Authority’s signing key to sign any website address they want.
Allowing them to redirect web surfers to NSA HTTPS website proxy servers posing as a legitimate website. These HTTPS proxies sit in the middle of the connection, decrypting and logging all data before finally forwarding it on to the legitimate website.
I believe TURMOIL is the NSA exploit running these man-in-the-middle HTTPS attacks, by intercepting “CA Service Requests”. As illustrated in this NSA slide. TURMOIL sits between the client, web server, and Certificate Authority. Acting as a man-in-the-middle proxy.
https://en.wikipedia.org/wiki/File:NSA-diagram-001.jpg
When a client requests the public key for TechDirt.com, TURMOIL returns a public key for the NSA proxy server instead. The client believes the NSA proxy server’s public key belongs to Techdirt.com, because it’s signed with a Certificate Authority’s signing key trusted by the client’s web browser.
Thanks mvario, for posting the link for Laura Poitras and Jacob Appelbaum addressing the Chaos Computer Club on YouTube. Their talk goes into really deep details about how intelligence agencies are creating dossiers on people. They actually present a FISC document detailing the content captured from people’s communications.
https://www.youtube.com/watch?v=0SgGMj3Mf88
VeraCrypt's Wikipedia page is up!
https://en.wikipedia.org/wiki/VeraCrypt