The propaganda against encryption is in full swing.
My expectation is that all NSA CNSA[1] encryption standards are backdoored at the implementation level (by the NSA who uses Suite A for its own communication and I suspect military communications outside of that in weapons systems that can fall into enemy hands)
I guess the propaganda is driven by FBI and law enforcement agencies.
Can someone explain me why this is downvoted ? In my understanding his proposition about NSA is quite close to a popular one and hn seems to allow discussion of hypothesis - if they are more probable than imaginary ?
Is it the word propaganda that patriots dislike ? Not sure if some soviet connotation is involved in US but for me it’s just a synonym of “public lobbying” of “ideology gov marketing”.
I know those subjects can become polemic and I don’t want to throwing oil on the fire, but an “out of debate” clarification would be nice and helpful.
The worst thing about HN (and it does reflect badly on YC as a whole, at least for me) is how they enable people to act in seemingly passive aggressive ways. Instead of stating disagreements, they downvote, and you'll never know why. Just pure crappy behavior. In this case, someone explained below that they downvoted because they don't agree that the article is propaganda and that it calls for less backdoors or something like that as if everything isn't backdoored already, one way or another.
Then you have stuff like BIP39 protecting people's money (cryptocurrency) that can be cracked for $350/hr on GPU rigs. Someone even wrote a how-to.
Current security makes it harder, but not sufficiently harder, to break into systems. I mean... HN crowd is probably high schoolers and non-tech people just out here to argue.
> Then you have stuff like BIP39 protecting people's money (cryptocurrency) that can be cracked for $350/hr on GPU rigs
This doesn't appear to be true (in the sense that yes it is feasible to crack 4-word BIP pass phrases, but all wallets that I'm aware of use at least 6 words, which is estimated to take 11 years for a hypothetical ASIC cracker)
Perhaps you are meaning this attack where someone was able to brute-force 4 words from a 12 words phrase. It matches your $350 cost, but of course is dramatically different to "cracking BIP39": https://medium.com/@johncantrell97/how-i-checked-over-1-tril...
2048 words in 6 positions is simply not enough entropy for the NSA's encryption cracking infrastructure. If it is worth it they'll crack it. The NSA does not use a single ASIC cracker.
Depending on what you accept as an evidence, but this theory is surely supported by precedent(s?) [0]
Just saying “another conspiracy theory” is a cheap shot : conspiracy are bad and should be fought. Theories are a useful process to make knowledge advance. Conspiracy theories are often discussed in an awful way on social medias, can’t HN do better than just downvoted them ?
>It's because it's another conspiracy theory unsupported by evidence.
I'm having a hard time keeping up with it all, it's nuts. But my understanding is that the NSA backdooring protocols is totally supported by evidence? We saw it in the Snowden revelations? RSA being the company nobody will ever trust again?
> backdooring protocols is totally supported by evidence
It's important to be very precise.
I think you might be confusing backdooring specific pieces of software produced by RSA-the-company (specifically things using Dual EC_DRBG) with the RSA algorthim that company is named after, which is included in the CNSA.
Dual EC_DRBG was a bad algorithm which many people had serious doubts about from the start - and indeed it was backdoored by NSA. That is different to the algorithms in CNSA which (as I said earlier) are well regarded by the same security researchers.
There is no evidence (or serious claims) that the RSA-algorithm is backdoored.
get it from the horse's mouth, as they say... instead of baselessly pontificating on HN and not understanding the diff between algorithm and implementation
It was an interesting read, moral to me is not to use Cell Phones for anything illegal. If you do not control the keys, you might as well not bother with encryption.
Even if you control the keys, it does not protect you from vulnerabilities somewhere in the stack. Stuff like thumbnail generation provided by the OS has been used by cyber-criminals in the past to compromise phones by sending MMSes or even third-party messenger apps, and I'd take a guess and bet that at least the Five Eyes government agencies all have a sizeable cache of baseband vulnerabilities.
Technology simply has become far too complex to be reasonably secure, even if you have the financial firepower of being Apple, Sony, Microsoft, Nintendo or Amazon.
If it installs updates without requiring you to specify the desired updates explicitly (i.e. by cryptographic hash), it should not be considered "your" device from a security perspective.
> My expectation is that all NSA CNSA[1] encryption standards are backdoored at the implementation level (by the NSA who uses Suite A for its own communication and I suspect military communications outside of that in weapons systems that can fall into enemy hands)
CNSA / NSA Suite B are pretty much entirely public encryption standards that have stood up to public scrutiny for decades at this point.
They are also approved by the USA to encrypt TS SCI information, why would they approve that if they had backdoors?.
>They are also likely protected against a number of attacks that aren't public
For reference, see DES, where the NSA adjusted the algorithm to protect from a not publicly understood differential cryptanalysis attack. Many people claimed that the adjustment by the NSA was clear backdooring, though we know that was not true.
It was however purposely deficient in the length of its key, allegedly because "it was good enough" and for export reasons, but also because the NSA considered it easy enough to brute force.
Is it the word propaganda that patriots dislike ? Not sure if some soviet connotation is involved in US but for me it’s just a synonym of “public lobbying” of “ideology gov marketing”.
I know those subjects can become polemic and I don’t want to throwing oil on the fire, but an “out of debate” clarification would be nice and helpful.