Hacker News new | ask | show | jobs
by sandworm101 897 days ago
TS information over wifi? Ok. Have fun with that. Im sure it is legally possible somehow, but it just creates a ridiculously large attack surface. And the internal hassles, making sure connected machines are inside defined perimeters ... just run some wires. It isnt like people need to be reading classified stuff on the treadmill.
5 comments
moandcompany 897 days ago
The "NSA-Grade" part mostly comes from the application of AES-256 as a cipher, where specific configurations of AES were approved as "Suite B" (i.e. published algorithm) ciphers suitable for up to Top Secret information.

From https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography

The Suite B algorithms have been replaced by Commercial National Security Algorithm (CNSA) Suite algorithms:

- Advanced Encryption Standard (AES), per FIPS 197, using 256 bit keys to protect up to TOP SECRET

- Elliptic Curve Diffie-Hellman (ECDH) Key Exchange, per FIPS SP 800-56A, using Curve P-384 to protect up to TOP SECRET.

- Elliptic Curve Digital Signature Algorithm (ECDSA), per FIPS 186-4 Secure Hash Algorithm (SHA), per FIPS 180-4, using SHA-384 to protect up to TOP SECRET.

- Diffie-Hellman (DH) Key Exchange, per RFC 3526, minimum 3072-bit modulus to protect up to TOP SECRET

- RSA for key establishment (NIST SP 800-56B rev 1) and digital signatures (FIPS 186-4), minimum 3072-bit modulus to protect up to TOP SECRET

link
bryancoxwell 897 days ago
The CSfC program defines a WLAN “capability package”[0] for just this purpose.

[0]: https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...

link
radicaldreamer 897 days ago
Does the NSA use WiFi at all other than for clandestine collection systems in the field?
link
Rebelgecko 897 days ago
Yeah, they put out an article a few years ago talking about how a limited number of SCIFs have WiFi now
link
sandworm101 897 days ago
Do they broadcast an SSID? They can't have "NotYourSCIF". That's my home network. Someone else is the building is using "FSB_BugsNet". Another local one i see is "CEyeA".
link
Rebelgecko 897 days ago
To be compliant with NSA TEMPEST regulations, the SSID has to be set to FBI_SURVEILLANCE_VAN_69
link
sneak 897 days ago
SCIFs are already shielded for EM, so any Wi-Fi inside of them shouldn’t make it outside of them anyway.
link
forward1 897 days ago
It's not official until you change the MAC OID to 00:20:91 as well.
link
NoZebra120vClip 897 days ago
WiFi and other wireless protocols seem like an elaborate, yet wildly successful, plot to make consumer comms as insecure as possible.
link
wannacboatmovie 897 days ago
Erroneous assumptions, half-truths, and a clickbait headline have historically never been a barrier to getting to the top of "Hacker" "News".
link
forward1 897 days ago
The title should be enterprise-grade Wi-Fi because the idea of closed-source, foreign-made COTS APs trafficking classified data is hyperbole only.
link