Hacker News new | ask | show | jobs
by s_q_b 4721 days ago
I think NSA is cognizant of the fact that they could lose the FISA authorization to collect from endpoints at the internet services sometime soon, while they're more likely to retain access to the backbones.

It's bass ackward, since access to the trunk lines lets you read everything. However, most people don't understand what internet backbones are. They do know what PRISM, Facebook, Yahoo, and Google are.

As such, I can see HTTPS providing some limited security from dragnet surveillance, but it certainly wouldn't help if you caught their attention. Remember, NSA can straight up break weak encryption, and SSL/TLS is probably in that category.
1 comments
voltagex_ 4720 days ago
I think the ability to break SSL would be a major trump card that wouldn't be shown that easily - can you cite any sources?
link
s_q_b 4720 days ago
First, FBI cracked 512-bit disk encryption in a recent case, seemingly with NSA help, so it seems they've got some pretty powerful brute forcing capabilities. SSL is generally only 256-bit. http://www.fiercecio.com/techwatch/story/fbi-cracks-encrypte...

Second, since some sites don't use Diffie Hellman key exchange (which provides for perfect forward secrecy), they don't even need to work that hard. They can just grab the keys in transit.

Third, with a MITM attack, you can just drop in a box that makes SSL connections on both ends transparently. Therefore neither endpoint knows the encryption is being routed through a third malicious point. See e.g. http://www.zdnet.com/how-the-nsa-and-your-boss-can-intercept...

None of this proves definitively that the NSA can do this, but it does mean that if you have something to hide you'd be foolish to rely purely upon SSL.

link
enko 4720 days ago
Some very doubtful assertions here.

> FBI cracked 512-bit disk encryption in a recent case

Very hard to believe that they brute-forced 512-bit AES. More likely they guessed, or otherwise located, the key, or found some implementation flaw in the software/device.

> don't even need to work that hard. They can just grab the keys in transit.

If and only if they have the private key. Which, I concede, they may well be able to get.

> Third, with a MITM attack, you can just drop in a box that makes SSL connections on both ends transparently

No you can not, not without installing a cert on every single user's machine. This would have been noticed if it was going on.

I admit that now I think about it, putting taps on DC data connections and simply requiring sites or the DC to provide any and all private keys would be substantially less invasive/visible than actually putting taps into the building, and with basically the same effectiveness (except for the PFS thing).

link
kronusaturn 4720 days ago
RC4 is still a very widely used cipher, and its security is pretty questionable. See, for instance, http://www.isg.rhul.ac.uk/tls/
link