latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
Jimmy Hess
mysidia at gmail.com
Sat Nov 2 18:42:04 UTC 2013
On Fri, Nov 1, 2013 at 10:40 PM, joel jaeggli <joelja at bogus.com> wrote:
> On Nov 1, 2013, at 7:06 PM, Harry Hoffman <hhoffman at ip-solutions.net>
> wrote:
> > That's with a recommendation of using RC4.
> it’s also with 1024 bit keys in the key exchange.
>
Better leverage quantum encryption tech to exchange those symmetric keys
securely; I wouldn't be surprised if the NSA has DH, DSA, and RSA key
exchange schemes defeated or backdoored.
RC4 while not a particularly strong cipher may be strong enough
cryptography to dissaude the NSA, until the matter comes up to budgeting,
and they get a few hundred billion extra in taxpayer money allocated in
order to get their truckload of ASICs live for rapidly brute-forcing RC4
keys, or AES keys, or $cipher_of_the_day_keys.
With near certainty, there would be more invasive methods of attack
available that do not require beating the actual cipher algorithm, and they
would exploit any available options --- figure out which devices are
responsible for doing the encryption, and compromise the security of those
instead.
oh RC4 may be strong enough otherwise, but the cryptosystem or library that
actually implements the AES RC4 or whatever key/cipher scheme, weak. It's
also entirely possible, the implementation you get of RC4, AES, RSA,
etc... will contain subtle backdoors in the library, that reduce the
cipher strength to a level far less.
--
-JH
More information about the NANOG
mailing list