Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Security

Can the NSA brute force RC6? Probably. 99

Anonymous Cypherpunk writes "The latest Cryptogram Newsletter has an interesting link to a paper about the feasability of building a RC6 cracking machine much like the EFF's Deep Crack DES cracker. The proposed machine would cost roughly $280 million and be able to crack a 64-bit key in an average of only 3.58 minutes. "
This discussion has been archived. No new comments can be posted.

Can the NSA brute force RC6? Probably.

Comments Filter:
  • by Anonymous Coward
    Article concentrates on cracking 56 bit keys. Everything serious (ssh,pgp,apache-ssl,fortify) today uses 128 bit keys. Except for my bank, who are using a commercial ssl server.

    Mayby they think closed-source, short-key cryptography gives a more security, than reviewable, secure , cryptography...
  • by Anonymous Coward
    Bleh.

    First off, let's assume that with $280 Million, you can buy 100 million 486's (which is rather unlikely given that with PC's, you would need hard drive space, motherboards, cases/racks, and the network cards/hubs to connect them all.

    Now let's assume that you get a genius programmer (willing to work for free, though the cost of the programmer will be minimal compared to $280 Million, so this is not all that far-fetched), and this brilliant programmer somehow finds a way to get the machine to do one round of the algorithm in one clock cycle, meaning that at best (on an overclocked 100+ Mhz 486) each 486 can do 10 million iterations per second for a 12 round system. This now works out to a total rate of 1 trillion iterations per second, or roughly 2 ^ 40 iterations per second. This means it will still take 2 ^ 39 seconds to break one 80 bit key (given that on overage you will only have to search half the key space) 2 ^ 39 seconds works out to be roughly 17,000 years assuming I didn't totally miss something.

    Next off, just in case I missed something here, you still have the issue of heat, space, and power consumption. As it is, the very densely packed hardware system would require a large portion of the space of the pentagon (hence the adoption of networks); less densely packed 486's would take up considerably more space, and would use considerably more power.

    On the other hand, using the money for a beowulf does have some merit; a beowulf cluster could be easily (relative to pure hardware) converted to attack a different crypto system, however I doubt a suitable 486-based beowulf system is feasible.
  • by Anonymous Coward
    I seem to recall some input they gave on the S boxes for DES, when it was being developed. A lot of people thought they put in a nice trap-door for themselves, until a few years later, when it was realized that the numbers they gave avoided some hole that the origional numbers had.

    I can't really remember the source, and it's foggy in my mind, so don't trust the anecdote too much, unless someone else comes up with the references. However, if this was the case, it would point towards the NSA being a bit ahead of the outside world.


    No, yer right. It was the invention of "differential cryptanalysis" -- basically a chosen-plaintext attack whereby you force pairs of plaintexts over and over through the coding machine until, bit by bit, the biases in the pseudo-random scrambling functions come out as systematic differences in the cyphertexts, and the machine gives up its key.

    It works for a general class of s-box like functions but (as Biham and Shamir noted in the original paper) not for the DES s-boxes themselves. Previous to the (re)invention of diff. crypt. in the public literature, the NSA had been very cagey about why they used that particular algorithm -- making everyone worry that DES had a back door. But after the paper was published, they admitted that they'd known about differential cryptanalysis for years, and had designed DES to be proof against it.

    So I'd say a lower bound on the gap between NSA and the rest of us would be the gap between the publication of the DES standard [1977] and the publication of the differential cryptanalysis paper [1991].

    jsm
  • Anyone take a look at the banner on top of their webpage?
    http://www.nsa.gov:8080/ [nsa.gov]

    "Providing and protecting vital information through cryptology"

    Does anyone else find that ironic & hypocritcal?

  • And if a big three or four letter agency wanted to build a series of these machines, they would get their own chip foundry going, and the price would come down as time went on. Assuming the NSA has done that, you can imagine the cracking power they can throw against codes they haven't comprimised yet.

    The following is a quote from some NSA recruitment literature:
    "Your work may also take you into our microelectronics fabrication facility that includes a 20,000-sq.-ft "Class 10" clean room. It is here where we are redefining the limits of an array of key technologies - everything from electron beam maskmaking and "direct write" wafer lithography, to wafer fabrication and testing, and more."

    So they can make chips themselves. But for a production run necessary to build this cracker it might be cheaper to have someone else make the chips, cause you need about 64 million of them.
  • I still think that it will probably be shaped like a gaussian curve though.
    No!

    Every key is assumed just as likely as any other key (in a brute force attack). Key number 1 is exactly as likely as key number 2^63 is exactly as likely as key number 2^64 - 1. Thius means that the distribution is uniform.

    That's what the remarks by Gilmore and Brazier concerning controllable search order was about. Unless you're extremely careful about the randomness of your key-generation technology, your actual key-ditribution will not be uniform, and your keys will most probably fall within a very small fraction of the potential key-space. If you understand how they are distributed, you can shrink the sub-4-minute mean time to crack into something far smaller -- probably under one second, and dominated by set-up time rather than by the cracking computation itself.

  • Oh, and the NSA does have oversight. Not as good as I (nor many people) would like, but they do answer to congress and the DoD.

    The NSA routinely refuses Congressional requests for information (on the occasions it IS brought to the attention of congress). That's not oversight, that's a sham.

    Considering that a good secrecy tactic is to deliberatly leak damaging information to keep people from digging for disasterously damaging information, one must wonder what's going on there. Don't ask Congress, they don't know.

    The president MIGHT know what's going on in the NSA. Consider though that this is an organization dedicated to digging up deep dark secrets, and that the president has an image (such as it may be) to uphold.

    Looking at the balance of power in the above relationship, this is a recipe for disaster. It might as well have been designed to be corrupt. And We The People are supposed to believe that in spite of this, in 50 years time, the NSA has not become corrupt?

  • In theory, they could shut it down, but in reality it won't happen unless or until the consequences of NOT doing so outweigh having every dirty little secret revealed to the world (and a few total fictions as well).

    I'm not sure that even a public opinion strong enough to guarentee that NOT shutting them down would mean being un-electable ,even as dog catcher, for life would be enough to counter having every last secret (including stealing a fig newton from mom's cookie jar at age 4) revealed to the world. This one may require villagers with torches and pitchforks.

  • We've seen stuff like this before. Does the name E.J.Hoover ring a bell? History is on the side of democracy -- without resorting to the "lynch mob" kind.

    J. E. Hoover lived a full life, died a natural death, and was buried with full honors. All while nasty rumors (probably true) circulated everywhere. Those rumors were enough (at that time) to end any career in Washington unless extrordinary means were used to stay in power. I don't see how that helps your point.

    J.E. Hoover was also a one man show. His death ended (as far as anyone knows) the extortion racket. The question is, in NSA's case is it one man (in which case it will go on until that man dies) or is it institutional? (in which case, only the 'lynch mob' will end it).

    Keep in mind ( Re: Germany and strong encryption) that the NSA has a history of infiltrating corperations in Europe who make strong encryption equipment, and inserting fatal flaws into the design. That's how they decrypt diplomatic channels. The EU could seriously limit the NSA's power, but that would effectivly BE the lynch mob since the action would not be coming from those who supposedly have oversight.

  • One big goal in cryptography is to eliminate any such curve. Ideally, the keyspace and the cypher text both look like white noise.

  • Perhaps my definition of "lynch mob" is different from yours" (I'm picturing burning buildings, here).

    I think I allowed my metaphore to cloud the meaning. The burning buildings will be more a figurative thing. I'll try to experss it better:

    The NSA will not be shut down by an act of congress, the president, or the DOD. It will be shut down by consistant and loud public outcry. The leaders of the NSA may well feel as if the metaphorical angry villagers have surrounded them. The process will need to take place on several fronts. The people of the EU will have a role to play as well, by demanding that their governments withdraw support, facillities, and permission to base operations on European soil. There will probably be many angry words (even more than usual) in the U.N. over this.

    Short summary, it can be shut down, but not by those who supposedly have oversight. It has grown too powerful for them.

  • Mean is the average value, whilst median is the middle value. Neither are guaranteed to be exactly halfway from either end of the range. My gut reaction is that the range would look similar to a skewed gaussian curve, with -ve infinity replaced by 0 and a worst case situation being a lot higher than 7.56. Comments?

    BTW, it was 3.58 minutes, not seconds :)
  • "We have seen that the machine can do a full exhaustive key search of a 64-bit key in 7.16 minutes. On average, only 50% of the keyspace needs to be searched, so the average keybreak will be in 3.58 minutes."

    You are right. I should have read the article before I opened my mouth... sleep deprevation, excuse, excuse, etc :( Of course the range is bounded because we know how many keys per second can be tested, and how many keys exist (2^64). I still think that it will probably be shaped like a gaussian curve though.

  • Applied Cryptography, 2nd Edition, Bruce Schneier, pg. 266-267

    Also, the NSA would have never OKed DES if they had known the algorithm could also be implemented in software. (There were enough details in the specification to do so.)
    computers://use.urls. People use Networds.

  • The NSA is generally portrayed as organization that has superior hardware and knowledge resources, everyone seems to assume that they are years ahead of everyone else.

    But what is fiction and what is fact?

    I don't know since when the NSA operates, but they are around for some years. I would like to know if any real proof about these mythical abilities surfaced in the past, some stunt the NSA performed that they were the only ones being capable to.

  • However, it's important to remember that even an organization that could break DES or RC6 (or any encryption, for that matter) in minutes would be overwhelmed if everyone used encryption (real-time mass scanning of internet traffic, for example, would be impossible), and the NSA knows it as well -- this is one reason they've campaigned alongside the FBI to limit the spread of encryption technology.

    This is one of the things I wonder. There is lots of software available that would make spying harder, but still your software - lets take any UNIX distribution - comes preconfigured not using this.

    So the default is lower security. Why is it not the other way round?

    Would it really complicate the installation so much if for example PGP would be made part of the default installation process?

    Why do we have telnet or ftp preconfigured, but not have ssh or scp running out of the box?

    I would like to see a change here.

  • Yes. This calculation only works with "average" values.

    Now suppose that the cleartext is not known, and is compressed. Then no assumptions can be made about what byte values will appear in it. Those chips would have to be quite a bit more complex - and slower - to do decompression before checking whether the result contains only ASCII printable character codes.

  • Depends upon the random data used for padding. There are publicly-available random number generators that get their data from the thermal noise of a diode, for example. Quite impossible to guess, and helpful in avoiding the generation of patterns and duplicate cyphertext.

    But you're absolutely correct -- a message should be a certain minimum length. Otherwise, the use of a long key and advanced encryption would be pointless.

    Kythe
    (Remove "x"'s from

  • If you're talking about Ft. Meade, MD, it's not so secret :)

    Kythe
    (Remove "x"'s from
  • You are correct. All keys would be tried in 7.16 minutes, and on average, the correct key would be found in half that time.

    Kythe
    (Remove "x"'s from
  • Neither the NSA nor any single existing organization has the kind of personnel/computing horsepower to do what you suggest. It's simply impossible, mathematically speaking.

    From what I understand, the NSA does have the capability to intercept most, if not all, telephone calls made between America and other countries. I would bet most of these calls are dismissed out of hand as "unimportant".

    While it is evidently true that the NSA and equivalent organizations in foreign countries cooperate in the "echelon" program to spy on each other's citizens (since most such departments are prevented by law from spying on their own citizens), I would bet that, again, most communications are simply not important enough to waste valuable time and resources on.

    The Internet, by contrast, is potentially a different matter. It is so easy to set up a backbone node and simply scan for keywords that I find it difficult to believe that it's not done. But again, there are practical limits to what the technology can do. I would bet most encrypted messages go unnoticed and undisturbed unless they're between certain people.

    Oh, and the NSA does have oversight. Not as good as I (nor many people) would like, but they do answer to congress and the DoD. The trouble is, for the most part, what the NSA does doesn't seem to be routinely brought to congress's attention. Additionally, their budget can be inferred from the fact that they receive their funding as part of the overall DoD budget.

    And for what reason do you believe they can "break just about any code"?

    Kythe
    (Remove "x"'s from

  • You're absolutely right, and I didn't mean to convey otherwise.

    Oversight of the form necessary to prevent abuse simply isn't there when it comes to the NSA (from what I've read), and much needs to change.

    The point I was trying to make, however, is that, should they choose to do so, congress and/or the president most certainly could change or even shut down the NSA. And at least in name, the NSA does answer to these bodies.

    Kythe
    (Remove "x"'s from

  • I'm not nearly as pessimistic as you. The fact is, quite a few eyes are on the NSA and Echelon right now, and not a few powerful people are up in arms. At the very least, I think the EU is realizing just how economically detrimental it would be if the situation were as bad as some of the stories make it out to be. Echelon is rumored to be the NSA's baby; something that is being used largely for the USA's benefit, often at the EU's expense. Germany has already officially sanctioned strong encryption over this, and I see others following suit. One way or another, the NSA's operations are in for trouble.


    Further, things could get much, much worse for the NSA than they are. I really think they'd be overplaying their hand to try blackmail.


    We've seen stuff like this before. Does the name E.J.Hoover ring a bell? History is on the side of democracy -- without resorting to the "lynch mob" kind.

    Kythe
    (Remove "x"'s from

  • I meant, of course, J. Edgar (duh!), not Edgar J. (who the heck was he?) :) It's been a long day.

    Regardless, Mr. Hoover's tenure in the FBI was widely regarded as the height of its abuses of power. Nonetheless, that power was curtailed through legislative means. Yes, the man had a very successful career, and in many circles, he's honored. In many others, he's villified. How he's remembered isn't the point -- rather, the fact that the democratic system triumphed is.

    What we're dealing with (as most seem to agree) is an abuse of power and insufficient oversight. Regardless of the number of people involved, they still, ultimately, answer to/are funded by a democratic system of government. It will probably take courageous folks to rectify it, but such people seem to be taking an interest in the matter, and I have faith that as long as democratic systems of government exist, things like this tend to be rectified.

    Perhaps my definition of "lynch mob" is different from yours" (I'm picturing burning buildings, here).

    Kythe
    (Remove "x"'s from

  • DES was designed in the 70's through a collaboration between IBM and the NSA. IBM has said that they knew (presumably through work with the NSA) about differential/linear cryptanalysis at the time.

    The flip-side of this is, major efforts at public-domain cryptography have only been going on a short while -- pretty much over this decade. Prior to this, it was mostly small efforts outside the NSA. Nonetheless, differential and linear cryptanalysis were discovered after a relatively short time.

    IOW, I believe the public-domain efforts are catching up.

    Kythe
    (Remove "x"'s from

  • The NSA has been around for over 50 years, and claims to employ more mathematicians than any other single employer worldwide. They supposedly have substantial on-campus resources such as their own research and semiconductor fab facilities, several of the world's most powerful supercomputers, etc. I seem to recall that their annual budget is in excess of (US) $25 Billion, but don't quote me on it.

    All of this info is public knowledge, interestingly enough. 15-20 years ago, noone would even acknowledge that the organization existed. Now they recruit on college campuses.

    My, how times have changed :)

    It is an interesting question as to whether such an organization could, in ~50 years of dedicated work, defeat mathematical problems that have stood (in some cases, such as the factoring of large numbers) for more than 2000 years as either "extremely difficult" or "unsolvable". My money's on the notion that they're about 10 years ahead of public domain cryptography at this time. They're not gods, however. I'm betting they've probably gone quite a bit further in developing certain technologies useful for cryptography, such as quantum computing (if it can be done), photonics and quantum encryption.

    However, it's important to remember that even an organization that could break DES or RC6 (or any encryption, for that matter) in minutes would be overwhelmed if everyone used encryption (real-time mass scanning of internet traffic, for example, would be impossible), and the NSA knows it as well -- this is one reason they've campaigned alongside the FBI to limit the spread of encryption technology.

    As far as proof, there are three resources I've found on the NSA. The first is the book "Puzzle Palace" published in the late 70's/early 80's (I don't recall the publisher or the author). The second is the NSA's own website. And the third is hearsay, including alleged NSA employee manuals, etc. published on the 'Net. Needless to say, the last is the least credible.

    I'd bet we'll see more possible NSA stunts in the future, as they work more closely with the FBI on high-profile cases that involve criminals and terrorists. Such instances, I would think, would be inherently more visible than the super-secret breaking of Russian launch codes.

    Speaking of which, I heard not too long ago that the Russians use RSA encryption for their nuclear launch systems. That alone tells us something of the NSA's capabilities, or lack of same -- assuming it's true.

    Kythe
    (Remove "x"'s from

  • 64 bit and 1024 bit encryption generally refer to 2 different things. The 64-bit encryption is usually symmetric, and relies upon various mathematical convolutions. The 1024 bit encryption is usually a "public-key" encryption method, and is considerably easier to crack for a given key length. 128-bit RSA, for example (if such a thing were available) would be so insecure as to be virtually useless, whereas 128-bit IDEA or CAST is unbreakable, to the best of public-domain knowledge.

    Kythe
    (Remove "x"'s from
  • I assume that you are reffering to distributed.net's effort in DES-III. At the time of that contest, we had about 40,000-50,000 'active participants' who had submitted blocks within the previous 30 days. Currently, we are working on RC5-64 and have about 67,000 participants who have submitted blocks in the past 30 days. Over the entire life of the RC5-64 contest, blocks have been submitted by 188,845 seperate email addresses, but as you can see, most of those emails are no longer active.

    Jim Nasby
    distributed.net
  • > um, why would the growth of capital be a linear
    > function? especaly if population growth was
    > exponential.

    It's the Malthusian Fallacy all over again.
    ---
  • Well, it's taken us 630+ days to do about 10.5% of the keyspace. Hrm. If this can crack it on an average of about 3 minutes 35 seconds (3.58 minutes, rounded up) . . . hmm... I'll do the number crunching and try to estimate a keyrate within the next 18 hours.


    This thing dwarves the Russian E2K for sure. =)
  • Bummer. I took the stats at face value.

    So much for what was shaping up to be a decent conspiracy theory. Next step was to create a web page that suggested little tinfoil hats for one's mouse as a preventative.
  • "pretty inefisent [sic]"

    So, then, you'd be one of those uptight, humourless sorts that wouldn't recognize a joke if it leapt up and bit you on the arse, eh?

  • Just over 188 thousand people are involving their machines in the DES cracking effort. Nearly 900 thousand are participating in SETI@home.

    What if SETI@home were just a ruse by the NSA to bust open encrypted messages? Package it as something exciting, get all those none-techie-geek people involved...

    Ooh! Spooky! Hey... what's that sound? Is someone ther...
  • April 5th, 1999 the New Yorker magazine ran a story about the NSA's campaign (using the UN's inspection people as a cover) against Sadaam Hussain during one of the (many) Clinton bombings:

    "The encryption system on Saddam's telephones, made in Sweden, was as sophisticated as any on the international market. The phones had a series of channels, and on each channel were algorithms that chopped the signals into hundreds of bits as the channesl were switched." (p. 32)

    "Early in the spring of 1998....the algorithms were unscarambled, and Saddam's most closely protected communications were suddenly pouring into UNSCOM"" (p. 32)

    And more...

    "In March of 1998, a high-tech team from the National Security Agency. which is responsible for American communications intellegence, flew to Bahrain to revew the telephone intercepts. One official recalls that once the intercepts had been decrypted and transalted the Americans told themselves, "Here's the best intellegence that we ever had!" (p. 35)

    "Then in April of 1998, operational control of the Saddam intercepts shifted to one of America's least publicized intellegence unites, the Special Collection Service. The S.C.S., which is jointly operated by teh C.I.A. and the N.S.A. is responsible for, among other things, deploying highly trained teams of electronics specialists in sensitive areas around the world to monitor diplomatic and other kinds of communications. Its operations are often run from secure sites inside American embassies." (p. 35)

    All this makes me really suspicious of our bombing of the Chinese embassy-- what that was really about... And also-- it doesn't seem like there's too much the NSA *can't* crack if they want to...

    I recommend that article, btw, it was pretty interesting and talked about a lot of sigint stuff in a suprisingly frank way.
    W
    -------------------
  • Doesn't a good key-length depend on message length? That is to say, a message must be a certain length compared to a key-length (1/2x, 1x, 2x?) to be able to be encrypted by that key?

    Granted, anyone whose bothering to encrypt probably knows this, but for those who don't, the crypto software generally pads the message length with pseudo-random data, whose contents can be inferred and used to assist the crack.

    Or am I just talking out of my ass here? This really isn't my field.
  • I wouldn't feel safe.

    Remember that the brute force attack is the upper bound on the time required to crack a key. It does not guarantee the absence of more sophisticated and efficient attacks.

    A simple monoalphabetic substitition cipher has a large keyspace (26! or about 88 bits). That doesn't make it secure.

  • Is this
    * $280 million US consumer dollars, or
    * $280 million US government contract bid dollars?

    Cuz if it's the latter, don't forget that you have to cover the administrative costs of putting the contract up for bid; costs of parts, labor, and "reasonable" profit to the contractor; costs of a lengthy service contract that is also lucrative to the service organization; cost of integration into the existing systems on site; cost of training personnel to use such a system... oh yes, and the padded-in $100 million to fund classified projects at various locations, including Area 51.

    Sounds like $280 million dollars is a steal for such a box!! ;D

  • I work for a company that makes massively parallelized boards for doing text matching at extremely fast rates. I know for a fact that getting a single board with no faulty chips can be quite a chore. Assuming that the NSA could produce thousands or millions of these boards I bet only 75% of those would work. (that's gonna kick the price up a little!) Plus mainframes can lose a processor a day. If you had 10 zillion chips how many of those would die every day? Surely that would slow them down. All that taken into account my guess is that 3 secs is WAY longer than it ACTUALLY takes ;-)
  • yeh.. really there's nothing to worry about, except for FEMA.
  • Please, they've BEEN cracking 64-bit code
    for a frickin while now.


    I agree. The article says that this machine will crack 64 bit encryption in under 4 minutes, it does not say that this is the first NSA machine to do it nor does it say that it and their other cracking machines can't do 128 bit (or other bit levels) too.
  • Dude, NO amount of math will make social secrity work.
  • They should put the same money into a Beowulf cluster. 280Mil would buy a LOT of 486's.
  • by jslag ( 21657 )
    face it..not much good could can come out of the government. nasa and science/math are probably the best uses for the billions of dollars that the government gets each year.


    I think that the people who would otherwise be without food or shelter or medical attention would disagree with this statement. Also people who drive on roads. etc., etc.
  • I remember reading an article in a magazine a few years ago which really scared me. I don't know much about crypto, so I may be getting some of these facts wrong, but it centred around a technique called 'differential cryptanalysis' that had just been invented and used against DES (this was the early 90s). The researchers who had found this noticed that it worked very well with some non-government-created DES variants like Blowfish (created, it seems, partially out of fear that the government could crack DES). It didn't help very much, however, with plain-vanilla DES.

    They said that this was because the NSA had designed DES with protection against this technique in mind. DES was designed a while ago - 40s? 50s? - and at that time, the NSA was supposedly advanced enough to incorporate protection against a method of cryptanalysis which wouldn't be found by the public until half a decade later. If this is true... ouch.
  • Told you I didn't know what I was talking about :)
  • what it doesn't run linux? boycott the nsa and the us govt.
  • I noticed a logic flaw in the calculation of bandwidth.
    he said that there would be X amount of "false positives" during each run. while it's true that X amount of false positives will ocur, you don't know *when* they are going to happen, in other words, you could end up with all the positives going off at once, and locking up the system for quite some time.
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • 64-bits, about 4 thousand times more dificult.
    anyway, 64bit is all were alowed to have, so who cares about more?
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • by delmoi ( 26744 )
    beacuse it would cost ***a lot*** more money, in order to get the same performance. the artical said that a pIII can crack 300,000keys or so per second
    this box can can do 10, million * 2^32 or 42,949,672,960,000,000 keys per second. assuming that these bad ass CPUs can do 800,000 keys per second, you would need 53,687,091,200 of them. or about ten for every living person on earth. that would cost a lot
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • well, it would be a pretty inefisent for them to do that, as opposed to building this supercomputer. in order to match this performance, you would need somthing like 400 billion pIIIs
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • um, why would the growth of capital be a linear function? especaly if population growth was exponential.
    if that were the case, we would have *a lot* more to worry about......
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • $280 million would buy a lot of hookers and beer.

    in fact forget the beer


    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • by delmoi ( 26744 )
    yes, read the whole artical
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • dude, they arn't *actualy* doing this, this is just some guys thoughts on how much a computer like this would cost to build. there's no indication that the NSA, is building, will ever build, or hasn't already built such a device
    _
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • I doubt any such stunt, if there are been any, would be publicly acknowledged by the NSA. After all, it is definitively in there own interest not to announce publicly their abilities...

    However, one must keep in mind that they are the biggest employer of mathematicians in the U.S. (probably the entire world...), that whatever research in the field of cryptography they make is only published internally but that they benefit (like anyone else) of all the research done in universities. Moreoever, their budget is much larger than that of any other organisation. Finally, recent stories have hinted at agreements with similar organisations of other nations.

    Although they don't seem to publish many papers annually, we have to admit that they definitively have a lot on their side...
  • Because the efficiency of software running on one of these computers would still not equate that of a massively parallel computer of chips designed specifically to crack DES...
  • Politics and licensing.

    If RedHat included strong encryption, they would have export problems. At the very least, they would be opening up a can of worms they may not be prepared to deal with. I think they are much more concerned about their IPO recently.

    I'm not sure, but the license for SSH precludes its use in a normal distro. (is it open source? or even free?)

  • I seem to recall some input they gave on the S boxes for DES, when it was being developed. A lot of people thought they put in a nice trap-door for themselves, until a few years later, when it was realized that the numbers they gave avoided some hole that the origional numbers had.

    I can't really remember the source, and it's foggy in my mind, so don't trust the anecdote too much, unless someone else comes up with the references. However, if this was the case, it would point towards the NSA being a bit ahead of the outside world.

    There's also the point that the outside world likes to publish things, and they don't. Assuming they at least read published material, they can't be much behind us, and are probably at least a little ahead
  • by Silverpike ( 31189 ) on Monday July 19, 1999 @08:06AM (#1796279)
    Funny to see that article by the EFF. They have no idea how much they have underestimated the NSA.

    I used to work for a company called Annapolis Micro Systems [annapmicro.com] (Annapolis, MD). They specialize in selling high performance configurable computing [iit.edu] boards (both VME and PCI versions). These boards are especially suited to numerically intense algorithms (image processing, encryption).

    It's no big surprise that the single biggest customer of AMS is the NSA. They routinely bought Wildfire arrays (see website) by the dozens. Two guesses as to what they were using them for, and the first doesn't count...

    It must be emphasized what kind of power these arrays confer. Anyone familiar with configurable computing knows several things:
    1) It's not for the light of wallet.
    2) It requires a hefty design overhead for each application.
    3) It presents the fastest known solutions to almost every NP-complete and iterative solution problem ever posed.

    I am a hardware designer by trade, and I can tell you that is almost beyond my ability to measure what kind of processing power these boards can enable, purchased in groups.

    Be afraid, be very afraid...

    (Author's note: from my limited knowledge of encryption, keys larger than 1024 bytes probably aren't crackable by brute force in this day).
  • I'm not sure that they have a lot of 'magical' technology, but they always seem to have the best of current technology (the latest Crays and such). Maybe it's not so much the technology as the budget -- they can buy as much conventional tech as they want/need in the interests of 'national security'. Aren't you glad they're not in charge of spending your money? =^P
    --
  • If you don't believe that, then read this report from the European Parliament on The State of Electronic Surveillence.

    The Technologies of Political Control [eu.int]
  • $280 million is nearly pocket change to Bill Gates... Big Brother watching you? nah, far more insidious... Big Bill.... All anti-microsoft encrypted content will be monitored...
  • Exponential vs. Linear might not be right, but if
    rate of output > rate of input, then the eventual effect is the same. The pot, toilet tank, refrigerator, coke can, bank account etc all grow empty, at rates varying with the difference between the in- and out- streams.

    Social security? Non-sequitur, except in a graveyard. The government made promises which it assumes our asses can keep (lying blithely about the actual set-up ... ask the SS Admin. innocently if you can make a withdrawal on your "contribution account"), and made our elders dependent on its largesse. Robbing Peter to pay Pauls' kids, stealing candy from generations of babies.

    As someone else pointed out, you don't need a multi-million dollar computer to show this, just the willingness to see truth. The US gubmint is lying to the young to justify its defrauding the rich in a setup which would be prosecuted as a Ponzi scheme if the applicable laws applied to federal agencies.

    timothy

    p.s. Not to mention the obvious Orwellian aspects of the ubiquitous "SS number, please," which for the sake of readers I will not get into right now;)
  • Beside saying nah nah.. to us internet people..
    Why would they bother? Anyone who is using crypto
    extensivly, especially to hide illegal activities
    isn't using 64 bit. Probably using 1024 bit keys or higher. Only thing I can think of is to build a machine that can actually crack much higher keyspaces, but just say that you are only cracking 64 bit so as to not piss off the public about violations of privacy and such.
  • The NSA doesnt exist didnt you know that. There is no orginization called the CIA either. Just one more thing for us to be paranoid about...


    And if you beleive that your crazier than I am
  • The greatest and probably most known stunt is cracking the WW II Japanese crypto and keeping that secret. After WW II they promoted the use of that crypto system just to lure other governments into using something NSA could read as an open book. Many small nations have enjoyed the benefits of the NSA helping hand.

    Now it seems that they are trying other means of promoting weak crypto. The more modern approach is via the Wassenaar agreement. This will have a more long term effect by killing off the development of future strong crypto systems. The message is sign this agreement if you wan't to buy our modern weapons. This will have the added benefit of NSA peer review of most correspondence.

    //Pingo

  • While I'm sure you have good intentions, it's attitudes like that which keep us from actually getting off this dirt ball before the big one hits and all life is expunged.

    If it weren't for SETI and NASA using cheap collaborative methods, we would have no chance of any long-term survival.

    Yes, the NSA is bad, but leave SETI out of it, ok?

    Will in Seattle
    they don't call it the Space Needle for nothing
    and if my code there fails, oops ...
  • 280 Million of our tax paying money to assure ourselves that terrorists from countries with GDPs lower than half that amount can't gain access to the technology to encrypt their diabolicle plots to smash this country.... yeah right. how about using the machine for something OTHER than breaking encryption keys, like, oh, i dunno, doing the math that will make social security work, rather than going bankrupt within the next 10 years? 280M seems like a lot of money to be spending on a machine i'm not so sure we NEED, and one that won't get all THAT much use.....
  • One important (IMHO) remark, I would like to add:
    a commission of the european union is conducting an investigation on echelon on said grounds that it is a system solely set up to infringe the rights of individuals. But last week the federal court of Germany granted the right to intercept all foreign phone calls to the relevant intelligence agency. Weird?
    The national security argument that the NSA and other agencies everywhere use, is in fact rather lame. To give one example: Germany has expedited more US diplomats for espionage than of any other country of origin, during the last few years. None of these accused of spying seemingly had military targets. But todays battles between democracies are not fought with that sort of weaponry.
    In other words: "politics is the entertainment branch of industry"(Frank Zappa)
    What we are witnessing is the (rare) example of Samuel Huntington being right: there is a clash of civilisations and make no mistake about it, the rift is running through the Atlantic.

  • Its much more interesting than the theoretical brute force machine.

    I like the quote about cheating. Been doing that all weekend. Great fun being accused of cheating when all you do is exploit a loophole in the rules. Don't know if I'll ever be invited back for a games night again :-) Or if I am, everyone will be doing the same cheat, until we all decide to fix the rules.

    There is a good follow up about good security == good engineering.

    And the JYA article is a simple extrapolation of the EFF's DES breaker to more bits. A quick look at the numbers and I don't think it would cost anywhere near as much to build a machine like that. And if a big three or four letter agency wanted to build a series of these machines, they would get their own chip foundry going, and the price would come down as time went on. Assuming the NSA has done that, you can imagine the cracking power they can throw against codes they haven't comprimised yet.

    the AC
  • erm. (when you hear that you know I think one of us has missed something)

    Most algorithms are implementable in software. Some are a lot more efficient in hardware (what with parallelism and all, let's not even begin discussing quantum effects), but all deterministic processes can easily be implemented in software, no?

    (and if P=NP, also the nondeterministic ones)

    Johan
  • Hey, somebody edit this guy out, he is ruining it by telling everyone that we are not really reading the articles. And it killed a great conspiracy theory we had going here. Took all the fun out.
  • I can do the calculations that show social security can't work on my TI-86... just graph an exponential function to represent population growth, and a linear function to represent growth of capital. If they cross then the bank goes bust.

    (on topic) The scary thing is that the computer predicted in this article would run at 100 mhz and could still crack RC6 in 7.19 minutes. Think of how fast 1 ghz chips will this time next year... or 5 ghz chips by 2002.
  • 280 million would even buy a lot of Alpha hardware.
  • No, they probably think it gives enough security. Which we can debate endlessly, of course. . .
  • Not to sound alarmist, but if one thinks about it, the NSA has almost absolute power if they have even half of their conjectured capabilities. The ability to decipher and snoop communications at will might allow it to:

    1) blackmail politicians
    2) extort money from illegal organizations
    3) rig the political system (even more than it is now)

    Any dirty laundry (i.e. evidence) could be encypted so strongly that it would stay locked away forever.
    These reasons alone make a case for the pairing down, opening up, or the abolition of the NSA.

    "Absolute power corrupts absolutely." -- A greater man than I
  • Why is the NSA trying to crack 64-Bit encryption?
    First, why is it trying to crack encryption, isn't this part of the whole Big Brother thing.
    Second, why 64-Bit, at that speed, to crack
    128-bit it would take 28087540083642867424704551414336999000 min.


    That's my 1/50 of $1.00 US
    JM
    Big Brother is watching, vote Libertarian!!

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...