What more is there? [infil/exfil]

Cathal Garvey cathalgarvey at cathalgarvey.me
Tue Jan 21 08:28:00 PST 2014 

> He also trusted RSA enough to use it to encrypt communications with
> Greenwald and Poitris (sp?).

Not only that, after Schneier took a look at the files he alluded that
discrete-log crypto was a safer bet right now. So it looks like RSA
remains ironclad in terms of age and security. Also, if AES were
backdoored, I think we'd see waaay more panicked allusions to
state-secret-smashing revelations.

Besides, as has been argued many times; if you own the random number
generator, you own the RSA/AES ciphers anyway, and that's what the NSA
did. So yea, if you were using RSA-RSA, you're fucked because one of the
CSPRNGs was backdoored. But the RSA algorithm, going by Snowden's usage
and Schneier's interpretation of the documents, is still OK if properly
implemented.

> Very real possibility. Commercial tech is almost there. Assuming
> government is 3-5 years ahead, they might well have that. But I really
> don't see that as much of a threat.  It just saves analysts time.

Also permits more efficient storage for a backlog of dirt if they ever
decide they don't like you. So, it is a bit of a game-changer.

The NSA will never store raw audio of you being a total asshole if
you're not a target, even though it would be great material for
discrediting you someday if you get out of line. But they could easily
store plaintext transcripts.

On 21/01/14 15:38, Anonymous Remailer (austria) wrote:
> On 01/20/2014 07:56 PM, grarpamp wrote:> On Mon, Jan 20, 2014 at 2:57
> PM, Anonymous Remailer (austria)
>> <mixmaster at remailer.privacy.at> wrote:
>>>> I too wish the leaks would come at a faster pace. But I don't think
>>>
>> The pace is ok, it keeps up the pressure. The real question is,
>> is what remains? More of this same stuff we all knew was happening
>> anyways? Or is there more deeper stuff we only questioned but
>> shrugged off due to the hardness/fantasy of it all?
>>
>> - decryption of aes? cracked rsa?
> 
> Unlikely, unless it's buried deep within files that Snowden took.
> Remember, during his very first few interviews, he encouraged us to
> continue to use encryption and made the statement "encryption works". He
> also trusted RSA enough to use it to encrypt communications with
> Greenwald and Poitris (sp?).
> 
>> - automatic and global translation to stored text of all voice calls?
> 
> Very real possibility. Commercial tech is almost there. Assuming
> government is 3-5 years ahead, they might well have that. But I really
> don't see that as much of a threat.  It just saves analysts time.
> 
>> - gratuitous unwarranted passing of crimetips to LEA?
> 
> Likely already being done. In fact, there seems to be some evidence that
> this has happened in several instances.
> 
>> - fundamental metadata knowledge of all persons/associations?
> 
> Probably possible but not really feasible. Too difficult to filter even
> using selectors. But I'm sure they're close. Still, there are ways to
> communicate without generating useful metadata so it might not matter.
> 
>> - political puppetstringing?
> 
> I'd say this is nearly guaranteed. In fact, I suspect this is why
> Congress has been so slow to do anything about it. The NSA has them by
> the balls. If you were running a large, illegal, operation, wouldn't you
> first gather as much dirt on the people who could shut it down as possible?
> 
>> I suggest the answer lies in budget analysis... the possibilities
>> within a well spent budget. Or a seriously conscientious leaker at
>> the top who is yet to come... since so far Snowden seems limited
>> to confirming lower level obviousness.
> 
> Good point. You know what I'd like to see? I'd like to see code. I'd
> like someone to drop the code to one of these massive systems online for
> us to analyze. But I suppose documents and program details would be just
> as useful.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140121/e1943497/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140121/e1943497/attachment-0001.sig>

More information about the cypherpunks mailing list