Latest news about about which crypto protocols you can relay on.

[Casper31 73]

Hello all,

Yesterday ,Der Spiegel published an artikel about which crypto protocols we still can trust .This ,of course in relation with the nsa and others.It seems that otr,pgp are still trust trustworthy ,but ssh ssl tls shows cracks .

I still have to read the whole artikel.But find it important enough to share  this with community, with no delays.

I think a must see,the presentation from Jacob and Laura at the Chaos computer Club .

Share this info with as much people as you can and try to trigger discusions;to get more awareness about privacy and there impact as possible.

 

Der Spiegel:                                                                                                                                                                          http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

Presentation from Laura Poitras and Jake Appelbaum at the CCC :

http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_en_-_saal_1_-_201412282030_-_reconstructing_narratives_-_jacob_-_laura_poitras.html#video

Scheier blog:

https://www.schneier.com/blog/archives/2014/12/new_documents_o.html#c6685592

 

 

Casper

 

[XQWeir97 16]

Thank you for posting this important info regarding the continuing assault on our privacy and freedom by government agencies around the world, especially the "Five Eyes" nations. The Der Spiegel article was excellent and the collection of resource links contained within the article look to be invaluable.

 

One of our greatest weapons against tyrany and the erosion of our naturally imbued rights of liberty (speech, privacy, right to assemble, religion, the press, to pursue happiness, that we are innocent first until proven guilty, etc.), is to stay informed. This post was very informative.

 

If only the citizens of the world could remember that governments are in place to serve us--not the other way around. It was once said, "When the people fear their government, we have tyrany. When the government fears its citizens, we have freedom."

 

Governments fear well-informed citizens.

 

Thank you! (and thanks to Mr. Snowden!)

[erioao 0]

So, VPN isn't that secure anymore, right? But no word on OpenVPN...

[mage1982 15]

I still have to read the whole artikel.But find it important enough to share this with community, with no delays.

 

Ten more minutes isn't going to make any difference when the NSA have been doing what they do for years.

 

I'm still skeptical. Side channel attacks on crypto implementations, downgrade attacks on SSL and correlation attacks on Tor, sure. But some people are acting like state adversaries have a magic wand and that when someone says "X is broken" then it's automatically game over and we have to move to something else.

 

More likely what is going on is that they have found weak crypto implementations and bugs; and those are things that can be fixed.

 

Some things are inherently vulnerable to certain attacks, like any real-time proxy (all VPNs, and Tor) will be to intersection attacks. That doesn't mean "broken", though, just that some things can be found out by some adversaries.

 

So take that into account - be aware that all tools have limitations, and use the right tool for the job!

[Rcbhq4 1]

So OpenVPN isn't breached?

[OpenSourcerer 1361]

So OpenVPN isn't breached?

 

Unlike PPTP OpenVPN uses standards for authentication and tunneling which have proven themselves to be quite reliable. So if you want to talk about breaking OpenVPN talk about the protocols behind it (AES ). Just like with PPTP for example where we talk about MSCHAP (authentication) or MPPE (encryption) being vulnerable to a variety of attacks which render PPTP as a whole a big security risk.

[Corsair28 8]

Interesting bit of conversation.  I dont worry much about AES encryption being breached or even OpenVPN for that matter.  I am more concerned about the alternative ways that my privacy can be breached.  Agencies have enormous resources and spend night and day finding clever ways to spy on the citizenry.  I would say worry about protecting your network and computer first before worrying about your connection with AirVPN.  There is a reason I have been using Air and I will continue to do so long into the foreseeable future. 

[hashtag 151]

NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

 

http://arstechnica.com/tech-policy/2014/12/nsa-has-vpns-in-vulcan-death-grip-no-really-thats-what-they-call-it/

 

[Corsair28 8]

It's a nice article, but a bit outdated and it is missing a lot, most notably that the NSA has no real way to crack AES encryption.  They have quite a bit of work before they are able to crack it, which is why I suspect they have resorted to hacking into networks and computers.  I stated previously to look at your network and computers first.  Check your home router and if possible get something that you have better control of.  Get a router that you can control like a DDWRT router.  Secondly, check your computers.  If you have to use Windows, then protect it with a good antivirus, a good spyware scanner like Malwarebytes, and take control of the windows firewall.  Giganerd has some great links and the Eddie tool makes connecting securely easy.  With all of these tools at hand provided already, I wonder why people still get nervous about these articles online.  We have the best encryption and we have the best VPN service with Air.  Our only responsibility is to protect our computer and network.  It does not get easier than that.

[dwright 25]

OpenVPN isn't named in the documents about decrypting VPN traffic, though it is mentioned in the overview of anonymisers. I'm less worried about the cryptography being attacked and more worried about traffic analysis which is very simple against a single hop VPN no matter how strong the encryption. For this reason I try to use Tor Browser for as much as possible in addition to the VPN. I recommend this.