Jump to content
Not connected, Your IP: 18.116.85.108
Casper31

Latest news about about which crypto protocols you can relay on.

Recommended Posts

Hello all,

Yesterday ,Der Spiegel published an artikel about which crypto protocols we still can trust .This ,of course in relation with the nsa and others.It seems that otr,pgp are still trust trustworthy ,but ssh ssl tls shows cracks .

I still have to read the whole artikel.But find it important enough to share  this with community, with no delays.

I think a must see,the presentation from Jacob and Laura at the Chaos computer Club .

Share this info with as much people as you can and try to trigger discusions;to get more awareness about privacy and there impact as possible.

 

Der Spiegel:                                                                                                                                                                          http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

Presentation from Laura Poitras and Jake Appelbaum at the CCC :

http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_en_-_saal_1_-_201412282030_-_reconstructing_narratives_-_jacob_-_laura_poitras.html#video

Scheier blog:

https://www.schneier.com/blog/archives/2014/12/new_documents_o.html#c6685592

 

 

Casper

 

Share this post


Link to post

Thank you for posting this important info regarding the continuing assault on our privacy and freedom by government agencies around the world, especially the "Five Eyes" nations. The Der Spiegel article was excellent and the collection of resource links contained within the article look to be invaluable.

 

One of our greatest weapons against tyrany and the erosion of our naturally imbued rights of liberty (speech, privacy, right to assemble, religion, the press, to pursue happiness, that we are innocent first until proven guilty, etc.), is to stay informed. This post was very informative.

 

If only the citizens of the world could remember that governments are in place to serve us--not the other way around. It was once said, "When the people fear their government, we have tyrany. When the government fears its citizens, we have freedom."

 

Governments fear well-informed citizens.

 

Thank you! (and thanks to Mr. Snowden!)


Laurelli

<my rant>Privacy is a right and expectation that the citizens of the world once enjoyed, but took for granted, and have lost. Today we are made to believe that we only need privacy if we are doing something wrong. I do not believe this lie. Today we are told by our governments that we can have no expectations of privacy, for our own "safety" and for "the greater good" of society. Personally, I don't need a big brother to protect me, and I will NEVER choose to surrender my rights and my liberties for so-called safety and security from a boogie man. I will continue to use services, such as AirVpn, in order to exercise my right and expectation of privacy. Would that the sheep would learn.</end rant>

 

Share this post


Link to post

I still have to read the whole artikel.But find it important enough to share this with community, with no delays.

 

Ten more minutes isn't going to make any difference when the NSA have been doing what they do for years.

 

I'm still skeptical. Side channel attacks on crypto implementations, downgrade attacks on SSL and correlation attacks on Tor, sure. But some people are acting like state adversaries have a magic wand and that when someone says "X is broken" then it's automatically game over and we have to move to something else.

 

More likely what is going on is that they have found weak crypto implementations and bugs; and those are things that can be fixed.

 

Some things are inherently vulnerable to certain attacks, like any real-time proxy (all VPNs, and Tor) will be to intersection attacks. That doesn't mean "broken", though, just that some things can be found out by some adversaries.

 

So take that into account - be aware that all tools have limitations, and use the right tool for the job!

Share this post


Link to post

So OpenVPN isn't breached?

 

Unlike PPTP OpenVPN uses standards for authentication and tunneling which have proven themselves to be quite reliable. So if you want to talk about breaking OpenVPN talk about the protocols behind it (AES ). Just like with PPTP for example where we talk about MSCHAP (authentication) or MPPE (encryption) being vulnerable to a variety of attacks which render PPTP as a whole a big security risk.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Interesting bit of conversation.  I dont worry much about AES encryption being breached or even OpenVPN for that matter.  I am more concerned about the alternative ways that my privacy can be breached.  Agencies have enormous resources and spend night and day finding clever ways to spy on the citizenry.  I would say worry about protecting your network and computer first before worrying about your connection with AirVPN.  There is a reason I have been using Air and I will continue to do so long into the foreseeable future. 

Share this post


Link to post

It's a nice article, but a bit outdated and it is missing a lot, most notably that the NSA has no real way to crack AES encryption.  They have quite a bit of work before they are able to crack it, which is why I suspect they have resorted to hacking into networks and computers.  I stated previously to look at your network and computers first.  Check your home router and if possible get something that you have better control of.  Get a router that you can control like a DDWRT router.  Secondly, check your computers.  If you have to use Windows, then protect it with a good antivirus, a good spyware scanner like Malwarebytes, and take control of the windows firewall.  Giganerd has some great links and the Eddie tool makes connecting securely easy.  With all of these tools at hand provided already, I wonder why people still get nervous about these articles online.  We have the best encryption and we have the best VPN service with Air.  Our only responsibility is to protect our computer and network.  It does not get easier than that.

Share this post


Link to post

OpenVPN isn't named in the documents about decrypting VPN traffic, though it is mentioned in the overview of anonymisers. I'm less worried about the cryptography being attacked and more worried about traffic analysis which is very simple against a single hop VPN no matter how strong the encryption. For this reason I try to use Tor Browser for as much as possible in addition to the VPN. I recommend this.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...