Guest Posted ... http://www.reuters.com/article/2015/06/14/us-britain-security-idUSKBN0OT0XF20150614 Britain has pulled out agents from live operations in "hostile countries" after Russia and China cracked top-secret information contained in files leaked by former U.S. National Security Agency contractor Edward Snowden, the Sunday Times reported. What do you guys think. Is it possible that they cracked it or have they got the information from Snowden? Quote Share this post Link to post
InactiveUser 188 Posted ... This reeks of a PR move to drive home the message that, quote, "nobody should be in any doubt that Edward Snowden has caused immense damage".I think there are three possible scenarios for how this actually went down, but none of them really fits their story!Scenario 1: CHI/RUS cracked the actual encryption.Extremely unlikely for three reasons:1. We know Snowden instructed journalists to use TrueCrypt and gpg, so there's no reason to believe he used anything inferior himself. He's no dummy, come on.2. So, now that we can safely assume he used proper crypto, they would have to have, at the very least, cracked AES. Verrrry unplausible doomsday scenario. 3. How in the world would US/UK spooks even know about this? If they had high-up double agents in CHI/RUS, they would keep this quiet, right? You don't waste them for a little news story.On the same token, CHI/RUS wouldn't just let US/UK know about this, either. Scenario 2: CHI/RUS "convinced" Snowden to "cooperate".Compared to cracking AES, it's much more plausible they "cracked" Snowden. But in that case, US/UK would be flat-out lying (shocker, I know!) - so how believable does that make anything in this story?Scenario 3: Snowden's files are not related to US/UK pulling out spies.It's just too convenient to blame this on Snowden when you just had to suffer a devastating Chinese hack of federal personnel files EDIT:Also read Gallagher and Greenwald on this subject Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
zhang888 1066 Posted ... I also think it was somehow related to the OPM hack, Duqu 2, or some other breach that didn't go public.And, s/pulled out/replaced Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Guest Posted ... Interested in Staff's thoughts on this, even tho' i suspect it's somewhat like sheivoko said. AES encryption is what is protecting us here, right? thanks Quote Share this post Link to post
zhang888 1066 Posted ... Interested in Staff's thoughts on this, even tho' i suspect it's somewhat like sheivoko said. AES encryption is what is protecting us here, right? thanks With all due respect to Staff, I believe Mr. Schneier has the answers to crypto related questions on that matter.He is considered by many as one of the best experts in this area, and helped designing many things we use. https://www.schneier.com/blog/archives/2012/03/can_the_nsa_bre.htmlhttps://www.schneier.com/blog/archives/2015/05/more_on_the_nsa_1.html But the best protection would of course be *not* being involved in things that might put you on their target listin the first place, right? Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
knighthawk 19 Posted ... My vote: This is false story, either bad information, or it's just a very badly thought out smear attempt aimed toward ES, or perhaps a convenient misdirection related to some other type of breach that has been discovered. There are too many things about the story that just don't add up (far above and beyond the "is xyz encryption breakable angle), so I say basically - didn't happen. I also think it was somehow related to the OPM hack Agreed, the timing fits, my guess is that incident, as bad as it's been reported so far in the open, was probably even far worse and more extensive than we've been officially told to date. Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Or it's just PR against Russia. Or a combination of things posted here. (Sent via Tapatalk - this generally means I'm not sitting in front of my PC) Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
jsanon 6 Posted ... https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/ Quote Share this post Link to post
OmniNegro 155 Posted ... If anyone in the world had the ability to break a cryptographic legend such as those used in Truecrypt, they would have to be the biggest fools ever to let the world know that when they could gain so much more by keeping it for their own use and only revealing it after they invented a cover story that does not betray that capacity. In World War 2 Churchil let an English city be destroyed entirly rather than reveal that he had the ability to decrypt some of Enigma.https://en.wikipedia.org/wiki/Coventry_Blitz History repeats itself. We are just too foolish to notice most of the time. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post