Thanks to Edward Snowden and his trove of illegally obtained government document delights we have an insight into how the NSA works. That their main priority is spying on its own citizens all under the guise of “security” and “terrorism” and the recently leaked budget gives us insight into what areas the NSA is funnelling their money.
Recently it has come out via Snowden comms that the NSA might have the capability to break various encryption schemes and even worked closely with companies developing these encryption algorithms to implement back doors.
While it’s a given MD5 is insecure and yet still used by many in web applications to hash passwords, has SSL been broken? Apparently to an extent they’ve perfected the art of the man-in-the-middle attack. What other encryption schemes have been broken?
At the end of the day encryption schemes are mathematics running on hardware. While the longer the key length, the longer and harder it is to crack if you throw more hardware and money at the problem the impossible becomes the not-so-impossible.
In this Wired article the author claims he doubts that the NSA has built a quantum computer. Why wouldn’t they build one? If their goal is to intercept data and break encryption to even have a shot at breaking one you need quantum computing. A Dell desktop PC with a core i7 CPU wouldn’t help you break an encryption algorithm, that’s for sure…
Even if some encryption schemes haven’t been broken due to long key lengths, it doesn’t even matter. Supposedly the NSA have worked with a lot of vendors to put back doors right into hardware. So while the communication part might be encrypted, you could potentially have a back door inside of your PC without even knowing capable of side-stepping your long encryption key…
Then on the other hand you have evidence that the NSA has been deliberately strong-arming companies (software and hardware) into installing back-doors. What would have was titled you as a tin-foil hat wearing conspiracy nut-job appears to be a reality. The NSA are deliberately weakening and sabotaging public crypto-systems regardless of the fact it’ll have severe repercussions.
Trust in US and UK based hardware and software companies will most likely be damaged. People will think twice purchasing a potentially tainted chip or piece of software from any company based in these countries. How many encryption schemes we believe are supposedly secure were perhaps even co-created by the NSA? PGP for example.