Posts: 786
Threads: 104
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Aug 2009
If you thought you could use encryption to be safe from NSA wiretapping, think again. The following paper details a very successful attack on GnuPG, based on measuring L3 cache accesses and recovering key information from these measurements. I quote from the conclusion:
Quote:[size=12] It is hard to overstate the severity of the weakness in GnuPG. GnuPG is a very popular cryptographypackage. It is used as the cryptography module of many open-source projects and is used, for example,for email, le and communication encryption. With our attack, any process running on the system canextract private keys. Hence, GnuPG in its current form is not safe for a multi-user system or for any system that may run untrusted code.
[/SIZE]
The paper is availabe here: http://eprint.iacr.org/2013/448
The most relevant literature regarding what happened since September 11, 2001 is George Orwell's "1984".
Posts: 9,353
Threads: 1,466
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
Carsten Wiethoff Wrote:If you thought you could use encryption to be safe from NSA wiretapping, think again. The following paper details a very successful attack on GnuPG, based on measuring L3 cache accesses and recovering key information from these measurements. I quote from the conclusion:
Quote:[size=12] It is hard to overstate the severity of the weakness in GnuPG. GnuPG is a very popular cryptographypackage. It is used as the cryptography module of many open-source projects and is used, for example,for email, le and communication encryption. With our attack, any process running on the system canextract private keys. Hence, GnuPG in its current form is not safe for a multi-user system or for any
system that may run untrusted code.
[/SIZE]
The paper is availabe here: http://eprint.iacr.org/2013/448
I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too?
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge. Carl Jung - Aion (1951). CW 9, Part II: P.14
Posts: 786
Threads: 104
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Aug 2009
David Guyatt Wrote:I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too? GnuPG, which is the subject of the article, is the most common implementation of PGP.
The described procedure can be used to attack any encryption program, not by cryptoanalysis, but by monitoring the running decryption program and analysing the steps it takes during decryption.
The most relevant literature regarding what happened since September 11, 2001 is George Orwell's "1984".
Posts: 17,304
Threads: 3,464
Likes Received: 0 in 0 posts
Likes Given: 2
Joined: Sep 2008
David Guyatt Wrote:I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too? There are bigger issues with proprietary software. At least with the Libre software there are thousands of people watching for the problems and working on the solutions. The hive mind. And we will hear about the problems. With the closed and commercial systems they may have a commercial interest in not letting their clients know there are big problems with their products (both loss of sales and share price valuation) and they don't have any where near the numbers of eyes looking at the issues that could go wrong and how to fix them. And software programs of any kind, proprietary or Libre can be hacked.
Nevertheless, what Carsten has posted is rather unnerving to say the least.
"The philosophers have only interpreted the world, in various ways. The point, however, is to change it." Karl Marx
"He would, wouldn't he?" Mandy Rice-Davies. When asked in court whether she knew that Lord Astor had denied having sex with her.
“I think it would be a good idea” Ghandi, when asked about Western Civilisation.
Posts: 16,111
Threads: 1,773
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: Sep 2008
26-07-2013, 09:04 AM
(This post was last modified: 26-07-2013, 09:25 AM by Peter Lemkin.)
Though not an expert on this [ask some trusted White Hat Hackers], it is my understanding from reading non-technical literature on this subject that most proprietary encryption software have 'NSA backdoors or keys'; as mentioned above, most PGP encryption can be unlocked and viewed by 'watching' how the computer is unencrypting it; and, that the only people one is hiding anything from are other mortals [rather than intelligence, especially electronic intelligence agencies - US and some others]. ONLY custom made very advanced huge prime number encrypted things are safe [sort of].....NSA and others can [if they devote the considerable computer power/time to it, with effort still decrypt almost all of them [and these are not your usual encryption algorithms]. Usually, they just store all encrypted messages, decrypt as they are storing the 'easy ones' [along with most of the unencrypted ones], and later can decrypt higher level encrypted ones if they are curious and/or suspicious. While they realize that some encrypt just to be 'cool'; encryption + political dissent/disagreements [as they define it] with 'the Empire' = a graded and greater level of attention and suspicion, often. Its back to written letters, furtively exchanged hand to hand (and using dead drops, etc.), if you really have something secret to pass on to someone else.....The only thing going for us, is they do not have the time or manpower to look at everything and everyone - although they collect everything from everyone [if they need to 'go back' and look/listen]
 Big Brother sees and hears all! Fascist Police State[s], spreading worldwide, with the NSA and its sister agencies well in the lead.....
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
|
