Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is possible for sets of very few people to communicate in ways the NSA could never break. Examples: DH/RSA with ~2^14bit keypairs, OTP, etc. It's much harder on a large scale, but in the end, I think it's doable.

The NSA can build a giant supercomputer/ASIC system/FPGA grid, but they're not going to factor a 2^14bit prime unless they have working quantum.

The only problem then is, unfortunately, having correct, secure, and non-tampered-with implementations of all the requisite libraries.




The NSA/US Intelligence can compromise small groups through other means, by either tailoring some sort of exploit or by going through the ol' hitting them with a wrench till they spill their secretes routine.

I'm not saying that currently in theory you cannot deploy or implement NSA foolproof crypto, I'm saying that in practice it will never work because the NSA mandate is to be able to break it and they'll will do everything in their power to maintain those capabilities.

And unless some one thinks that abolishing the NSA is a realistic possibility then you better pick your fights, because while the NSA all other US defense organizations are more or less superior to all others because the USA sees dominance and force projection to be vital to their national security China, Russia, and probably major EU powers aren't that far behind.


The other part of the NSA mandate is to help protect US secrets (commercial and military). Which is one reason why many were surprised when it seemed they'd thrown a wrench in the works wrt NIST/curve crypto -- if they'd tricked the US military and commercial interests to use a flawed curve, they'd undermined their own mandate.

As for "Allied Countries"... yeah, sure the NSA would probably be within its charter if it let China take over Britain (except of course, that that'd harm US interests too).


Ah, but that was the beauty of the (putative) NSA hack on the standards process: you only leaked the state of the random number generator to an entity that knew the factors of the parameter used by Dual_EC_DRBG to feed the algorithm.

Using Dual_EC_DRBG was a bit like doing your half of a Diffie-Hellman key exchange with the NSA - with the key exchanged being your internal random-number generator state - to anyone else, this communication is completely impenetrable!

Well, until someone else gets sufficient access to the internal NSA IT systems to get hold of the factors themselves of course. And one of the things Snowdon demonstrated to us was just how woefully insecure their internal networks were to a person in the right position. If someone in Snowdon’s position was able to access those keys, then it seems likely that so would other intelligence agencies, but we’ll never know for sure of course.

Such hubris. Much decrypt. Thanks NSA!


I can factor a 2^14 bit prime in my head.


Hah! I can factor any size prime in my head! (If it's not prime, though, all bets are off...)




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: