

Ask HN: What are the realistic capabilities of the NSA? - anemitz

From a technical perspective, what are the data collection, analysis, and code-breaking capabilities  available to the NSA?<p>What implications does this have on widely used security protocols and methodologies?
======
bifrost
I think it'd be better to consider "what can't the NSA do" given their budget
and capabilities.

Tapping and storing terabits of data is effectively trivial, analysis is the
hard part. If they hold useful SSL keys (like Facebook, Google, etc) they'll
have a much a much easier time figuring out what people are doing.

------
e3pi
Your own secure crypto:

Assume everything popular is attacked, assume vast libraries of primitive and
proprietary cryptanalysis routines.

Of their thousands of hires with security clearance, the cipher newbies are
likely given exercises attacking odds-and-ends with massive (old?) Cray
orchards.

OTP - is always secure but inadequate for large plaintext. Pad transport is
vulnerable.

Naive stream ciphers are seductive but weak.

Brits, MI5(?) had RSA a decade and a half(?) before RSA.

Factorization is RH(`assume Riemann Hypothesis'), perhaps new unpublished
vulnerabilities to probable primes?

Better amateur practicing crypto analysts than me can likely offer good points
here.

Wikipedia has terrific crypto intro. eg:

[http://en.wikipedia.org/wiki/Outline_of_cryptography](http://en.wikipedia.org/wiki/Outline_of_cryptography)

and ...

[http://en.wikipedia.org/wiki/Deniable_encryption](http://en.wikipedia.org/wiki/Deniable_encryption)

