

Predicting the next NSA Revelation - breaking of AES256 & PGP? - rorybireland

So now that everyone foolishly has woken up to the plainly obvious - that NSA and GCHQ is intercepting practically all data on the internet and is about to store it in Nevada.<p>How long to the revelation that AES256 and and PGP have been broken?
======
rorybireland
I gonna go with all Intel/AMD chips have a backdoor or weakness...

It's been done before and since:

[http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_...](http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html)

------
rorybireland
Or allies like Tony Blair:
[http://abcnews.go.com/Blotter/story?id=6321173#.UbHMYPlYh8E](http://abcnews.go.com/Blotter/story?id=6321173#.UbHMYPlYh8E)

------
retrogradeorbit
There's a keyboard sniffer they can activate in every copy of Windows and OSX.

and/or

They can listen into you at any time using your mobile _when you're not on a
call_.

------
mtgx
My bet is on the media finding out that most of this surveillance and of those
NSL's weren't actually used to catch or even investigate potential terrorists,
but for _completely_ different purposes, and were specifically used to catch
Americans, not foreigners.

------
gesman
NSA does not need to break AES or PGP. They can access pre-encrypted
information or post-decrypted information.

------
pasbesoin
One possibility:

Your banking is pwned. Domestic SWIFT-ish scandal. Not for big dollar amounts;
_every_ transaction -- at the least, every one that exits a local branch
and/or bank.

And/or, my personal favorite:

Your shopping loyalty card mined for "suspicious" foods. ;-)

\--

P.S. Yeah, I know the second one is redundant in as much as so many people
shop with credit cards. But I've always been suspicious of those loyalty
cards. And everyone knows that, while the [keyword] may shop with cash, they
can't pass up a bargain.

------
contingencies
In the spirit of the _zeitgeist_ ("let 100 flowers bloom"!), I shall disclose:
(high ranking, not a cog, multiple conflicts background) UN military
COMSEC/SIGINT type, 2012. Looked me in the eyes, measured their words, and
then said "PGP [meaning GPG] has been compromised since early versions".

~~~
tptacek
Looked you in the eyes, measured his words, and then turned out to be
completely full of shit. A 2013 GPG user is creating AES256-CFB ciphertexts
with session keys delivered over 2048 bit RSA and DSA signatures.

These are far from the sturdiest constructions we have in cryptography; a
conservative design today wouldn't be using RSA or DSA at all. But they're
proven and used all over the place, including on government traffic no
reasonable person could believe the USG would accept a mass compromise of.

If you believe that anyone at the UN can decrypt PGP and would have under any
circumstances ever shared that with you, I have some dead aliens from Roswell
to sell you.

It may be that he was confused. Very early versions of PGP, from when
Zimmerman was apparently just learning what cryptography was, used a cipher of
his own design that turned out to be broken.

Being 2 hops from a lot of people with active clearances, I'll add that this
is a very popular bit of gossip. The last one I heard was Blowfish; "don't use
Blowfish!" "Why would I? It's super old?" "Never mind that. My friend just got
out of NSA and said they could trivially break Blowfish. Something about the
sboxes."

A credible claim you might make right now: with some degree of effort (ie, not
in real time), it might be possible to break large-ish RSA keys.

