Hacker News new | comments | ask | show | jobs | submit login

Breaking crypto is what the NSA was created to do, playing a cat and mouse game with it means you'll always loose. If the NSA cannot break crypto it's useless, and given 2 outcomes them giving up or them just asking for more money and being more intrusive the latter is much more likely.

No one will get their privacy "back" by fighting the NSA through technology, considering their mission, budget and capabilities they'll always win, the only way to pacify the NSA is through legislation that will ensure that they only use their capabilities when it's warranted.

It is possible for sets of very few people to communicate in ways the NSA could never break. Examples: DH/RSA with ~2^14bit keypairs, OTP, etc. It's much harder on a large scale, but in the end, I think it's doable.

The NSA can build a giant supercomputer/ASIC system/FPGA grid, but they're not going to factor a 2^14bit prime unless they have working quantum.

The only problem then is, unfortunately, having correct, secure, and non-tampered-with implementations of all the requisite libraries.

The NSA/US Intelligence can compromise small groups through other means, by either tailoring some sort of exploit or by going through the ol' hitting them with a wrench till they spill their secretes routine.

I'm not saying that currently in theory you cannot deploy or implement NSA foolproof crypto, I'm saying that in practice it will never work because the NSA mandate is to be able to break it and they'll will do everything in their power to maintain those capabilities.

And unless some one thinks that abolishing the NSA is a realistic possibility then you better pick your fights, because while the NSA all other US defense organizations are more or less superior to all others because the USA sees dominance and force projection to be vital to their national security China, Russia, and probably major EU powers aren't that far behind.

The other part of the NSA mandate is to help protect US secrets (commercial and military). Which is one reason why many were surprised when it seemed they'd thrown a wrench in the works wrt NIST/curve crypto -- if they'd tricked the US military and commercial interests to use a flawed curve, they'd undermined their own mandate.

As for "Allied Countries"... yeah, sure the NSA would probably be within its charter if it let China take over Britain (except of course, that that'd harm US interests too).

Ah, but that was the beauty of the (putative) NSA hack on the standards process: you only leaked the state of the random number generator to an entity that knew the factors of the parameter used by Dual_EC_DRBG to feed the algorithm.

Using Dual_EC_DRBG was a bit like doing your half of a Diffie-Hellman key exchange with the NSA - with the key exchanged being your internal random-number generator state - to anyone else, this communication is completely impenetrable!

Well, until someone else gets sufficient access to the internal NSA IT systems to get hold of the factors themselves of course. And one of the things Snowdon demonstrated to us was just how woefully insecure their internal networks were to a person in the right position. If someone in Snowdon’s position was able to access those keys, then it seems likely that so would other intelligence agencies, but we’ll never know for sure of course.

Such hubris. Much decrypt. Thanks NSA!

I can factor a 2^14 bit prime in my head.

Hah! I can factor any size prime in my head! (If it's not prime, though, all bets are off...)

This depends on your view of the nature of technology vs. the nature of political institutions.

I tend to believe that, with time as the X-axis, that the nature of technology is on a positive curve with regard to liberty while the nature of political institutions is on a negative one.

I'm curious why you think the nature of technology is on a positive curve with regard to liberty.

Technology is a power multiplier. In the context of a graph of liberty vs time it would simply make moving that curve on the Y axis exponentially easier.

So either you disagree with that or you have some optimistic views on human nature with regards to liberty.

Add in the problem that that the less liberty there is the easier/more likely it is for more to be removed, increases in liberty are up hill, so to speak, compared to decreases as a side issue.

Technology can be positive or negative it's all in the application, but that's not the issue.

It's not that the NSA is inherently bad or good, as long as it exists it will be able to break crypto because that is it's mission, the US needs that ability for national security but it doesn't mean that the NSA has to apply their capabilities to cast a net on the entire planet.

That said it's very unlikely that an organization with virtually unlimited funding, and a recruitment monopoly on the best and the brightest in the field of cryptography and computer security will lose on the technology front. Trying to disarm the NSA is effectively trying to disarm the US that won't fly, the only option is to ensure that they use it only when its explicitly warranted and not as a business as usual tool.

> the US needs that ability for national security


> recruitment monopoly on the best and the brightest in the field of cryptography and computer security

Again, bullshit. The NSA can't compete on compensation and there are plenty of people who refuse to work there out of principle alone.

It's not bullshit the NSA plays a pivotal role in ensuring US national security, that doesn't mean that their current actions are justified, but having the means is a national security mandate in the current geopolitical climate.

And the NSA doesn't need to compete on monetary compensation, it competes on a whole 'nother level which is giving people the biggest challenges to solve while having access to unparalleled levels of resources and cutting edge technology.

Bell Lab's didn't compete on compensation either, but it was where everyone wanted to work because of the environment.

You also disregard nationalism, patriotism, and the ability of the intelligence community to groom targets which they've perfected into an art form.

> You also disregard nationalism, patriotism, and the ability of the intelligence community to groom targets which they've perfected into an art form.

I'm not saying those things don't exist or that the NSA is incapable of hiring competent people, I'm disputing your claim that the NSA has a 'monopoly' on recruiting the best and brightest. I've seen no significant correlation in my personal experiences between skill in mathematics and patriotism.

Your beliefs are opposite the reality. Invasion of privacy has never been so high

Well that doesn't technically preclude the parent's thought; we could simply be at the beginning of the curve in his / her graph.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact