Quote of the day—nsa.gov1.info

NSA logo

nsa.gov1.info
2013
[Check out the text shown if you let your mouse cursor hover over the image.

This is a very well done parody site. It had me fooled for a minute or so, then perplexed, then finally I realized what it was.

It was when I was reading this that the light came on for me:

Our Target: 256-bit AES

The Advanced Encryption Standard (AES) algorithm is used worldwide to encrypt electronic data on hard drives, email systems, and web browsers. The AES 256-bit encryption key is the standard for top-secret US government communications. Computer experts have estimated it would take longer than the age of the universe to break the code using a trial-and-error brute force attack with today’s computing technology.

In 2004, the NSA launched a plan to use the Multiprogram Research Facility in Oak Ridge, Tennessee to build a classified supercomputer designed specifically for cryptanalysis targeting the AES algorithm. Recently, our classified NSA Oak Ridge facility made a stunning breakthrough that is leading us on a path towards building the first exaflop machine (1 quintillion instructions per second) by 2018. This will give us the capability to break the AES encryption key within an actionable time period and allow us to read and process stored encrypted domestic data as well as foreign diplomatic and military communications.

Nope. If you know how to read encrypted messages everyone else believes are unbreakable then that is one of the most tightly guarded secrets you have. That would be even more closely guarded than Obama’s birth certificate and the number of people murdered with guns from Holder’s “Fast and Furious” program.

H/T to Lyle.—Joe]

18 thoughts on “Quote of the day—nsa.gov1.info

  1. Secret unless it was used to decrypt messages that led to the killing of a high profile terrorist like Bin Laden… Then the president would reveal the capability and that would lead to using higher bit encryption.

  2. There’s a reason NSA was known as “No Such Agency” for so long.

    NEVER admit your crypto capabilities.

    NEVER admit your decryption or recon capabilities.

    NSA didn’t even do the cute thing CIA does so well — “accidentally leaking” failures to maximize the impression of incompetance. . . soemthing they did so well even analysts who _knew_ it was happening couldn’t avoid letting it color their subconscious and thus thier analysis. (Best professional compliment an intel offcier can receive from someone outside his chain of command is, “He’s too stupid to be a spy.”)

    NSA, OTOH, figures there is recoverable data in ANY signal, no matter how encrypted, oblique, or even intentionally diddled — sometimes the pattern of lies is more important than if there were no implanted lies. (Lies are harder to keep consistant.) Thus, NSA would say NOTHING, leaving no signal at all to be cracked.

  3. We’ve been letting this cat out of the bag for some time. In ‘Nam, we had the encrypting device, the KAA-28, on our UHF aircraft radios. It, too was of simple design, presenting so many combinations of switch settings (like “Enigma” of WW2 fame) that the code-breaking of the time would never have gotten to it. The code was changed every 6 hours, and the best supercomputers of the day could solve for the combinations in 30 hours (but then the KAA-28 was an analog device, and all those combos would have to be physically set into a device, one at a time, for it to be usable). An Intelligence type told me that advertising our encryption capability kept the Commie Intell busy trying to crack the code, whereas if they had used simple SigInt, they could have come up with 80% of our intentions off of un-encrypted radio.

    The same games are being played today. Advertizing the exaflop computer as just over the horizon keeps the Chinese busy trying to build one sooner.

  4. Rivrdog has it. You advertise it when your abilities are actually much beyond that, for the chilling effect. You dissuade your targets from attempting any communication, and isolate them, while still being able to decrypt what they think are time consuming but “safe” communications, like Bletchley Park and Enigma (where we could decode Enigma messages faster than an operator with an Enigma machine could do it.)

    • Wrong.

      You don’t say anything, at least until 30 or 40 years after the fact.

      And no, Bletchley couldn’t do it faster than the Germans, and neither could Arlington Hall (after mid-1943, the US took over breaking the 4 rotor naval Enigma because the British couldn’t build a reliable high speed 4 rotor bombe).

      In fact, barring capture of the keying documents that meant there was no cryptanalysis needed, there was always a delay of at least a couple of hours, and often much more, between receiving the first signals in a new key period and the derivation of the key settings. Even after, generally the Germans could decrypt faster. That’s because the radio man himself would be doing it right after he received the message, or an officer who is right there next to him.

      The Allies, on the other hand, intercepted the messages at listening stations, and messages would either be telexed or sent by messenger to Bletchley, where they would “flow” through the system, being sorted, analyzed for importance, and then decrypted (or not, if they were considered unimportant or otherwise unworthy of further work). Following that, they went to a translator, and for further analysis. Even if you’ve thoroughly penetrated the system, all that takes time.

      That’s not to say it wasn’t actionable: A message outlining an attack that is going to happen in 12 or 24 hours, and that gets into the hands of those who need it with enough time to make preparations to blunt that attack is still a good result. Even messages that are long out of date can be useful or instructive.

      /Ex SIGINT weenie

      • This is correct. As we have found from all the declassified information about Enigma, in WW2 the Allies didn’t want the Germans to suspect that they could read decrypts even long after the battle, let alone read them in real time. Had the Germans secretly added yet another wheel to the Enigma based on suspicions from too many bad coincidences, everything in the last year of the war would have been harder, from maintaining the progress in the Battle of the Atlantic to troop dispositions in Normandy and elsewhere. Operation Market Garden would have been an even greater surprise than it was.
        To be able to break unbreakable codes with time to react to the messages encoded would be a technological leap in intelligence and warfare comparable to, for instance, in criminal investigation, being able to produce a DNA code of someone in an hour or two, based on skin oil left on an object, and being able to distinguish between multiple handlers of that object. The difference being, of course, that due to the nature of crime vs warfare, the advantage would be in blabbing (some crooks might go straight).

    • I hadn’t seen that but I know of two different ways that can be done.

      The “security experts” at the car companies don’t understand and/or didn’t implement real security. Electronically, cars are essentially wide open. You can drive away with the entire car almost as fast as someone with a key.

      You can also “own” a lot of cars by inserting a CD.

      • Huh? Inserting a CD into what? Your home computer?

        I realize that computers are simply dumb boxes and they are only as smart as the person who programs them…. That’s why I find this problem interesting. There is obviously a hole somewhere.

        • He’s right. Everything on the cars now are networked, and there are trojan horses that can be injected via the CD player. They can also be injected through the entertainment system via bluetooth without ever getting into the car.

          • Okay….. I’m not very tech savvy. Bluetooth is on all the time? Even when you shut the car off? So you can insert a Trojan via the airwaves?

            Couldn’t a firewall and an antivirus program stop that from happening?

          • Couldn’t a firewall and an antivirus program stop that from happening?

            Sure. But they are expensive to write and (so far) these attacks have been rare enough that security-through-obscurity has been “good enough”.

      • Thinking about this now…. It seems to me that there might also be a hole in the “remote assistance” area of the computer.

        Years ago, I got involved with a few security experts trying to figure out what was happening on eBay with accounts being taken over. eBay swore the site was secure and accounts were falling victim to phishing, etc. Well, the site wasn’t secure. One of the experts on this side had his computer taken over by someone in Romania. Remote assistance was unheard of at the time. The whole thing was very bizarre, very cat and mouse. (This actually happened to two people that I know of.)

        Perhaps something like this is happening with cars.

    • I don’t think any encryption is being broken. The targets are all Hondas and it’s always the passenger door. That suggests a vulnerability that is specific to the manufacturer and a location, with a very short range exploit. The radio receiver should unlock all the doors. This sounds like some sort of manipulation of a safety system (the doors unlock when the car thinks it has been in an accident) or the locking system in that door. It could be something as simple as an electromagnet in the right spot to pull two wires together and short a connection that shouldn’t be there.

      • Probably. Its not tough. A bear sow in Yellowstone NP learned how to hit the trunk of Honda Accords to open them for the picnic basket goodness and taught her cubs.

      • That’s certainly possible.
        But encryption is quite hard to get right, and the world of technology is littered with examples demonstrating what goes wrong when ignorant people develop what they thing are secure encryption systems. Some examples include A4 (the encryption used in European cell phones, at least in the past), the DVD encryption system, WEP (the “security” system in first generation wireless LANs), and so on.
        Even specialists make mistakes, and mistakes in encryption systems can, at times, completely void the security that was supposed to be there. But an encryption system developed by anyone who isn’t a serious expert (meaning with a decade or so of solid Ph.D. level work in the relevant math and cryptographic research) is almost guaranteed to be utter junk.

  5. “Critical Path Method (CPM)”? CPM? Really? Why not use a Defense Observation System (DOS) and be up-to-date, sort-of … ? Tres cute and amusing …

Comments are closed.