Can the NSA break AES-256 and TLS? What encryption should

>>57227316
Something post-quantum at the very least. Diffie-Helmann is dead.

the NSA fucking sucks

>>57227336
seriously, the internet has sucked balls since the NSA started fucking with it

>>57227328
Why? My understanding that it was only susceptible to MITM attacks

>>57227328
Its not supposed to be used for security, you use it as a key exchange protocol you use it in conjunction with other protocols.

>>57227354
Not if you have a quantum computer. I wouldn't put it past the government to suppress a classical algorithm either, but that's more doubtful.

File: IMG_4862.jpg (233KB, 2000x1000px) Image search: [Google]

233KB, 2000x1000px

>>57227316

Linear A

>>57227316
AES256 should be safe for the foreseeable future.

But if you're wondering about internet snooping, the NSA sees all. Nearly every website uses Cloudflare. Cloudflare is a MitM. Your connection to them is encrypted, but gets decrypted by them and reencrypted for the site you're connecting to. So they can see the plaintext and modify or log it.

It's genius. Best way to defeat internet encryption. And all the idiots flock to it.

Anything that's based on public key cryptography was broken long ago and that's the best kept secret in the universe.

>>57227741
The NSA figured out how to quickly factor very large semiprimes long ago? That's quite the mathematical accomplishment.

>>57227741
[Citation required]

RSA and AES are both backdoored by US and British intelligence agencies but they want you to think it's safe and secure. The best form of encryption and security is memorising any confidential stuff you have and only keeping it in your head.

>>572277695

It wasn't the NSA.

>>57227775

That's classified.

>>57227769
Much more likely that they're ahead in quantum computing.

>>57227316
NSA can crack everything, the only question is how long it'll take them. If you really need good security you should be changing your keys frequently.

>>57227792
>Post not found.
spooky

>>57227779
>RSA and AES are both backdoored
They are both freely available mathematical algorithms with people running crypto analysis ob them all the time.
The fact that you think this is stupid. Protocols can be backdoored though, is this what you meant?

>>57227822
don't have to change 2048bit key frequently

Can you guys advise me a good read about current digital encryption and decryption stuff which begins with basic explanations? I want to have a crash course

>>57227908
"Understanding Cryptography" by Christof Paar

>>57227316
The nsa probably has trouble breaking WEP. THE only reason why they can get ""some data"" is because only like 3% of traffic is encrypted. Start encrypting everything and they don't have the resources to touch shit

>>57227955
This
The NSA have many computational resources, but crypto algorithms have accounted for just that threat.

>>57227328
Diffie-Helmann isn't encryption.

File: 1429177114622.jpg (12KB, 258x245px) Image search: [Google]

12KB, 258x245px

>>57227316
>not using your own encryption algorithm

>>57227930
thanks anon, now i'll order it. $40 for a book is kind of expensive though.

>>57228059
It's free as E-book

>>57228048
Do you even realize this is the worst possible thing you can do?
The only good encryption is well known. Even then you have to implement it correctly.

>>57228120
whatever you say dumbo, I'm posting from my own OS and my encryption algorithm is the best.

>>57228197
stupid frog poster

>>57228197
T-Terry? Is that you?

They probably don't need to if the encryption is already compromised from the get-go. AES-256, AES-100000000, it won't matter if there's a backdoor put-in by hardware vendors or even software vendors.

>>57227717
4chan is using cloudfare

>>57228204
Can't be Terry. TempleOS doesn't have the network component because God said so.

>>57228204
TempleOS can't into networks so that CIA niggers can't get your data.

>>57227316
>Can the NSA break AES-256 and TLS?
Can NSA break the cryptography? No
Can NSA break the implementation? Yes

>>57227316
>NSA: Sir it appears you have encrypted your harddrive, what is the code
>You: Fuck you
>NSA: Hello FBI? It's me. Anon is terrorist.
>FBI: We'll press charges now lol
>NSA: You're under arrest lol

>>57227354
>>57227361
>>57227999
this is the sad state of /g/

>>57227316
>>57227328
>>57227741
>>57227769
>>57227955
>>57227968
its simple
they just need to precalculate a few big prime numbers and have already half the traffic cashed
>one single prime is used to encrypt two-thirds of all VPNs and a quarter of SSH servers globally, two major security protocols used by a number of businesses. A second is used to encrypt “nearly 20% of the top million HTTPS websites”.

>>57228297
Spooky

>>57227316
Even if they could, they're not going to just to go after your illegal MP3 collection, m8

File: 1477319531144.jpg (13KB, 142x250px) Image search: [Google]

13KB, 142x250px

>AES encrypt my entire SSD
>write down the password on a post-it note and stick it to my PC case

>>57228290
>in the end they still discover all the anime pictures

>>57228254
Exactly.

>>57227316
Blowfish or twofish. AES has had backdoors since day one.

>>57228297
What are you quoting?

>>57227350
the internet has sucked balls ever since normies were let on
every year since arpanet its gone deeper into the drain

>>57228680
You need to use roman cipher on the post-it note just to be sure.

File: 1466739202753.png (603KB, 900x900px) Image search: [Google]

603KB, 900x900px

>>57227316
That isolated seventh shitter

>>57227779
>RSA and AES are both backdoored by US and British intelligence agencies but they want you to think it's safe and secure.

pretty much this

>>57227717
Interesting. Do you have any references?

>>57228120
Why? No citations of famous cryptographers please.

>>57227336
This is my theory too.
Snowden is just a PR stunt that they are actually doing shit and aren't just an incompetent money sink.

>>57229300
does this mean terrorist attacks were allowed to happen?

Does FDE slow down ssds?

>>57230162
The SSD is just as fast with full disk encryption but accessing it might be slower due to full disk encryption.

>>57230162
No

If I encrypt my android, can google break it or see my password?

>>57230227
yes

>>57229242
Do you mean Julian cipher?

>>57228254
and 4chan is not even encrypted, 4chan uses http (not https)

>>57227777

>>57230478
Just put in the s yourself or use https everywhere idiot

>>57230478
>>57230640
4chan gets cucked by cloudflare, PRISM and google though

>>57227775
>the best kept secret in the universe
can't you read?

>>57227316
AES-256 is safe and fine, possible until humanity is extinct.
Modern hashes (SHA-2/3) are quantum safe too but more likely to have undiscovered structural defects than symmetric block ciphers.
(brief aside: hashes can be used in Lamport-Merkel constructions to make quantum-safe signatures if you don't mind them being 10s or 100s of kB each)

Handshakes (DH, ECDH) and asymmetric encryption (RSA, ElGamal) are what need replacements ASAP since they'll be completely retroactively fucked if somebody ever builds a non-toy quantum computer, and all your internet traffic's being saved in the hopes of such a day coming to be.

In the mean time, the things to be most worried about are all side-channels:
> entropy-poor or backdoored RNG
> poor/backdoored protocol design
> poor/backdoored protocol implementations
> public parties losing/giving away their keys
> rubber hoses

>>57227316
It literally doesnt matter

Even if its secure now everything can still be saved and be brute forced 10 or 20 years later when computers are more powerful

>>57227316
It's only as good as the password protecting it.

If you use AES with a weak ass password it wont even matter. I believe snowden says the NSA can crack most 10 character passwords in 3 days throwing trillions of guesses per second at it.

>>57228680
Use Diceware 2bh. I made a simple implementation years ago, and I've been using it every since.

#!/usr/bin/python3
from os import urandom
from sys import argv, exit

wordList="""..."""
wordLen =len(wordList)


def die(side=6):
    x = int.from_bytes(urandom(64),byteorder='big')
#    print(x)
    return x % side

def pword(count=8):
    for i in range(count):
        yield wordList[die(wordLen)]


if __name__ == '__main__':
    if len(argv) > 1:
        try:
            count = int(argv[1])
        except ValueError:
            print("Error: Argument is not a number")
            exit()
    else:
        while True:
            try:
                count = int(input("Please input the number of words: "))
                break
            except:
                pass

#    print(wordList)

    print(' '.join(pword(count)))

File: 310px-IqaluitStop.jpg (23KB, 310x244px) Image search: [Google]

23KB, 310x244px

>>57229242
Write it in Navajo.

On a semi related note. Is it possible to create an syllabic abugida alphabet that works for English that works the same way Inuktitut does?
see vid if you don't know what I'm talking about
https://www.youtube.com/watch?v=xW4hI_METac

>>57231320
canadian language-fag here
>Is it possible to create an syllabic abugida alphabet that works for English that works the same way Inuktitut does?
yes
>does it make any sense
no
english has too many complex morphemes and it wouldnt make much sense to block them together into not often used.
it just doesnt make much sense

>>57228120
>mfw no one is going to bother analyzing my home made crypto
It's actually safer than using some buggy piece of shit like openssl that has exploits for it published every week.

install gentoo

>>57227316
Anyone who knows what they are capable of either works for them, or are the President or high ranking congressional members. They wouldn't even fucking acknowledge what their purpose was for decades. People kind of speculated that it had to do with communications, but that's all it was until the Bush administration finally acknowledged it, and then Snowden kinda blew the lid off a little more.

Anyway, anyone who'd know what they can and can't do isn't going to tell you or me, because doing so could be deemed as treason (see Snowden). So whenever you read shit supposedly regarding their inner workings online, it's pure speculation at best, and likely bullshit. One thing the CIA has acknowledged doing during the Cold War was to spread rumors to the public regarding how bad ass they were, and actively encourage conspiracy theorists. That was because they wanted the Soviets to over-estimate them.

File: 1444095244298.jpg (296KB, 1024x826px) Image search: [Google]

296KB, 1024x826px

>>57231256
>Not using physical dice for Diceware

>>57231658
>implying I have time for that shit
Just buy one of these
https://www.amazon.com/dp/B01KR2JHTA/

>>57228048
>using your own encryption algorithm
Your lunch break is over, Rajest.

Go back to writing your Wordpress scripts.

>>57231510
>this is what /g/ actually believes

>>57228297

Nice source

>>57227350
tfw
>seriously, the internet has sucked balls since *WE FOUND OUT* the NSA started fucking with it

It didn't bother anyone in 2005

>>57231624

There are a whole bunch of assumptions that it is pretty safe to make given what we do know about the last 30-off years of crypto and cryptanalysis developments and what we could reasonably assume is coming in the next few years.

>>57227316
No, but they don't need to for the most part, owing to how poor security is in general.

Heartbleed, the Cisco memory read, etc, all allowed remote access to keys for VPNs etc. In addition, they probably have a stockpile of remote and local exploits for popular operating systems (and no doubt rarer ones, too). Also, people generally aren't good at configuring their operating system securely (WPAD on Windows, for example...).
This doesn't take into account interdiction of hardware and provisioning of firmware backdoors in things like HDDs, either, which is where things get even more nasty.

If you want post-quantum crytography, Keccak is a secure hashing algorithm. More modern implementations of McEliece resolve a flaw in the first designs, which make it a viable (although more costly in space and CPU power) alternative to RSA.
AES, with a large enough key size, is quantum-cryptanalysis resistant, assuming we don't come up with a new technique to break it, which I suspect is unlikely, but not impossible.

The NSA are, first and foremost, opportunists. They'll implement backdoors where they can, including crypto standards. See the Dual_EC_DRBG fiasco. In addition, they rely on metadata a great deal, which cryptography does not defeat the collection and analysis of alone.

TLS 1.3 WG and CFRG participant here.

No, the NSA very probably can't break AES-256. They usually don't need to attack TLS itself, as they prefer attacking endpoints/implementations (among them, CloudFlare, which 4chan uses!).

Bulk interception relies on metadata like DNS lookups, TLS SNI, and 50% of the web that isn't encrypted.

The draft TLS v1.3 with any supported cipher is currently thought to be fine - all even slightly wobbly stuff has been completely removed from v1.3. (Just don't use the new, ultra-fast 0RTT for non-idempotent payloads i.e. HTTP GETs are fine, but *not* POSTs.)

TLS v1.2 is currently thought to be fine, *when properly-implemented*, using one of TLS_ECDHE_(ECDSA|RSA)_WITH_(CHACHA20_POLY1305_SHA256|AES_128_GCM_SHA256|AES_256_GCM_SHA384) with either RSA >2048 bits (ideally 3072 or greater), secp256r1 (NIST P-256), secp384r1 (NIST P-384) or X25519 (aka the key exchange that uses Curve25519). Ed25519 is also fine, as is X448 and Ed448.

You are probably already using one of these with this site, given CloudFlare has a good TLS 1.2 implementation and has already rolled out the latest TLS 1.3 draft.

You probably want to be staying away from finite-field Diffie-Hellman now.

None of these would survive a quantum computer.

>>57227795
No-one is. They aren't.

>>57227328
Only in a secure combination (such as Google trialled with NewHope) alongside an elliptic-curve kex like X25519: there are disadvantages to all of the various PQ algorithms currently available, be they key size, patents, or that they might be worse, or might not actually be PQ. It's still way too early to start recommending things.

>>57228286
Accurate.

>>57229124
Blowfish's 64-bit block size is too small for any modern use. Rijndael isn't backdoored. Maybe use Salsa20 or ChaCha20 instead if you prefer that.

>>57231035
Accurate, but GCM/OCB modes might be fucked with quantum period-finding too.

PS: Look into SPHINCS, stateless hash-based sigs, ~47KB.

>>57235437
Accurate.

File: 1476207577267.gif (371KB, 500x375px) Image search: [Google]

371KB, 500x375px

They probably have some kind of machine, like the one described in Dan Brown's book, Digital Fortress, some kind of supercomputer that can break any encryption by sheer power. Until some chinese computer genius invents the unbreakable algorithm, NSA will know everything.

>>57229295
Took me a little while. Kekked.

>>57231102

If you're operating correctly, it wont matter if they crack it in 20 years because by then none of the compromised data will be relevant.

>>57235782
>secp256r1 (NIST P-256), secp384r1 (NIST P-384)

>trusting NIST

>>57227316
S//
The answer to your questions is:[redacted]. Hope it helps.
//S

AES is safe. And some scientists on the radio said quantum computers are expected to half its strenght (so 256 bit encryption become as strong as 128) as its a symmetric encryption (unlike things like PGP which are vulnerable to quantum computers) so its good for the foreseeable future.

So your password, the implementation and any traces you leave behind are still the weakest links.

>>57237218
And one more thing: there usually is no need to decrypt anything. Your location, where you travel, which websites you visit, network, who you phone and email with, your financial transactions etc provide enough metadata to map your entire life.

>>57227316
>Can the NSA break AES-256 and TLS?

In 20 years yes, but we'll increase to 512.

>>57237218
>so 256 bit encryption become as strong as 128
>downgrading is improving

nice shitposting pajeet

>>57237335
Nice reading comprehension skills pajeet.

the length of your key doesn't matter

it's about how many keys they can test per second

>>57237353
there are no strengths you stupid poo flinger (:

if 128 encryption is compromised 256 is still functional. dumb dumb DUMB pajeet.

>certain 1s and 0s can get you put in jail if interpeted in a certain way by a supercomputer
Really makes you think

>>57237335

Actually AES-128 is stronger than AES-256 in certain situations.

https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

>>57237443
certain atomic elements combined can make a big boom

that's what you sound like

>Can the NSA break AES-256 and TLS?


if it could why would it need secret warrants and to waterboard people ?

>>57230478
Make your browser force https faggot.

>>57237443
watch Transcendence. 1 and 0 are made by humanity like yes and no. are certain way to say yes can lead you to jail aswell

>>57235782
Where is the best source for this kind of advice?

File: uwut.png (13KB, 627x220px) Image search: [Google]

13KB, 627x220px

>>57230478
wut?

>>57227316
NTRU, Mceliece and Merkle hashes

>>57238356

You <- https -> nsaflare <- http -> 4chan

>>57235782
Wow, an actual professional on /g/

Thank you for your service