General Discussion

DanTex

(20,709 posts)

69. I don't think you're nuts, but I think you are getting some of this wrong.

Sat Dec 21, 2013, 04:57 PM

Dec 2013

RSA is two things. One, it is a public key encryption algorithm, and two, it is a company. The RSA algorithm is not compromised. What is compromised is some of the software that the company RSA produced. According to the article, the problem is that RSA's Bsafe crypto software's default random number generator (Dual_EC_DRBG) is vulnerable to a back door. And the NSA paid RSA $10M to use Dual_EC_DRBG, so it is a pretty good guess that the suspicions that NSA put a back door into Dual_EC_DRBG are true.

But this is pretty far from saying that VPN traffic can be read by the NSA. At worst, it means traffic encrypted by providers using Bsafe can be read by the NSA, but I have no idea how many of them do (and I don't think you do either).

What's more, the fact that the Dual_EC_DRBG random number generator had a potential back door has been known since at least 2007, so people that knew what they were doing have considered Dual_EC_DRBG to be broken for some time now. Which means that VPN or any other crypto software written by people who were actually trying to provide security, as opposed to intentionally letting the NSA in, probably were not using Dual_EC_DRBG to begin with. And now that this has all become public, nobody is going to use Dual_EC_DRBG anymore.

This is not to say that the NSA isn't doing things they shouldn't be doing, and of course, it's also possible that the NSA has other hacks that we don't know about. But simply claiming that the NSA has "a back door into encryption" is a pretty big overstatement.

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

120 replies

= new reply since forum marked as read

Highlight:

Many here are now owed Beer and Travel Money with an apology [View all] hootinholler Dec 2013 OP

Rec for the marvelous allusion Feral Child Dec 2013 #1

Rec for the same reason as the other rec. nolabear Dec 2013 #2

�and many experiences. Jackpine Radical Dec 2013 #3

Ah yes, Random Thoughts... awoke_in_2003 Dec 2013 #26

Here you go. woo me with science Dec 2013 #39

I loved Twilighr Zone heaven05 Dec 2013 #74

Before I clicked on the thread I though Random Thouhgts was back! Jazzgirl Dec 2013 #84

Ha ha dreamnightwind Dec 2013 #86

I was trying to think of a way to say pretty much what you did here. Jackpine Radical Dec 2013 #87

Me too, but I always tried to understand tavalon Dec 2013 #110

I wouldn't hold your breath waiting for an apology. sibelian Dec 2013 #4

I considered posting a list of user names hootinholler Dec 2013 #7

I've forgotten most of their names. i could go and look at my ignore list... sibelian Dec 2013 #15

I double-dare them. It's time that sort gets openly ridiculed. So sick of people that ridicule ChisolmTrailDem Dec 2013 #31

It would be nice if "Being an Authoritarian Toady" was an alertable offense. Maedhros Dec 2013 #67

wow, "authoritarian toady" is such a perfect label. thx Vattel Dec 2013 #96

No need to post names. By their works shall ye know them. Maedhros Dec 2013 #66

Or post flame bait just to riducule those who prefer not to make Big Pharma richer or injest ChisolmTrailDem Dec 2013 #98

k&r for beer and travel money. Not to mention many experiences. Hassin Bin Sober Dec 2013 #5

mmmm beer JVS Dec 2013 #6

Have a beer, or at least a virtual beer. malthaussen Dec 2013 #9

BitCoin works hootinholler Dec 2013 #22

Perhaps the NSA invented BitCoin MannyGoldstein Dec 2013 #53

IDK if BitCoin uses RSA algorithims hootinholler Dec 2013 #54

Nobody knows who "Satoshi Nakamoto" is... reACTIONary Dec 2013 #60

Well, I doubt they speak in script kiddie hootinholler Dec 2013 #63

Bitmessage, based on Bitcoin, is broken and easily tracable. joshcryer Dec 2013 #102

FYI - BitCoin Random Number Generator Attack reACTIONary Dec 2013 #59

Oh man! OUCH! hootinholler Dec 2013 #61

Somebody owes me... MannyGoldstein Dec 2013 #70

NIST has actually been actively finding bugs and reporting them: joshcryer Dec 2013 #105

Let's see... I'm going to conduct an illegal transaction... reACTIONary Dec 2013 #108

Looks like you were right. Lasher Dec 2013 #8

Well it does eliminate that cause hootinholler Dec 2013 #11

Now you're just freaking me out. pintobean Dec 2013 #17

Why would anyone want to shut down discussion of the national security state? Octafish Dec 2013 #10

Shout it from the fucking hilltops my friend hootinholler Dec 2013 #14

I hear ya' PeoViejo Dec 2013 #73

Riders in the Sky Octafish Dec 2013 #94

I mentioned that pic upthread... awoke_in_2003 Dec 2013 #28

I think it's from Twilight Zone suffragette Dec 2013 #33

Burgess Meredith Octafish Dec 2013 #36

Ah, of course... awoke_in_2003 Dec 2013 #41

i think it may be from a much earlier movie. stella by starlight tiny elvis Dec 2013 #88

Thank you, tiny elvis! Octafish Dec 2013 #93

Doubleplusgood! nt woo me with science Dec 2013 #40

I can think of three reasons. One is denial. Discussions are tough on those living in denial. rhett o rick Dec 2013 #55

I'll leave this here, since it's on topic... Maedhros Dec 2013 #68

It's a harder life, not to bow down to authority, tavalon Dec 2013 #111

I think very few Americans are raised to be open-minded and not just trust authorities rhett o rick Dec 2013 #115

We live in an authoritarian society tavalon Dec 2013 #120

+1 . . . .n/t annabanana Dec 2013 #107

It is DU dear nadinbrzezinski Dec 2013 #12

K&R As are many of us. Egalitarian Thug Dec 2013 #13

That is true hootinholler Dec 2013 #21

So, fuck 'em, we'll get our own damned beer! Egalitarian Thug Dec 2013 #24

You are a prophet. undeterred Dec 2013 #16

Not at all hootinholler Dec 2013 #19

Rec for "Beer and Travel Money" progressoid Dec 2013 #18

K&R! Hatchling Dec 2013 #20

I did not respond to you you at all. I thought you were nuts, but I kept it to myself. Even so ... 11 Bravo Dec 2013 #23

I've always held you in high regard hootinholler Dec 2013 #43

I appreciate that. (But I still WISH you had been wrong. I love this country, and right now ... 11 Bravo Dec 2013 #47

I would love to have been wrong! hootinholler Dec 2013 #49

Friendly correction: the Internets seem to think it is Coveyou who said that. eomer Dec 2013 #25

Thank you for that! hootinholler Dec 2013 #29

K & R !!! WillyT Dec 2013 #27

Sorry, I am too broke right now awoke_in_2003 Dec 2013 #30

They won't apologize. But everyone can go back to those threads and see ChisolmTrailDem Dec 2013 #32

Well I don't owe you a thing. zeemike Dec 2013 #34

K&R DeSwiss Dec 2013 #35

We'll all meet in Vallhalla Demeter Dec 2013 #37

Random Thoughts! TwilightGardener Dec 2013 #38

K&R woo me with science Dec 2013 #42

K&R Keep on truckin. nt raouldukelives Dec 2013 #44

I refuse to apologize. Glassunion Dec 2013 #45

Don't say you weren't warned when the NSA comes sniffing around your packets hootinholler Dec 2013 #46

But, but, but he had boxes in his garage and ran to Russia for god's sakes! Scuba Dec 2013 #48

He had an altar to Ayn Rand too! hootinholler Dec 2013 #50

I heard he was the product of Ayn Rand's frozen eggs MannyGoldstein Dec 2013 #71

Now THAT'S one damn disgusting mental image..... paleotn Dec 2013 #92

As I was typing that MannyGoldstein Dec 2013 #97

Scary but not surprising PrestonLocke Dec 2013 #51

Regarding certain aspects of modern life randr Dec 2013 #52

There was no tinhat involved hootinholler Dec 2013 #56

Is that the same people bvar22 Dec 2013 #57

I doubt the apologies, beer or travel money will appear from that quarter suffragette Dec 2013 #58

How have you been? hootinholler Dec 2013 #64

Been deluged at work suffragette Dec 2013 #78

It's been crazy around here hootinholler Dec 2013 #82

Hope the dinner was great! suffragette Dec 2013 #100

Recommended! NYC_SKP Dec 2013 #62

Oh, you great big narcissist, you. sibelian Dec 2013 #65

I don't think you're nuts, but I think you are getting some of this wrong. DanTex Dec 2013 #69

You have good points... hootinholler Dec 2013 #72

I've seen that slide and I'm not clear what the implications are. DanTex Dec 2013 #75

If what you are suggesting was scalable... hootinholler Dec 2013 #79

Well, I'm sure they are trying to get the content. DanTex Dec 2013 #83

It's grabbing all plaintext. joshcryer Dec 2013 #104

Good info..... Logical Dec 2013 #109

The Snowden Haters And NSA Apologists Will Never Come Clean cantbeserious Dec 2013 #76

I never doubted you although I didnt openly support you either. I guess I just rhett o rick Dec 2013 #77

I remember you being one of the few, if not the only one, of our KoKo Dec 2013 #80

I don't know a thing about 'random number generators' Lifelong Protester Dec 2013 #81

I've always imagined a dial where you tune it till,...oh wait,...that's an old TV set.... Spitfire of ATJ Dec 2013 #85

I thought Cisco was compromised and it now turns out that RSA itself is compromised. lunasun Dec 2013 #89

rec. nt Demo_Chris Dec 2013 #90

Forget the apology Incitatus Dec 2013 #91

"The generation of random numbers is too important to be left to chance." Xipe Totec Dec 2013 #95

I miss Random Thoughts. Aristus Dec 2013 #99

Top of the Greatest Page. woo me with science Dec 2013 #101

RSA is not compromised, FIPS 140-2 is, if Dual EC_DRBG is enabled. joshcryer Dec 2013 #103

Yes, I was technically imprecise hootinholler Dec 2013 #114

Remember, SecureIDs root keys were leaked. joshcryer Dec 2013 #116

Where did the "beer and travel money" meme come from, and what does it mean? Owl Dec 2013 #106

A beloved (and by some, not so beloved) tavalon Dec 2013 #112

WOW you've been around a long time hootinholler Dec 2013 #118

Recced for the call back to a famous Duer tavalon Dec 2013 #113

I'll take some beer and travel money Aerows Dec 2013 #117

kick woo me with science Dec 2013 #119