It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
German Gov is able to decrypt PGP and SSH
page: 2share:
Originally posted by NoSoup4U
Our government has a "master key" for gpg and pgp too, but it ONLY works with gnupg versrions higher than gnupg-w32cli-1.2.2 . How do I know this? Well, I use gpg encryption in my current job all the time. It is 2048 bit ElGamel encryption that is done through the commandline. For some of the idiots I work with, I wrote a GUI front end completely using JAVA. Anyway, if you can find the version gnupg-w32cli-1.2.2 and use it, there will be no worries for the real paranoid person.
I'm sorry to tell you this, but you're absolutely wrong. There is no "master key" for RSA, ECDSA, AES, RIPEMD-160, SHA-512, Whirlpool, Serpent, or TwoFish. You may "use" gpg in your current job, but I am a contributing developer on the GnuPG project as well as the TrueCrypt project and am intimately familiar with the source code as well as its various methods of operation. PGP is a different story. PGP uses the proprietary IDEA encryption algorithm which IS known to have a back-door. Also, if you're going to represent yourself as an encryption expert, at least have the decency to refer to the POSIX-based platform and not Windows LOL.
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?
I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.
I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.
I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.
I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.
Originally posted by joesomebody
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?
I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.
I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.
Exactly. Some people think that "open-source" means that anyone can just throw some code in there willy-nilly with no peer review. I can tell you that the peer review on candidate code branches is so brutal that committing back to the hub is personally terrifying. You've got 100+ developers, each with a giant ego and attitude, just looking to rip you apart and discredit your work. You allow a back-door to sneak by and they'll crucify you.
Spot on...
Usually education is what bridges the gap between news-fiction and fact on these "they are spying on you all the time" stories.
Usually education is what bridges the gap between news-fiction and fact on these "they are spying on you all the time" stories.
Originally posted by joesomebody
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?
I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.
I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.
No.
Take one of the most necessary and most utilized security projects that also uses encryption. Truecrypt.
No code review. This is much more the norm than the rule. No review done especially after initial project release.
Originally posted by AlchemicalMonocular
No.
Take one of the most necessary and most utilized security projects that also uses encryption. Truecrypt.
No code review. This is much more the norm than the rule. No review done especially after initial project release.
You are mistaken. I am a contributing developer on both the GnuPG and TrueCrypt projects, and both of them have extremely rigid and thorough peer review of code submissions and branch modifications.
reply to post by draco49
thats an illusion if you generalize it - just remember Open BSD...
maybe you're in your own bubble but every lock made by humans can be broken by them...rootkit for true crypt or B&E (a possebility most people forget about) or tempest etc pp...encryption is just an illusion like high secure car locks...sure they are good to prevent some stupid kids to steal your car but cars still get stolen...
thats an illusion if you generalize it - just remember Open BSD...
maybe you're in your own bubble but every lock made by humans can be broken by them...rootkit for true crypt or B&E (a possebility most people forget about) or tempest etc pp...encryption is just an illusion like high secure car locks...sure they are good to prevent some stupid kids to steal your car but cars still get stolen...
edit on 26-5-2012 by Hessdalen because: mindcontrol
Originally posted by H1ght3chHippie
The matter is rather simple.
There is no such thing as unbreakabke encryption.
One time pads.
Encrypting something only makes sense if there does exist a way to decrypt it.
And if your means of decryption is a one time pad, you cannot decrypt it without the key. There is no way to break a one time pad. You can hope your opponent screws up and reuses key material, or an agent sells you a pad, but there is no cryptographic break against a correctly implemented OTP system.
Judge Orders Password from
Defendent
The further you go up the food chain, the more resources are available to defeat security. But there still seem to be a few blind spots for Law Enforcement and Govt.
I have family and friends that have been with NSA for decades and they'll be the first to tell you that even at low levels they were using the same computing power in 2002 that we are only getting today, so you can imagine where they are now.
Microsoft and Google have known ties to government, if you really believe you can trust either at this point, I have bad news for you. Hell Google admits one need only ask, no warrant necessary. Many companies have created revenue streams on giving up data, hell you can find the forms online right now. Secret rooms at internet hubs and other concerns Link.
But why tip your hand, they don't care about local law enforcement enough to step in very often which is why you have situations like the one in the article above and it serves the added purpose of letting people believe they can still have privacy.
I only use open source encryption, Truecrypt is my choice, and while I still don't have 100% confidence in it, I put far more faith in them than anything else out there.
My theory is that government and LE would like to have available a complete chronicle of everything you have done and are doing, this way at any moment, they can pull up your life history and have something to work with. There's a reason privacy is important, the dolt's that parrot "If you're not doing anything wrong" are just clueless and frankly anger me as they are almost just as much a threat to freedom as the make believe army of terrorists.
When agents were unable to decrypt the computer, the grand jury issued a subpoena demanding the defendant produce any documents reflecting any passwords associated with the computer
The further you go up the food chain, the more resources are available to defeat security. But there still seem to be a few blind spots for Law Enforcement and Govt.
I have family and friends that have been with NSA for decades and they'll be the first to tell you that even at low levels they were using the same computing power in 2002 that we are only getting today, so you can imagine where they are now.
Microsoft and Google have known ties to government, if you really believe you can trust either at this point, I have bad news for you. Hell Google admits one need only ask, no warrant necessary. Many companies have created revenue streams on giving up data, hell you can find the forms online right now. Secret rooms at internet hubs and other concerns Link.
But why tip your hand, they don't care about local law enforcement enough to step in very often which is why you have situations like the one in the article above and it serves the added purpose of letting people believe they can still have privacy.
I only use open source encryption, Truecrypt is my choice, and while I still don't have 100% confidence in it, I put far more faith in them than anything else out there.
My theory is that government and LE would like to have available a complete chronicle of everything you have done and are doing, this way at any moment, they can pull up your life history and have something to work with. There's a reason privacy is important, the dolt's that parrot "If you're not doing anything wrong" are just clueless and frankly anger me as they are almost just as much a threat to freedom as the make believe army of terrorists.
reply to post by FurvusRexCaeli
Of course you can decrypt it, even without the one-time-key. It certainly depends on the complexity of the algorithm.
Take a sentence with let's say 30 letter's and replace them with numbers using a one-time algorithm. Each single Digit number standing for a letter of the alphabet.
Even though no-one has the key it would be pretty easy to figure out which number does represent which letter, there are stochastic approaches to this as well as others.
So your statement is only partially correct.
Of course you can decrypt it, even without the one-time-key. It certainly depends on the complexity of the algorithm.
Take a sentence with let's say 30 letter's and replace them with numbers using a one-time algorithm. Each single Digit number standing for a letter of the alphabet.
Even though no-one has the key it would be pretty easy to figure out which number does represent which letter, there are stochastic approaches to this as well as others.
So your statement is only partially correct.
why cant they just give it back too the GAMERS.
Go away,,,,use something else,,,Leave Our Bits Alone!
Bites Belong too Buck Hunter !
sigh,,,
Go away,,,,use something else,,,Leave Our Bits Alone!
Bites Belong too Buck Hunter !
sigh,,,
I wonder how much resources have been put into spoofing or bypassing the encryption altogether , so no encryption algorithm would really matter?
My understanding is:
1. Something is encrypted
2. A key is provided.
3. The program verifies if the key is valid or invalid.
4. If valid then display data else don't
Seems to me that no matter what encryption is derived that step 3 and 4 will always be required by all algorithms including future ones. Hence, that can be considered a huge vulnerable spot.
So if a program is altered (de-compiled , hijacked via spoofing methods,binary level, etc...) to return a valid response each time versus actually sending the algorithm.Then the algorithm itself becomes a moot point.
So it would appear to me that would be a better investment than to try by brute force?
My understanding is:
1. Something is encrypted
2. A key is provided.
3. The program verifies if the key is valid or invalid.
4. If valid then display data else don't
Seems to me that no matter what encryption is derived that step 3 and 4 will always be required by all algorithms including future ones. Hence, that can be considered a huge vulnerable spot.
So if a program is altered (de-compiled , hijacked via spoofing methods,binary level, etc...) to return a valid response each time versus actually sending the algorithm.Then the algorithm itself becomes a moot point.
So it would appear to me that would be a better investment than to try by brute force?
edit on 1-6-2012 by interupt42 because: (no reason
given)
new topics
-
George Knapp AMA on DI
Area 51 and other Facilities: 4 hours ago -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 4 hours ago -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 7 hours ago -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics: 8 hours ago -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 10 hours ago -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works: 11 hours ago -
BREAKING: O’Keefe Media Uncovers who is really running the White House
US Political Madness: 11 hours ago
top topics
-
BREAKING: O’Keefe Media Uncovers who is really running the White House
US Political Madness: 11 hours ago, 24 flags -
George Knapp AMA on DI
Area 51 and other Facilities: 4 hours ago, 19 flags -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness: 12 hours ago, 18 flags -
African "Newcomers" Tell NYC They Don't Like the Free Food or Shelter They've Been Given
Social Issues and Civil Unrest: 17 hours ago, 12 flags -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest: 12 hours ago, 7 flags -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 7 hours ago, 7 flags -
Russian intelligence officer: explosions at defense factories in the USA and Wales may be sabotage
Weaponry: 16 hours ago, 6 flags -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 10 hours ago, 5 flags -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics: 8 hours ago, 3 flags -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 4 hours ago, 3 flags
active topics
-
George Knapp AMA on DI
Area 51 and other Facilities • 15 • : nerbot -
Election Year 2024 - Interesting Election-Related Tidbits as They Happen.
2024 Elections • 64 • : Zanti Misfit -
Biden--My Uncle Was Eaten By Cannibals
US Political Madness • 45 • : RazorV66 -
Truth Social goes public, be careful not to lose your money
Mainstream News • 119 • : Kaiju666 -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 383 • : xuenchen -
OUT OF THE BLUE Chilling moment pulsating blue cigar-shaped UFO is filmed hovering over PHX AZ
Aliens and UFOs • 42 • : Ophiuchus1 -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 531 • : cherokeetroy -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs • 20 • : Halfswede -
MULTIPLE SKYMASTER MESSAGES GOING OUT
World War Three • 33 • : Halfswede -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs • 7 • : JonnyC555