It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

German Gov is able to decrypt PGP and SSH

page: 2
8
<< 1   >>

log in

join
share:

posted on May, 25 2012 @ 12:48 PM
link   

Originally posted by NoSoup4U
Our government has a "master key" for gpg and pgp too, but it ONLY works with gnupg versrions higher than gnupg-w32cli-1.2.2 . How do I know this? Well, I use gpg encryption in my current job all the time. It is 2048 bit ElGamel encryption that is done through the commandline. For some of the idiots I work with, I wrote a GUI front end completely using JAVA. Anyway, if you can find the version gnupg-w32cli-1.2.2 and use it, there will be no worries for the real paranoid person.


I'm sorry to tell you this, but you're absolutely wrong. There is no "master key" for RSA, ECDSA, AES, RIPEMD-160, SHA-512, Whirlpool, Serpent, or TwoFish. You may "use" gpg in your current job, but I am a contributing developer on the GnuPG project as well as the TrueCrypt project and am intimately familiar with the source code as well as its various methods of operation. PGP is a different story. PGP uses the proprietary IDEA encryption algorithm which IS known to have a back-door. Also, if you're going to represent yourself as an encryption expert, at least have the decency to refer to the POSIX-based platform and not Windows LOL.




posted on May, 25 2012 @ 01:19 PM
link   
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?

I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.

I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.



posted on May, 25 2012 @ 01:37 PM
link   

Originally posted by joesomebody
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?

I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.

I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.


Exactly. Some people think that "open-source" means that anyone can just throw some code in there willy-nilly with no peer review. I can tell you that the peer review on candidate code branches is so brutal that committing back to the hub is personally terrifying. You've got 100+ developers, each with a giant ego and attitude, just looking to rip you apart and discredit your work. You allow a back-door to sneak by and they'll crucify you.



posted on May, 25 2012 @ 02:58 PM
link   
Spot on...

Usually education is what bridges the gap between news-fiction and fact on these "they are spying on you all the time" stories.



posted on May, 25 2012 @ 03:45 PM
link   

Originally posted by joesomebody
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?

I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.

I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.


No.

Take one of the most necessary and most utilized security projects that also uses encryption. Truecrypt.

No code review. This is much more the norm than the rule. No review done especially after initial project release.



posted on May, 25 2012 @ 06:37 PM
link   

Originally posted by AlchemicalMonocular
No.

Take one of the most necessary and most utilized security projects that also uses encryption. Truecrypt.

No code review. This is much more the norm than the rule. No review done especially after initial project release.



You are mistaken. I am a contributing developer on both the GnuPG and TrueCrypt projects, and both of them have extremely rigid and thorough peer review of code submissions and branch modifications.



posted on May, 26 2012 @ 07:59 AM
link   
reply to post by draco49
 


thats an illusion if you generalize it - just remember Open BSD...

maybe you're in your own bubble but every lock made by humans can be broken by them...rootkit for true crypt or B&E (a possebility most people forget about) or tempest etc pp...encryption is just an illusion like high secure car locks...sure they are good to prevent some stupid kids to steal your car but cars still get stolen...
edit on 26-5-2012 by Hessdalen because: mindcontrol



posted on May, 26 2012 @ 08:28 AM
link   

Originally posted by H1ght3chHippie
The matter is rather simple.

There is no such thing as unbreakabke encryption.

One time pads.


Encrypting something only makes sense if there does exist a way to decrypt it.

And if your means of decryption is a one time pad, you cannot decrypt it without the key. There is no way to break a one time pad. You can hope your opponent screws up and reuses key material, or an agent sells you a pad, but there is no cryptographic break against a correctly implemented OTP system.



posted on May, 26 2012 @ 09:20 AM
link   
Judge Orders Password from Defendent


When agents were unable to decrypt the computer, the grand jury issued a subpoena demanding the defendant produce any documents reflecting any passwords associated with the computer


The further you go up the food chain, the more resources are available to defeat security. But there still seem to be a few blind spots for Law Enforcement and Govt.

I have family and friends that have been with NSA for decades and they'll be the first to tell you that even at low levels they were using the same computing power in 2002 that we are only getting today, so you can imagine where they are now.

Microsoft and Google have known ties to government, if you really believe you can trust either at this point, I have bad news for you. Hell Google admits one need only ask, no warrant necessary. Many companies have created revenue streams on giving up data, hell you can find the forms online right now. Secret rooms at internet hubs and other concerns Link.

But why tip your hand, they don't care about local law enforcement enough to step in very often which is why you have situations like the one in the article above and it serves the added purpose of letting people believe they can still have privacy.

I only use open source encryption, Truecrypt is my choice, and while I still don't have 100% confidence in it, I put far more faith in them than anything else out there.

My theory is that government and LE would like to have available a complete chronicle of everything you have done and are doing, this way at any moment, they can pull up your life history and have something to work with. There's a reason privacy is important, the dolt's that parrot "If you're not doing anything wrong" are just clueless and frankly anger me as they are almost just as much a threat to freedom as the make believe army of terrorists.



posted on Jun, 1 2012 @ 01:28 PM
link   
reply to post by FurvusRexCaeli
 


Of course you can decrypt it, even without the one-time-key. It certainly depends on the complexity of the algorithm.

Take a sentence with let's say 30 letter's and replace them with numbers using a one-time algorithm. Each single Digit number standing for a letter of the alphabet.

Even though no-one has the key it would be pretty easy to figure out which number does represent which letter, there are stochastic approaches to this as well as others.

So your statement is only partially correct.



posted on Jun, 1 2012 @ 01:34 PM
link   
why cant they just give it back too the GAMERS.
Go away,,,,use something else,,,Leave Our Bits Alone!
Bites Belong too Buck Hunter !

sigh,,,



posted on Jun, 1 2012 @ 01:48 PM
link   
I wonder how much resources have been put into spoofing or bypassing the encryption altogether , so no encryption algorithm would really matter?

My understanding is:
1. Something is encrypted
2. A key is provided.
3. The program verifies if the key is valid or invalid.
4. If valid then display data else don't

Seems to me that no matter what encryption is derived that step 3 and 4 will always be required by all algorithms including future ones. Hence, that can be considered a huge vulnerable spot.

So if a program is altered (de-compiled , hijacked via spoofing methods,binary level, etc...) to return a valid response each time versus actually sending the algorithm.Then the algorithm itself becomes a moot point.

So it would appear to me that would be a better investment than to try by brute force?
edit on 1-6-2012 by interupt42 because: (no reason given)



new topics

top topics



 
8
<< 1   >>

log in

join