CALM DOWN: The NSA Hasn't 'Cracked' Basic Internet Encryption
"Cracking" conveys that they have found a way to break down encryption codes, prime among them being RSA, the cracking of which would lead to the catastrophic collapse of trust in internet communications and transactions.
The misconception has spawned as a result of major news organizations like The Guardian, Propublica, and New York Times conflating the two ideas of "exploiting" and "cracking." For example:
New Snowden documents say NSA can break common Internet encryption http://t.co/DfoS0AynyD- Reuters Top News (@Reuters) September 5, 2013
Revealed: The NSA's secret campaign to crack, undermine Internet encryption http://t.co/HnEsfdCPTM- ProPublica (@ProPublica) September 5, 2013
The New York Times states: "The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show."
This latest leak is plenty scary, but it doesn't mean that web encryption is broken.
This from Bruce Schneier, cyber security expert, just days ago in Wired:
Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system.
It's very probable that the NSA has newer techniques that remain undiscovered in academia. Even so, such techniques are unlikely to result in a practical attack that can break actual encrypted plaintext.
Now everyone talks about supercomputers running trillions of passwords a second - called "Brute Force" attacks - but "right now the upper practical limit on brute force is somewhere under 80 bits," reports Schneier.
The least of encryption stands at 128, but most of the internet is phasing out 1024-bit keys in preference for 2048-bit keys. Put simply, brute force might yield a decrypted message once every million years.
There is a dangerous side, however, to what the NSA is doing.
Backdoors are something called "exploits," in particular, "zero-day" exploits. Zero-days are exploits that only one party knows about, and the rest of the world doesn't. Backdoors do not allow for streaming information gathering, but rather, targeted exploitation of networks or software, often on a particular user's computer.
The problem with zero-days is that hackers rapidly and regularly find them - so pretty soon they're worthless, or in the wrong hands.
"We lose our security not just from the NSA, but from other actors who could subvert" the back doors and so on for which the agency is responsible," Eva Galperin, a Global Policy Analyst with the Electronic Frontier Foundation, told CNET.
The other problem - as has been pointed out several times to Business Insider by tech experts - is that coercing tech companies to install backdoors is essentially baking security weaknesses into software that advertises itself as secure.
Another weakening of public trust.
- Elon Musk sparks another Shiba Inu rally ‘to the moon’ — other Shiba coins follow suit
- Elon Musk’s puppy, a new strategy to burn tokens, and altcoins playing catch up — the perfect storm for cryptocurrency Shiba Inu to skyrocket
- Apple M1 Pro and M1 Max vs M1: Here’s what Apple improved with its new custom chips
- SUN Mobility raises $50 million from energy giant Vitol
- Reliance Jio cements its lead over Airtel in both total as well as active subscribers
- Realme GT Neo 2 vs OnePlus Nord 2: Price, specs and features compared
- Titan, Kalyan Jewellers and other jewellery stocks rally in last one month on high bullion prices
- This Motilal Oswal-backed startup is planning to issue a million credit-based cards in the next 150 days relying on its $2 billion loan book