Featured Articles

AMD Never Settle Forever bundle hits 200-series cards

AMD Never Settle Forever bundle hits 200-series cards

AMD’s Never Settle bundles have been around for a while and the community response has been extremely positive. When AMD launched…

More...
AMD shipping Beema APUs

AMD shipping Beema APUs

According to Lisa Su, SVP & GM, Global Business Units at AMD, Beema notebook parts have started shipping to manufacturers last…

More...
IHS teardown reveals Galaxy S5 BOM

IHS teardown reveals Galaxy S5 BOM

Research firm IHS got hold of Samsung’s new flagship smartphone and took it apart to the last bolt to figure out…

More...
Galaxy S5, HTC One M8 available selling well

Galaxy S5, HTC One M8 available selling well

Samsung’s Galaxy S5 has finally gone on sale and it can be yours for €699, which is quite a lot of…

More...
KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 gained a lot of overclocking experience with the GTX 780 Hall of Fame (HOF), which we had a chance to…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 06 September 2013 10:41

NSA has broken commercial encryption techniques

Written by Nick Farrell



Snowden papers revealed

Despite a belief that encrypted documents were safe from the preying eyes of spooks, the NSA has defeated most commercially available encryption techniques. According to documents released by Edward Snowden, the NSA is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to break the system.

The agency has cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans.

Since 2000 when encryption systems started to make an appearance the NSA invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. It lost a battle in the 1990s to insert its own “back door” in all encryption, but it realised that if it could do the same thing itself. It then had the advantage that everyone was encrypting their messages unaware that the NSA could read them. Sometimes it did not bother. It just hacked into target computers to snare messages before they were encrypted. Companies were often told that they had to handing over their master encryption keys or building in a back door. The NSA also covertly introduced weaknesses into the encryption standards.

There has been a lot off effort in cracking into the Secure Sockets Layer, or SSL; virtual private networks, or VPNs and the protection used on fourth-generation, or 4G, smartphones. But Dave Anderson, senior director at Voltage Security, said that it was unlikely to be the actual encryption that was hit.

Properly implemented strong crypto systems are one of the few things that you can rely on, he said. But he added that it seems likely that any possible way that the NSA might have bypassed encryption was almost certainly due to a flaw in the key management processes that support the use of encryption, rather than through the cryptography itself. He thinks it was only possible if the cryptography that was used to protect the sensitive transactions was improperly implemented through faulty, incomplete or invalid key management processes or simple human error.

“When properly implemented, encryption provides essentially unbreakable security. It’s the sort of security that would take implausibly-powerful supercomputers millions of years to crack. But if it’s carelessly implemented, and the key management processes are not sound, this security can be reduced to the level where a hacker with a mid-market PC can crack in a few hours at most,” he said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

To be able to post comments please log-in with Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments