• Welcome! The TrekBBS is the number one place to chat about Star Trek with like-minded fans.
    If you are not already a member then please register an account and join in the discussion!

Details of Cyber Shield Disclosed by White House

It's true what Robert Maxwell said. There are essentially unbreakable encryption schemes out there, and they're available for public use. The feds use the same AES encryption you can use for your hard drive. Can this be broken? Yes, if you have a whole millennium AND the processing power of Google, Microsoft, SETI, Folding@home and the NSA combined.

Just to give you an idea, a 128-bit encryption scheme requires you to check 340,282,366,920,938,463,463,374,607,431,768,211,456 (that's 2^128) possibilities to decrypt it. To put this into perspective, if you measured the observable universe in NANOMETERS, you would get a number slightly smaller than that. Do you have ANY idea how much electrical power it would take to complete that kind of effort?
 
CuttingEdge100 said:
Robert Maxwell,

I don't believe that computers are magical, I do know some very impressive things can be done with computers, but I don't think it is magical. I also am aware of the fact that the government develops all kinds of technology that is often far ahead of anything available in the public sphere, technology which is shrouded in secrecy, and not always used for ethical purposes.

This is no revelation; this is nothing new and is common knowledge by a great many people.
Click to expand...

When it comes to computer technology, the government is often very much behind the curve. People have been trying for years to break things like Rijndael and the various flavors of DES and have met with failure. Like STR said, no government even has the computing power to do a brute-force crack of a 128-bit key in anything less than a millennium. In a decade or so, they might be able to knock that time down to several years, but it's still far too long to be of any use to intelligence services like the NSA, which require timely information. There is also insufficient storage to keep all that encrypted data until such time as it is easy to crack.

Given your posting history, I'd say you are listening to the wrong people--folks who sensationalize and frighten, usually with the intent of gaining attention and/or selling books.
 
^It's gets even better that the government requires 256-bit encryption for anything top secret, and a lot of corporations do too. Again, you can get off-the shelf encryption that uses this level of security. How high is 256-bit encryption? 2^256 is a 77 digit base-10 number (1.157921e+77 to be exact), which means there isn't enough time left before the sun burns out before you can crack that.
 
Robert Maxwell,

Uh, maybe most of the government, but the Intelligence agencies such as the CIA, NSA, and such are WAAAAAY ahead of the curve...
 
CuttingEdge100 said:
Robert Maxwell,

Uh, maybe most of the government, but the Intelligence agencies such as the CIA, NSA, and such are WAAAAAY ahead of the curve...
Click to expand...

You have pretty clearly never been within a lightyear of classified projects.

No, they're not.

You might wish they were. I wish they were. They wish they were as technologically advanced as people credit them with being.

No, the reality is that most government work, even (perhaps especially) in the IC, is five to ten years (on good days) behind the state of the art commercially available. Government acqusitions projects, especially for "black projects" take that long.
 
Great article. Some of you should read the whole thing.

http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html
Debunking a myth: If you have nothing to hide, you have nothing to fear

The idea that an individual can live in a surveillance society with nothing to fear so long as they have nothing to hide may, on the face of it, appear attractive. For those of us who think of ourselves as 'honest' - we pay our taxes, don't commit murders and are loyal to our partners - why indeed should we fear surveillance?

"Nothing to hide, nothing to fear" (NTHNTF) is a myth that is built on certain false assumptions, and these assumptions are never questioned when it is wheeled out as an argument to support whatever draconian surveillance measure is being pushed out in the face of citizen opposition (commercial organisations rarely try such an approach, since it dooms them to failure from the very beginning). These assumptions include:

  • Continuity: When a large data gathering exercise is started, the lifespan of the system will almost always be greater than that of its instigators. The most benign and caring government, authority or private company is inevitably subject to a change of management, and if the new executive does not share their moral stance, then data can be reused for very dangerous purposes. Those who provided data believing they had nothing to fear may find that data is misused in the future.
  • Context: Those who use the NTHNTF argument most commonly use it in the context of government collecting information about individuals. In the information age, the idea of a single entity holding that information does not hold true. The massive pressures to share information within and beyond government mean that information is constantly on the move. Sooner or later, information held by the government will be shared across the government and with the private sector.
  • Control: Whether through a sharing agreement, aggregation of databases or simply leaving a memory stick in a pub car park, information is always shared sooner or later. Information security professionals always assume a system to be insecure, and plan for when - not if - data is lost or corrupted.
  • Consistency: The most important issue is that of consistent use of accurate information across all authorities and all individuals.
Click to expand...
 
I'm coming at the issue from a completely technical perspective: I just don't think they're trying to do what some claim they're trying to do, and I don't think they could do such things if they wanted to, at least not the extent some are worried about.

Concern about who's monitoring what is fine, but keep it realistic. We go from:

Whitehouse.gov said:
EINSTEIN 3 will draw on commercial technology and specialized government technology to conduct real-time full packet inspection and threat-based decision-making on network traffic entering or leaving these Executive Branch networks. The goal of EINSTEIN 3 is to identify and characterize malicious network traffic to enhance cybersecurity analysis, situational awareness and security response. It will have the ability to automatically detect and respond appropriately to cyber threats before harm is done, providing an intrusion prevention system supporting dynamic defense.
...
when deemed necessary by DHS, to send alerts that do not contain the content of communications to the National Security Agency (NSA) so that DHS efforts may be supported by NSA exercising its lawfully authorized missions.
Click to expand...
From there we greatly simplify down to
Wall Street Journal said:
The program is designed to look for indicators of cyber attacks by digging into all Internet communications, including the contents of emails
Click to expand...
And from there we make the jump to
TrekBBS said:
warrantless wiretapping
Click to expand...

It's like a game of telephone, except with each successive party not having the technical expertise to understand quite what the last person was trying to say.

The jump from "full packet inspection of traffic entering and leaving specified government networks" to "all internet traffic" is particularly egregious.

Sounds to me like everyone is making a big deal over what is essentially a virus scanner on steroids.
 
Well said, Lindley! I think people are missing the point here, that we aren't saying the government isn't doing these things--in fact, I'm sure there are parts of the federal government that would love to be able to accumulate and inspect all traffic flowing through the Internet.

But we're approaching it from a technical level, and on that basis, what people are afraid of is simply not possible today, and not likely to be possible anytime soon.

CuttingEdge100 said:
Robert Maxwell

Robert Maxwell said:
That's what it would take to break current encryption methods with today's technology.
Click to expand...

How?
Click to expand...

If you have to ask this question, then you don't know much about how encryption works.

Today's hardware is not powerful enough to break strong encryption. There are far too many possible keys for it to be practical to try them all. Even with what we'll have in 10 to 20 years, a strong key from today would remain non-trivial to break. Intelligence services are concerned about data that is relevant now, not data that was relevant years ago. Therefore, it is counterproductive to sink massive resources into brute-force key-breaking.
 
To be fair, there are other approaches to key-breaking than brute force. Statistical analysis reveals the Vigenere cypher to be completely useless, for instance (not to say anyone is still using that except in school as an example of what not to do, though). It's possible, though unlikely, that methods could be developed which would weaken some existing encryption schemes.
 
Lindley said:
To be fair, there are other approaches to key-breaking than brute force. Statistical analysis reveals the Vigenere cypher to be completely useless, for instance (not to say anyone is still using that except in school as an example of what not to do, though). It's possible, though unlikely, that methods could be developed which would weaken some existing encryption schemes.
Click to expand...

Which is why Rijndael and DES are still in wide use--no one has yet found any weaknesses in those techniques. It's possible someone will at some point, but unless and until that happens, brute force is all you've got!

There are plenty of other ways to get someone's data before it's encrypted or after it's decrypted, though: keyloggers, rootkits, etc. People just need to take their computer security more seriously, and worry about safety on the PC itself rather than fret about someone intercepting their traffic on the Internet.
 
Robert Maxwell said:
But we're approaching it from a technical level, and on that basis, what people are afraid of is simply not possible today, and not likely to be possible anytime soon.
Click to expand...

I'd say it will never be possible. Monitoring ability has been increasing exponentially, to be sure, but total traffic has a steeper curve.
 
Yeah, I agree with most of you. The future of front-line Internet security has more in common with a "virus scanner on steroids", as Lindley put it, than a bunch of guys in a room reading your emails and determining your web browsing habits. They're going to be looking for types of traffic that trigger a second level inspection (that is still probably several tiers away from human inspection), and that traffic won't include the email you sent from your computer at work to your wife telling her you'll be late for dinner, or the fact that you spend too much time on TrekBBS.

Just because the government can do something doesn't mean they will, it's why we have a legal system in the first place. The local police have the technological capability to listen to my phone conversations, but I don't worry about it because they have better things to do and it would be illegal for them to single me out to do so without just cause in the first place.
 
FordSVT,

While it is true that because someone can do something does not always mean they will; over the past couple of years the government has shown a remarkable propensity to disregard civil rights.

CuttingEdge100
 
You must log in or register to reply here.
If you are not already a member then please register an account and join in the discussion!

Sign up / Register


Back
Top