EvilZone
Hacking and Security => Anonymity and Privacy => : proxx September 22, 2013, 11:19:28 PM
-
So anyone who is interested in security and anonymity must have been increasing shocked by the 'recent' events.
I shouldnt have to explain that any further.
So we can basically state that many encryptions on which almost anyone relies are flawed (Ive had some discussion about using this word but I think it fits the definition, if its not point to point secure its flawed)
Its hardly a suprise that anonymity is dead, only the scale on which this is happening cant cease to blow my mind.
One of the most intriguing parts imo is the automated packet capture and filtering in which millions or more is invested that along with the capability of decrypting it, for x part.
Talking about flaws, there is one theoretical flaw in their system aswel.
There is just too much data to be analyzed, at least by humans.
As a subsitution they would use massive ammounts om computational power and if course software to do the job.
Nothing new so far..
Ive been playing with the idea for a while to do exactly the thing that would confuse this system to such an extend that computational extraction of data could be considered useless.
Everyone here must have heard of those firefox plugins that send random search queries to the big boys to randomize their profiling.
What if something similar would be launched on a massive scale only than with the type of data that would be filtered out by the big parties controlling the game.
Thousand or millions voluntarily sending garbage 'malicious' data , everyone would be a 'terrorist'.
Any thoughts ?
-
First of all, enough of this "oh god we're shocked, how could you NSA" bullshit. NSA surveillance has been known for decades, but it took the Snowden leaks for the sheeple to finally realize that they're being watched. And even then most don't care, indiscriminately posting personal info and pictures of themselves and others everywhere.
That said, the idea - inundation with false positives, sounds good enough in theory. It's very primitive, but it works, much like a script kiddie taking down a medium-sized website with a Layer 4 DoS from his shitty IRC botnet.
The problem is that you need to know exactly what keywords to use that can trigger the NSA's filters. Benign inundation is useless, as it'll slip by into the archives without particular notice. That's the main issue with extensions like TrackMeNot - their queries are randomized, so it can send both junk that is benevolent and junk that is suspicious.
What we need is a system that can send junk data constantly to tons of servers, that is openly malicious BUT is also smartly constructed. This means making it RFC-compliant as possible, difficult to fingerprint, perhaps modular and extensible, and able to adapt to all sorts of ostensibly malevolent garbage.
For instance, instead of just spamming with queries such as "overthrowing government", it can also generate cryptographic keys and hashes on the fly and toss them around, so the NSA will waste time on decrypting worthless data.
We could do much thought on this.
In fact, perhaps make this a group Evilzone project?
-
If you were able to identify the keywords used by the NSA and your idea actually became a problem for them you can bet they would do their very best to fuck you over. No doubt you would be raided at 5am, have all your possessions seized, family harassed, you'd be called a terrorist and charged with whatever crimes they could pin on you (half of them will be made up) and they'd defend their actions as they always do, to stop the "terrorists".
-
If Anon can get a lot of morons to DDoS sites then a system like this could too and they can't arrest everyone.
-
If you were able to identify the keywords used by the NSA and your idea actually became a problem for them you can bet they would do their very best to fuck you over. No doubt you would be raided at 5am, have all your possessions seized, family harassed, you'd be called a terrorist and charged with whatever crimes they could pin on you (half of them will be made up) and they'd defend their actions as they always do, to stop the "terrorists".
The whole point would be to spoof the destination headers and have this done en masse.
-
Im not saying that fighting this is wrong, i think it should be. However doing it your way will not force change. For one(since someone else brought it up) what change has anon brought? most of the organizations they have targeted have lost some cash, maybe some PR thats about it. They are still doing it how they were. Now apply this to a government.
If hackers start doing this(or making a package that does that gets widely distributed) it wont stop the NSA. Instead they will get MORE funding, and MORE focus. with us being seen an even MORE negative light by the general populace. Im all for fighting for what you believe in, but you should try to find a way to do such that an actual impact can be made. i dont think what equivocates to ddosing their databases will do this. Instead why not spend that time/money on projects that CAN help. make more styles of encryption, make more programs that use them with more versatility. keep it open source, as this makes it hard to be backdoored. make more secure ways to communicate over voip, im irc etc. this serves two purposes. 1 it does what you want, gives them more data to go through, but even better more analysis taht is needed human side. 2. it gives the end user a much better chance of being secure than what is currently available, and hey its a great time to get out their for it as people right now are aware of the issue, they wont be in 6 months.
-
Im not saying that fighting this is wrong, i think it should be. However doing it your way will not force change. For one(since someone else brought it up) what change has anon brought? ....
Ok so let's just do nothing then.
However, you are right. After much thought and debate and reading over the years I've realized just one thing. Nothing in this country, nothing in this world, people, governments, those in power, the military industrial complex, the medical industrial complex, and so on...
Nothing will change. Not if you only try to change one thing at a time. I'm not sure how radical you all are(seems like most of the people who have posted on this thread are radical enough) but if you have interest in saving yourselves, saving people, saving the planet, and so on.. then you need to take it all down. Take it all down at once. Otherwise it will just rebuild whatever part you damaged. It's not impossible to overthrow or otherwise take down a government. The military does this all the time. You just need to make sure you don't take too much time. Time allows the system to rebuild. They take out the infrastructure, the system starts to cripple. People get scared. They take out shipping and transportation, further weakening of the system. People start to go hungry. They take out communications, repair of the system gets harder still. People panic, people get angry. System collapses.
Another thing I wanted to add. You see all these idiots like Anon and so forth trying to hack government websites and databases. This is stupid. You certainly aren't going to change anything just by crippling a few webpages.
Shipping. Shipping is were it's at. Many of these large shipment hubs are automated. Now imagine if you hacked into one of those systems and instead of a very, very large shipment of food and goods heading towards America, you simply.... redirect said shipment somewhere else. Do you have any idea how much money it would take to fix the problems and damage that would cause? Millions. Shit, billions. Theoretically, an operation like that has the potential to completely cripple that shipment hub beyond recovery.
At least that's the idea....
-
Honestly this concept could be conceived in much more elegant and intelligent ways than a simple flood of garbage data.
A project such as this would aim to poison the information pool with false positives. This could be done through traffic forgery, rather than outright DoS.
My mind is kind of stale at the moment, but if we do some research we could work out a fairly decent model of what this could entail.
-
First of all thanks for all the input everyone, Ill take the time to consider all of your statements and respond, soon.
Honestly this concept could be conceived in much more elegant and intelligent ways than a simple flood of garbage data.
A project such as this would aim to poison the information pool with false positives. This could be done through traffic forgery, rather than outright DoS.
My mind is kind of stale at the moment, but if we do some research we could work out a fairly decent model of what this could entail.
Together with your other post I agree with your point that is should be very well thought through, not just ddos.
If any such project is ever to see the light of day it would require a very strong technical contruction.
I indeed aimed at generating false postives , if the amount of 'triggers' is vast enough versus 'real' traffic it could work.
As mentioned below its difficult to know which those are [insert speculation/discussions].
bbl.
-
This is a rather interesting discussion, and although I lack the technical competence to argue any points made here, I thought I'd simply speak my mind.
First of all, I'd like to emphasize on Lucid's point: Radical changes require a "flood" of -coordinated- movements. Pretty much like a voltage spike, if you will. Act too far apart on the time axon, and you're fucked, you've given them time to fix any damage and prepare. However, such a radical change could be classified as an "active defense" in my opinion. And it is also something that requires physical action, aside from hacking automated infrastructure routines. In other words: It is severely dangerous. Besides, I think Proxx's point was the creation of a "passive defense" system (in this case, one that requires no physical action and as such lessens the potential of being harmed) - Even though something like that can NOT offer -radical- changes in any society, it is a good start, and the hacking underground should be the creator of such a system (If not you, hackers, then who?).
In other words, I think we shouldn't linger too much on the thought of -radical- changes, at least not for the time being.
Secondly, regarding the points made by proxx, vezzy and Darkvision:
1. I won't go into technical talk, as I lack knowledge in this area and rather not talk bullshit.
2. The idea of crafting such a system is surely something decent. The point should be straining NSA's manpower AND computational power to the limit. Creating a system that's very difficult to crack is one thing and creating a system that slows down any and all human-handled investigations is another thing. Both are decently powerful, but alone, useless. Unless the two are combined, it's already a lost battle (Check Lucid's point above).
I think that the effort of creating something like that should, oddly, NOT be opensource (sidebranches of it, not openly related to it, could be opensource, as Darkvision suggested) - That is, until it is actually made. This is essentially a system that would screw with the government.
Unless you're out of your mind, you don't openly fuck with the government.
3. <Linked with #2> : If you do decide to start this as an Evilzone project, it would be a good idea to simply start... Disappearing. The more traces you leave behind, the more likely it is you'll fail. A good idea, in my opinion, would be to gather info on who's interested, leave them some time to think it over, set up a date to meet on IRC or wherever, formulate a longterm plan, and then disappear from the face of the Internet. After some pre-defined time, you all meet again and discuss what progress has been made. This process will most likely be repeatable, but the further apart the meetings are, the better. Also, I'd like to stress: If you're an American, do not even consider taking part in this. Or well, if you do, I think my idea would be a must, unless you want to become a sitting duck.
4. I've also been thinking on something for some time now, and feel it fits such a project, so I'll drop the idea here. I do not know if it is theoretically possible, or even if it has been done before and is now considered insecure, so bear with me. Anyway, the idea is to create a piece of code that would be able to alter itself (as in, through a most likely very complex procedure, self-alter its own code into a non-gibberish text, and still remain functional) - After that, I thought: Yeah okay let's assume that does happen, so what? It can still be easily cracked by analyzing the code without ever running the executable part. - And then it hit me.
Would it be possible for such a code to also have a secondary defense mechanism? I've been thinking to implement a system that erases and totally shreds the program immediately upon "breach". I mean, if I were a cryptanalyst and whatnot and someone handed me a piece of code and said "crack it", the best way for the code to protect its content would be through self-destruction. Such a defense system should activate as soon as anyone would try to analyze it (examples include inspecting it, attempting to transfer the code in a secondary program and whatnot in order to safely analyze it etc etc). No idea if it is possible, just saying.
Anyway, no more ideas at the moment, and apologies if the text has been tiresome.
-
Nothing will change. Not if you only try to change one thing at a time. I'm not sure how radical you all are(seems like most of the people who have posted on this thread are radical enough) but if you have interest in saving yourselves, saving people, saving the planet, and so on.. then you need to take it all down. Take it all down at once. Otherwise it will just rebuild whatever part you damaged. It's not impossible to overthrow or otherwise take down a government. <snip>
This, a million times.
And indeed, if there ever is going to be a "project" related to this, maintaining as much as possible the anonymity of those developing/working on it should obviously be the most important point.
Also I see a lot of talk about passive defense. Honestly, given for the example the incredibly valid point that lucid made in the quote above, passive defense isn't going to cut it. The best defense is offense you know.
-
@lucid, i wasnt saying lets do nothing. I was trying to say that one needs to look at what the end goal is, which is change, and to craft your response in a way that forces a change. This of course can always go in ways you didnt expect. However if your going to do something openly malicious, it is far to easy to be branded a traitor or whatever other word the media/gov wishes to apply to you.
@others: Again i dont see attacking the system in a way that you KNOW will make you a wanted man(or woman) is the way to go, at least yet. Yes their are times to truly rebel, i however do not believe that time is now. I DO think its fixable, its not yet time to burn the house down and start from scratch. Yeah the house is dilapidated, and darn near condemned, but it isnt yet going to fall down. Also open source IS the only way to go, as has been proven again and again, closed source=backdoor.
Anyway i guess some more on what i was thinking about. I think what we need in these days, is something that wasnt economically feasible in the past. My idea/premise is based off of encrypted containers(static)/ the old style voice encryption from WW II. Im not an expert in cryptography, i may be missing something or not see where it wont work. However i dont see how throwing out an idea can hurt. maybe something can come from it.
Premise: create a fixed rate of data per second point to point between two devices. The PC's would create a "cap" on data bandwidth between the two, you would obviously want to set this below what your max data rate is to ensure reliability. In essence what is going on here is a 1mbps(or a lower more reasonable figure :P) constant connection between PC A and B, even when nothing is being sent, the "container" portion of IPv6 would be maxed sending packets at a fixed rate, each proceeding one(after the handshake) would let you know how much change is needed off the top to know the actual encrypted packet, THEN that packet would be decrypted. Each "connection" would use a one time pad in the encrypted standard of choice.
note:i think IPv4 packets hold far to little data, making it not only slow, but easier to crack.
Example: Computer A and B set blowfish as the encryption standard and choose a encryption size(say 128 :p). PC A handshakes with PC B and establish an agreed upon constant packet rate.
PC A's first packet once the connection is established maxes the container portion of the packet, and from the handshake it is "known" how much to subtract (bit wise) to know what that packet contains/what is encrypted. Part of what that packet will contain (encrypted) what is the next correct encrypted container size. So even when you are not sending data (whether its because its being processed, or you just have nothing to send at the moment) the network would still see data being constantly sent. This is in essence the "noise" portion of the idea, as well as the fixed size encrypted container. since the packet rate is constant, and based off of your two connections during the hand shake no eavesdropper can tell what you are sending or if you are sending anything at the time(unless of course they break the encryption). This negates a number of attacks on the encrypted traffic as well as creating a lot of "bloat" to sift through. To me the only really vulnerable time in this process is the handshake itself or the encryption standard being used.
not sure how well i explained what im thinking, and not sure if their isnt something im missing. thoughts?
-
I realize how angry we all are about the NSA thing, but from a political standpoint, crippling the US or any other country is a very bad idea. Like, really bad.
I wont bother to argue it unless someones disagrees...does anyone disagree?
-
I realize how angry we all are about the NSA thing, but from a political standpoint, crippling the US or any other country is a very bad idea. Like, really bad.
I wont bother to argue it unless someones disagrees...does anyone disagree?
This is not about anger.
Nor did I intend anything malicious, why would sending 'garbage' be malicious , since when am I not allowed to talk about certain material, be it mechanized.
Its not my fault that eventhough nearly every law in the world prohibits it ,all is tapped anyway by some delusional g8vern.
This is about freedom of the user , freedom of speech and reality, not anger.
In fact, whos attacking who?
-
I beleive this chat should be moved away from public facing forums...
I actually like the idea of diluting the information they are looking for... nice "defensive" tactic!
I could argue this issue for weeks about who, what why and why not but i cant be arsed!
This tool COULD be used for something else too... again maybe in another protocal
-
I beleive this chat should be moved away from public facing forums...
Might be wiser indeed, as more people mentioned.
Funny thing is that we all know hidden doesnt mean nothing.
Also even if we would trust SSL this forum has a leak that hasnt been fixed.
Anything posted goes in the clear even if your using https.
-
Ok allow me give my two cents. The NSA hasn't survived this long without threats likes these. I think its an organisation that learns and mutates from every piece of information it gets. All that big budget goes down into systems that separate false positives and real data. I mean it hasn't survived 60 years without being a master at this.
About the possibility of this, well i say tools can be developed though there life time in the wild, that i can't vouch for. I mean sooner or later that data may lose randomness and the dots can be connected and then the system mutates to accomodate you.
-
maintaining as much as possible the anonymity of those developing/working on it should obviously be the most important point.
Seems our options for anonymity have been somewhat limited as of recently..
-
So we can basically state that many encryptions on which almost anyone relies are flawed (Ive had some discussion about using this word but I think it fits the definition, if its not point to point secure its flawed)
I disagree with a few things here.
The government hasn't broken anything; they cracked RSA but that's about it. And it took them a very long time to boot. Saying all encryption is flawed is not true. Simply because many encryption methods are public knowledge and very unguarded when it comes to the /src/. Also, it's important to note that many standards are not public knowledge or FOS.
That does not inherently mean they are flawed or back-doored just because the author never showed the code. PGP/GnuPG, DES, most key encryption means are still safe and secure. It would take quantum computers to crack these keys. Things like OTR (Pidgin Off The Record messaging encryption) are still very much safe.
Your best bet in fact, in breaking most key algorithms, is to intercept keys in transit from person to keyserver. Even then technically they are not broken, you just got lucky and found the secret keys. And those are by the way, usually password encrypted themselves. This adds an additional layer of encryption. GnuPG is an excellent example of secure communication that will not likely be broken until quantum computing. DES is very strong as well, and AES (a non-key encryption) is still not taken lightly.
Saying all encryption is broken because NSA cracked RSA or ToR (no discussion needed or wanted here) is not very informed.
-
Might be wiser indeed, as more people mentioned.
Funny thing is that we all know hidden doesnt mean nothing.
Also even if we would trust SSL this forum has a leak that hasnt been fixed.
Anything posted goes in the clear even if your using https.
Just now, my post (using https everywhere by the way) was sent in the clear as soon as I hit submit. Should definitely try to fix that. /double post
-
I disagree with a few things here.
The government hasn't broken anything; they cracked RSA but that's about it. And it took them a very long time to boot. Saying all encryption is flawed is not true. Simply because many encryption methods are public knowledge and very unguarded when it comes to the /src/. Also, it's important to note that many standards are not public knowledge or FOS.
That does not inherently mean they are flawed or back-doored just because the author never showed the code. PGP/GnuPG, DES, most key encryption means are still safe and secure. It would take quantum computers to crack these keys. Things like OTR (Pidgin Off The Record messaging encryption) are still very much safe.
Your best bet in fact, in breaking most key algorithms, is to intercept keys in transit from person to keyserver. Even then technically they are not broken, you just got lucky and found the secret keys. And those are by the way, usually password encrypted themselves. This adds an additional layer of encryption. GnuPG is an excellent example of secure communication that will not likely be broken until quantum computing. DES is very strong as well, and AES (a non-key encryption) is still not taken lightly.
Saying all encryption is broken because NSA cracked RSA or ToR (no discussion needed or wanted here) is not very informed.
Yes I realized that the 'news' was highly overstated , however the government owing root keys can be a real problem.
SSL can be bruteforced with enough power as long as the strenght is 'low'
And yes your right, https does not apply to posting , I never use evilzone on public places for that reason.
Needs a fix , big time.
-
and AES (a non-key encryption) is still not taken lightly..
I wouldn't be so sure.
-
You have yet to argue a reason why you're not sure, please give me something.
-
You have yet to argue a reason why you're not sure, please give me something.
It's the number one encryption standard recommended most by the US government and colleagues themselves, and I won't use anything recommended to me by the US.
-
Your only reason for not using it is that they use it too? What if I told you most government officials communicate with OTR, what would you have to say then? Not that this has any fact-based logic to offer but hypothetically speaking?
Also, take a look at one of the most used sites on the web, Wikipedia: encryption is SSL_RSA_WITH_RC4_128_SHA, 128 bit keys. It would be very difficult to break even with the SSL root keys and cracked RSA, and it wouldn't be worthwhile for the NSA to waste resources on it in the first place.
But back to my point. I can't necessarily deny the possibility that AES is broken as well, since it was developed by the U.S. National Institute of Standards and Technology (NIST) and that institute was established by the United States Department of Commerce (DOC), a federal organization.
In theory, you could be right. AES could be flawed, much like ARCFOUR before ARCFOUR-A was introduced as a "fix". But this is just theory. It is more likely the NSA would attack much simpler algorithms before trying to reverse AES.
-
Your only reason for not using it is that they use it too? What if I told you most government officials communicate with OTR, what would you have to say then? Not that this has any fact-based logic to offer but hypothetically speaking?
Also, take a look at one of the most used sites on the web, Wikipedia: encryption is SSL_RSA_WITH_RC4_128_SHA, 128 bit keys. It would be very difficult to break even with the SSL root keys and cracked RSA, and it wouldn't be worthwhile for the NSA to waste resources on it in the first place.
But back to my point. I can't necessarily deny the possibility that AES is broken as well, since it was developed by the U.S. National Institute of Standards and Technology (NIST) and that institute was established by the United States Department of Commerce (DOC), a federal organization.
In theory, you could be right. AES could be flawed, much like ARCFOUR before ARCFOUR-A was introduced as a "fix". But this is just theory. It is more likely the NSA would attack much simpler algorithms before trying to reverse AES.
Than why would you need to reverse something that you designed yourself.
If it would be me I would built it in in the first place.
-
Your only reason for not using it is that they use it too?
No. My reason for not using it is that it is recommended by them. There are plenty of other worthwhile algorithms that have thus far never been cracked(blowfish/twofish) that I can use without having to use AES. Plus, it wouldn't be the first time the US has intentionally inserted a 'backdoor' into an algo. It IS their algorithm, they can do whatever they want with it right?
I'm not saying it's definitely backdoored, I'm just saying that there's a chance, and I see no reason to take an unnecessary risk
-
I'm not saying it's definitely backdoored, I'm just saying that there's a chance, and I see no reason to take an unnecessary risk.
As a closing (hopefully) argument:
By that logic, you should stay off the internet, which started as ARPANET, which was of course a DARPA project. There have also been historical incidences of the US government strengthening cryptographic protocols, such as was done with DES by the NSA.
-
What if I told you most government officials communicate with OTR, what would you have to say then?
I would say that I will probably just continue to use my encryption of choice, regardless of whether or not the NSA is using encryption for their instant messages. :P
As a closing (hopefully) argument:
By that logic, you should stay off the internet, which started as ARPANET, which was of course a DARPA project.
Lol I'm glad you know your internet history..
-
http://news.cnet.com/8301-1009_3-57610052-83/nsa-keywords-become-fodder-for-automated-haiku/ (http://news.cnet.com/8301-1009_3-57610052-83/nsa-keywords-become-fodder-for-automated-haiku/)
The National Security Agency's domestic spying efforts (http://news.cnet.com/8301-13578_3-57609236-38/spying-on-the-spies-a-roundup-of-nsa-news/) have been all over the news for months. Because it can't listen in to absolutely everybody's electronic missives, the NSA allegedly uses a database of keywords to trigger surveillance. It just so happens that those words make for some interesting poetry.
The NSA Haiku Generator (http://www.nsahaiku.net/) is a Web site that spits out automated poems in the classic 5-7-5 syllable format. It feeds off NSA keywords and pulls from a Department of Homeland Security keyword list.
I didn't think I could possibly top my first automated haiku:
<blockquote>ISS S/Key
Sneakers strain sardine veggie
Phreaking ninja WINGS</blockquote> Phreaking ninja wings? Awesome! After a good laugh, the absurdity of it all starts to set in. I could be triggering NSA surveillance by posting on Facebook about phreaking ninja wings, when all I'm referring to are some hot wings with a sneaky pepper kick to them. There are some other interesting words that pop up in the generator, including Tie-fighter for all you "Star Wars" fans, and Twister for all you fans of uncomfortable body-distortion games. Another effort nets me this gem:
<blockquote>Mega consul zone
Plutonium freedom fraud
Chemical sex beef</blockquote>
Well there we go , thats something very similar to the original thought.
http://www.nsahaiku.net/
Consul Gunfight spies
747 Breach
Gamma Halibut
My first NSA haiku :)
-
So anyone who is interested in security and anonymity must have been increasing shocked by the 'recent' events.
I shouldnt have to explain that any further.
So we can basically state that many encryptions on which almost anyone relies are flawed (Ive had some discussion about using this word but I think it fits the definition, if its not point to point secure its flawed)
Its hardly a suprise that anonymity is dead, only the scale on which this is happening cant cease to blow my mind.
One of the most intriguing parts imo is the automated packet capture and filtering in which millions or more is invested that along with the capability of decrypting it, for x part.
Talking about flaws, there is one theoretical flaw in their system aswel.
There is just too much data to be analyzed, at least by humans.
As a subsitution they would use massive ammounts om computational power and if course software to do the job.
Nothing new so far..
Ive been playing with the idea for a while to do exactly the thing that would confuse this system to such an extend that computational extraction of data could be considered useless.
Everyone here must have heard of those firefox plugins that send random search queries to the big boys to randomize their profiling.
What if something similar would be launched on a massive scale only than with the type of data that would be filtered out by the big parties controlling the game.
Thousand or millions voluntarily sending garbage 'malicious' data , everyone would be a 'terrorist'.
Any thoughts ?
Increasing noise would lower the NSA's already piss poor effectiveness I'd think. There's a new firefox addon that aims to do that.
Flagger is a browser add-on that automatically puts red flag keywords (like bomb, Taliban and anthrax) into the web addresses you visit. Install Flagger and help us send a message: government surveillance has gone too far.
http://flagger.io/
I'm not going to be the first to try it though ...
-
InfoSec Anthrax
Broadside Blizzard Crest Trojan
r00t Fort Meade Plot Burn
+1 for the link :)
-
Damn, I knew about Flagger for a few days, but forgot to link it.
-
Suicide attack
defensive Storm Gang Talent
SLIP assassinate
So beautiful...
-
Hi! I'm the developer of Flagger. I saw your forum in my web analytics and wanted to stop in and say hello. I've been dabbling in security research for the last year, and it seems like I could learn a lot here :)
Also thought I'd put this out here. If you don't want your HTTP referrer information to show up in outlinks, you can use Javascript to add a rel="noreferrer" attribute to every link. Seems like some of your discussion topics might best not draw 3rd party attention!
Cheers!
-
Massive web of irc servers/channels spamming hot keywords.
Ran by volunteers.
-
Since it was revived, I have to ask, what do you mean by cracked encryption's?
As far as I know all asymmetric encryption are uncrackable, bruteforceable? Yes, but not crackable.
Also the bigger the encryption the less likely it is that bruteforce will do it, as we kall know, exponentially.
I truly believe this is the "TOR cracked" incident all over again.
Also what recent incidents? (By now they should be old but w/e) the PRISM?
-
As far as I know all asymmetric encryption are uncrackable, bruteforceable? Yes, but not crackable.
Also the bigger the encryption the less likely it is that bruteforce will do it, as we kall know, exponentially.
They are crackable as long as they are based on either the integer factorization or the discrete logarithm problem, in which case they can be cracked by Shor's algorithm in complexity class BQP.
Your second paragraph concerns symmetric encryption, which is true. However, Grover's algorithm can effectively cut the key size in half by offering a mechanism to search unsorted databases in faster than linear time.
-
They are crackable as long as they are based on either the integer factorization or the discrete logarithm problem, in which case they can be cracked by Shor's algorithm in complexity class BQP.
Your second paragraph concerns symmetric encryption, which is true. However, Grover's algorithm can effectively cut the key size in half by offering a mechanism to search unsorted databases in faster than linear time.
I had no clue about that what so ever, thanks for the explaining! I'm going to do some research about that, but can you tell me which algorithms are currently being used that use Integer Factorization or Discrete Logarithm? ( I should find some of them sooner or later, but this kind of information is usually pretty hard and requires a lot of knowledge to understand it, which I lack)
EDIT::
Ok I've read a little bit more about this, and what you're saying is based on Quantic Computing , which as far as I've seen (and as been publicly released) is very far from being able to crack hash's.
Even Quantic isn't as simple as "Start!... Cracked!".
I have seen cracking RSA 4096 with a microphone, which is pretty awesome, but requires a very specific set, a bunch of software that I believe it's not available and physical access to the machine.