Playing their game. An idea, some speculations and discussion.

[proxx]

I beleive this chat should be moved away from public facing forums...

Might be wiser indeed, as more people mentioned.
Funny thing is that we all know hidden doesnt mean nothing.
Also even if we would trust SSL this forum has a leak that hasnt been fixed.
Anything posted goes in the clear even if your using https.

[kenjoe41]

Ok allow me give my two cents. The NSA hasn't survived this long without threats likes these. I think its an organisation that learns and mutates from every piece of information it gets. All that big budget goes down into systems that separate false positives and real data. I mean it hasn't survived 60 years without being a master at this.

About the possibility of this, well i say tools can be developed though there life time in the wild, that i can't vouch for. I mean sooner or later that data may lose randomness and the dots can be connected and then the system mutates to accomodate you.

[lucid]

maintaining as much as possible the anonymity of those developing/working on it should obviously be the most important point.

Seems our options for anonymity have been somewhat limited as of recently..

[Architect]

So we can basically state that many encryptions on which almost anyone relies are flawed (Ive had some discussion about using this word but I think it fits the definition, if its not point to point secure its flawed)

I disagree with a few things here.

The government hasn't broken anything; they cracked RSA but that's about it. And it took them a very long time to boot. Saying all encryption is flawed is not true. Simply because many encryption methods are public knowledge and very unguarded when it comes to the /src/. Also, it's important to note that many standards are not public knowledge or FOS.

That does not inherently mean they are flawed or back-doored just because the author never showed the code. PGP/GnuPG, DES, most key encryption means are still safe and secure. It would take quantum computers to crack these keys. Things like OTR (Pidgin Off The Record messaging encryption) are still very much safe.

Your best bet in fact, in breaking most key algorithms, is to intercept keys in transit from person to keyserver. Even then technically they are not broken, you just got lucky and found the secret keys. And those are by the way, usually password encrypted themselves. This adds an additional layer of encryption. GnuPG is an excellent example of secure communication that will not likely be broken until quantum computing. DES is very strong as well, and AES (a non-key encryption) is still not taken lightly.

Saying all encryption is broken because NSA cracked RSA or ToR (no discussion needed or wanted here) is not very informed.

[Architect]

Might be wiser indeed, as more people mentioned.
Funny thing is that we all know hidden doesnt mean nothing.
Also even if we would trust SSL this forum has a leak that hasnt been fixed.
Anything posted goes in the clear even if your using https.

Just now, my post (using https everywhere by the way) was sent in the clear as soon as I hit submit. Should definitely try to fix that. /double post

[proxx]

I disagree with a few things here.

The government hasn't broken anything; they cracked RSA but that's about it. And it took them a very long time to boot. Saying all encryption is flawed is not true. Simply because many encryption methods are public knowledge and very unguarded when it comes to the /src/. Also, it's important to note that many standards are not public knowledge or FOS.

That does not inherently mean they are flawed or back-doored just because the author never showed the code. PGP/GnuPG, DES, most key encryption means are still safe and secure. It would take quantum computers to crack these keys. Things like OTR (Pidgin Off The Record messaging encryption) are still very much safe.

Your best bet in fact, in breaking most key algorithms, is to intercept keys in transit from person to keyserver. Even then technically they are not broken, you just got lucky and found the secret keys. And those are by the way, usually password encrypted themselves. This adds an additional layer of encryption. GnuPG is an excellent example of secure communication that will not likely be broken until quantum computing. DES is very strong as well, and AES (a non-key encryption) is still not taken lightly.

Saying all encryption is broken because NSA cracked RSA or ToR (no discussion needed or wanted here) is not very informed.

Yes I realized that the 'news' was highly overstated , however  the government owing root keys can be a real problem.
SSL can be bruteforced with enough power as long as the strenght is 'low'
And yes your right, https does not apply to posting , I never use evilzone on public places for that reason.
Needs a fix , big time.

[lucid]

and AES (a non-key encryption) is still not taken lightly..

I wouldn't be so sure.

[Architect]

You have yet to argue a reason why you're not sure, please give me something.

[lucid]

You have yet to argue a reason why you're not sure, please give me something.

It's the number one encryption standard recommended most by the US government and colleagues themselves, and I won't use anything recommended to me by the US.

[Architect]

Your only reason for not using it is that they use it too? What if I told you most government officials communicate with OTR, what would you have to say then? Not that this has any fact-based logic to offer but hypothetically speaking?

Also, take a look at one of the most used sites on the web, Wikipedia: encryption is SSL_RSA_WITH_RC4_128_SHA, 128 bit keys. It would be very difficult to break even with the SSL root keys and cracked RSA, and it wouldn't be worthwhile for the NSA to waste resources on it in the first place.

But back to my point. I can't necessarily deny the possibility that AES is broken as well, since it was developed by the U.S. National Institute of Standards and Technology (NIST) and that institute was established by the United States Department of Commerce (DOC), a federal organization.

In theory, you could be right. AES could be flawed, much like ARCFOUR before ARCFOUR-A was introduced as a "fix". But this is just theory. It is more likely the NSA would attack much simpler algorithms before trying to reverse AES.

[proxx]

Your only reason for not using it is that they use it too? What if I told you most government officials communicate with OTR, what would you have to say then? Not that this has any fact-based logic to offer but hypothetically speaking?

Also, take a look at one of the most used sites on the web, Wikipedia: encryption is SSL_RSA_WITH_RC4_128_SHA, 128 bit keys. It would be very difficult to break even with the SSL root keys and cracked RSA, and it wouldn't be worthwhile for the NSA to waste resources on it in the first place.

But back to my point. I can't necessarily deny the possibility that AES is broken as well, since it was developed by the U.S. National Institute of Standards and Technology (NIST) and that institute was established by the United States Department of Commerce (DOC), a federal organization.

In theory, you could be right. AES could be flawed, much like ARCFOUR before ARCFOUR-A was introduced as a "fix". But this is just theory. It is more likely the NSA would attack much simpler algorithms before trying to reverse AES.

Than why would you need to reverse something that you designed yourself.
If it would be me I would built it in in the first place.

[lucid]

Your only reason for not using it is that they use it too?

No. My reason for not using it is that it is recommended by them. There are plenty of other worthwhile algorithms that have thus far never been cracked(blowfish/twofish) that I can use without having to use AES. Plus, it wouldn't be the first time the US has intentionally inserted a 'backdoor' into an algo. It IS their algorithm, they can do whatever they want with it right?

I'm not saying it's definitely backdoored, I'm just saying that there's a chance, and I see no reason to take an unnecessary risk

[Architect]

I'm not saying it's definitely backdoored, I'm just saying that there's a chance, and I see no reason to take an unnecessary risk.

As a closing (hopefully) argument:

By that logic, you should stay off the internet, which started as ARPANET, which was of course a DARPA project. There have also been historical incidences of the US government strengthening cryptographic protocols, such as was done with DES by the NSA.

[lucid]

What if I told you most government officials communicate with OTR, what would you have to say then?

I would say that I will probably just continue to use my encryption of choice, regardless of whether or not the NSA is using encryption for their instant messages. 

As a closing (hopefully) argument:

By that logic, you should stay off the internet, which started as ARPANET, which was of course a DARPA project.

Lol I'm glad you know your internet history..
 

[proxx]

http://news.cnet.com/8301-1009_3-57610052-83/nsa-keywords-become-fodder-for-automated-haiku/

The National Security Agency's domestic spying efforts have been all over the news for months. Because it can't listen in to absolutely everybody's electronic missives, the NSA allegedly uses a database of keywords to trigger surveillance. It just so happens that those words make for some interesting poetry.
The NSA Haiku Generator is a Web site that spits out automated poems in the classic 5-7-5 syllable format. It feeds off NSA keywords and pulls from a Department of Homeland Security keyword list.
I didn't think I could possibly top my first automated haiku:
 <blockquote>ISS S/Key
 Sneakers strain sardine veggie
 Phreaking ninja WINGS</blockquote> Phreaking ninja wings? Awesome! After a good laugh, the absurdity of it all starts to set in. I could be triggering NSA surveillance by posting on Facebook about phreaking ninja wings, when all I'm referring to are some hot wings with a sneaky pepper kick to them. There are some other interesting words that pop up in the generator, including Tie-fighter for all you "Star Wars" fans, and Twister for all you fans of uncomfortable body-distortion games. Another effort nets me this gem:
 <blockquote>Mega consul zone
 Plutonium freedom fraud
 Chemical sex beef</blockquote>

Well there we go , thats something very similar to the original thought.
http://www.nsahaiku.net/

Consul Gunfight spies
747 Breach
Gamma Halibut

My first NSA haiku