Bitcoin Forum

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/

From this article, it's clear the main goal of the newest datacenter in NSA's line is to crack high-level encryption. The hardware that will be in this is unclear. What is clear is that the budget for this monstrosity is over $2 billion; more than enough monetary power to bring Bitcoin to hell and back.

Stay aware.

mmmmmmm imagine the Ghash's, but there more likely to use it for cracking pgp and truecrypt

$2 Billion Dollars!!! That's pretty smart of them to share with our enemies exactly where the nerve center is located if this Cyber Cold War we're currently in ever escalates.

From the same source: Google Asks NSA to Help Secure Its Network (http://www.wired.com/threatlevel/2010/02/google-seeks-nsa-help/)

~Bruno~

How vulnerable is pgp and truecrypt to brute force attack by so much hashing power?

We're in luck! The NSA will never be able to crack passwords provided by blondes.


http://api.ning.com/files/ekFGRd9Hb*RZu6BIRdsUtgyWBrpam8mbXHbsIAmJMS14xZej9buNR1pV5Q73ktm*iWEBS8dJvc55xh4HC-5sKhGIiRWdm0ec/securedownload.gif (http://www.thisis50.com/forum/topics/the-longest-password-funny?xg_source=activity)

Since they will just have a lot of parrallel processing power, and have not discovered any real vulnerability in those protocols, it seems it will be enough for truecrypt and gpg users to double they maximum key size and be done with it. As I understand it, the difficulty to crack them increases exponentially with longer keys.

ROFLMAO!

i'm not an expert by any means in this area but i thought it was interesting the way the article was written.

basically the author says the NSA has the capability to do whatever it wants, whenever it wants, wherever it wants, and to whomever it wants with the additional implication that money is no object.

color me skeptical and would appreciate the comments of those whose technical knowledge or connections is up to par to comment on this.

With traditional bruteforcing cracking would still be unfeasible,
but maybe they have some crazy quantum or side channel stuff we dont know about.

etotheipi seems pretty well versed in quantum computing and he works in a physics lab in Maryland.  you'd think he'd be pretty up to date on this stuff and he isn't worried about that kinda stuff for 10-20 yrs.

Don't tell me that the government and NSA are smart enough to take advantage of that fact by building the infrastructure now to be prepared for quantum code breaking down the road.

~Bruno~

I use 4096 bits for everything, so I'm fine.

But now I'm going with 8192 bits just to be sure.

~Bruno~

2 billion$ for cracking a typical password for anything remotely important

W39aJtv<w50>jcvOBJ20f<J36MDU{skK

Should not take more than a few milleanias. Good luck with this.

Rubber hoses and predators and bent senators are so much more cost effective than those datacentres.

Imagine a safe made from steel. The walls is thicker than diameter of Milky Way galaxy. That's how strong is properly deployed TrueCrypt. The 2billion diamond saw will not cut trough the steel wall hundreds of light-years thick in reasonable time. With reasonable I mean before Earth takes plunge into Sun.

I guess the new NSA datacenter is not for raw bruteforcing but for mining semantic data from all your intercepted e-mails and other unencrypted junk travelling trough internet backbones.

+1!  Probably far easier and more cost effective to simply find the IP's of most bitcoiners, and destroy all their stuff, set them up on rigged cocaine charges, and put them in prison. That'd be a better attack vector.

According to the article, they are specifically targeting AES encryption, and are hoping to break 128-bit and lesser stuff from 10 years ago to do analysis of the old data to see if there are patterns. They have collected information for a long time, and are only now having a go at actually breaking the encryption. 256-bit should be fine for a while yet, but in 10 more years it may also be breakable, if you have a 2 billion dollar budget.

I always use the maximum key size possible, usually 8192 or 16384... Takes a while to generate, but I never notice a difference when I'm actually using them.

They are creating a neural net to model your brain. Once it achieves consciousness, they can just ask it what password you would have used.

Hrm...
"According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. "

You would think that if the endgame was to bring down BTC, they could do it much cheaper than $2B.

A far more likely use would be a fishnet over GSM-encrypted phone calls in realtime.

So they finish this sometime in 2013... Should be plenty of time to scramble together a few nuclear bombs to wipe the place off the fucking map just as they put the finishing touches on it. Anyone in for some fun?

DISCLAIMER: I'm drunk, so don't take me seriously.

Ill say what i always say again, its a good idea to keep your data both secret (keep it away from prying eyes) AND encrypted. sometimes both are not possible, but you should try when you can.

For example, bitcoin, this is almost never possible because by design, you give out your public key.

However, secret documents and messages can be both secret and encrypted. You only give the encrypted data to whoever needs it.

Fabulous work, rjk. You just got every person in this thread on a domestic terrorist watchlist.

See you in indefinite detention.

Pretty sure every single one of us has been on the list since 2009 when bitcoin was invented. Cheers.

Now you are:

dirty bomb plutonium palestine abduct anthrax yemen al queda jihad plane truck train liberate occupy

Made possible by the nearly unnoticed NDAA!

Using larger key sizes won't really do any difference unless your password also has double the entropy. We're slowly reaching a point where humans are having trouble remembering pass phrases with sufficient entropy (we're not there yet though!).

Once you get to that point, you can just hash the part you remember and use the hash as the password. The part you hash would still need to be strong, and it would force the cracker to either, use hashed values, the actual values, or both. We could also go the route of using patterns instead of characters.

The red dots are places where red dots on other shapes "lock". The basic idea is that you would be making a vector object, then use that code as the password. Again these are vector objects, so size does not matter. all that matters is that the correct shapes are connected correctly in the right orders, etc..

http://img560.imageshack.us/img560/6154/vectorpassword.png

Well that's true. You could, for example as Armory does, use a really slow key derivation function, and apply it so many times that it takes, for example, one second to get the key from the password. That would limit the cracker's attempts to one key per second as far as I can tell (unless the key derivation function is compromised).

Interesting idea about using shapes to gain entropy. Though I have a hard time figuring out how much entropy this actually provides.

256-bit is not two times stronger than 128-bit. The strength of encryption grows exponentially, not linearly. 256-bit with current computing technologies and more's law might be safe for more than 10 or probably 200 years. It might be safe till the end of time.So the TripleDES is finally broken? Or Blowfish, or SHA-1 hash function? What is complex encryption scheme? Some Rube-Goldberg encryption using data destruction and outdated ciphers or TrueCrypt? TrueCrypt is actually not so complex at all, in terms of usability and ease-of-use. This statement by incomptetent spokesperson makes no sense at all to me.GSM is no encryption at all, it is merely a obfuscation. NSA and any government agency can listen at will, they already have copies of GSM encryption keys and direct access to operator's infrastructure. Maybe using voice recognition and data mining all conversations nationwide is one of the purposes?In some countries being drunk while committing crime (such as telling it will be good if someone nuke arseholes in NSA) is going to ad additional years to sentence.I'm located in Eastern Europe and I have veiled Arab man in my avatar, now I'm a foreign terrorist! :D Nuke with dirty Iranian nuclear bomb the capitalist terrorists and abduct CIA president while sniffing train of anthrax letter cocaine and buy Rolex replica watches cheap! Sh*t, that smoke was a strong one!Is it something similar to MDMA? I will visit Silk Road to find out more :DThe password in GPG is used to protect the private key in case if the file containing key is fallen in hands of enemy. It is not related to quality of the keypair. If enemy only have your public key, the quality of the password protecting your private key does not matter. Only the source of randomness is important, and computers are known to be poor at generating truly random data without hardware random number generator.

Where passwords are the weakest link, they must be strong and random. In 1 month average human can remember password containing 30+ ASCII characters.