Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
October 15, 2015, 07:19:50 PM |
|
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice - the best paper of ACM CCS 2015 is pretty interesting: We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to “export-grade” Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups.
We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.
This raises a question: Are you sure that Bitcoin-related websites visited by you are not monitored by NSA? Or maybe you don't care?
|
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3514
Merit: 6847
Just writing some code
|
|
October 15, 2015, 07:48:22 PM |
|
This raises a question: Are you sure that Bitcoin-related websites visited by you are not monitored by NSA? Or maybe you don't care?
Well why should we care about the NSA? I would be more worried about someone somehow using that to break into my account and stealing all of my Bitcoin.
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
October 15, 2015, 08:04:27 PM |
|
Well why should we care about the NSA?
So you don't care, got it.
|
|
|
|
Pattart
|
|
October 15, 2015, 08:32:19 PM |
|
This is kinda worrying that people can eavesdrop on our communications with any site, but it doesn't seem to be very prevalent. It isn't something that makes up a majority of the sites visited, so I don't think this particular vulnerability is worrying.
|
|
|
|
VirosaGITS
Legendary
Offline
Activity: 1302
Merit: 1068
|
|
October 15, 2015, 09:56:31 PM |
|
This is kinda worrying that people can eavesdrop on our communications with any site, but it doesn't seem to be very prevalent. It isn't something that makes up a majority of the sites visited, so I don't think this particular vulnerability is worrying.
I think the NSA has better things to do than monitor everyone's International use of Bitcoin. Until your TX's are linked to suspected terrorist/criminal activity that affect the US or international policies in any way, i think you can put down the Tinfoil hat.
|
|
|
|
zencomp
Full Member
Offline
Activity: 182
Merit: 100
★ Nakedbitcoins.com ★
|
|
October 16, 2015, 03:56:17 AM |
|
This is kinda worrying that people can eavesdrop on our communications with any site, but it doesn't seem to be very prevalent. It isn't something that makes up a majority of the sites visited, so I don't think this particular vulnerability is worrying.
I think the NSA has better things to do than monitor everyone's International use of Bitcoin. Until your TX's are linked to suspected terrorist/criminal activity that affect the US or international policies in any way, i think you can put down the Tinfoil hat. what you said is correct, they have lot of big problems to solve instead of wasting time here until they find any source of work related to this job.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3598
Merit: 10927
|
|
October 16, 2015, 05:00:54 AM |
|
it would be an invasion but this is a public forum so anybody is seeing what we are all doing and there is no hiding that. and as long as i don't get f***ed for just using bitcoin legally i don't care.
besides i agree with VirosaGITS, NSA watching us feels like conspiracy theories.
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
October 16, 2015, 05:24:13 AM |
|
This raises a question: Are you sure that Bitcoin-related websites visited by you are not monitored by NSA? Or maybe you don't care?
I don't care at all. I have nothing to hide and to have fear. Everyone who want can read everything I write or everything I do at internet. So no fear from NSA or every kind of Agencies who make the same or similar jobs.
|
|
|
|
Operand
Newbie
Offline
Activity: 31
Merit: 0
|
|
October 16, 2015, 05:44:02 AM |
|
Cant be that bad eh? I mean as if it's bad enough that governments are able to activate one's camera and microphone on laptops, computers and now mobile phones as confirmed by Snowden
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
October 16, 2015, 05:49:27 AM |
|
Cant be that bad eh? I mean as if it's bad enough that governments are able to activate one's camera and microphone on laptops, computers and now mobile phones as confirmed by Snowden If you read well the question in that is not mentioned this thing answered by you but another. Is is about the things and your habitue on internet and not about things made in your home. So your answer is out of this topic.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1530
No I dont escrow anymore.
|
|
October 16, 2015, 06:05:25 AM |
|
it would be an invasion but this is a public forum so anybody is seeing what we are all doing and there is no hiding that. and as long as i don't get f***ed for just using bitcoin legally i don't care.
Yet, if you read what the paper suggests. Transitioning to ellip- tic curve Diffie-Hellman (ECDH) key exchange with appro- priate parameters avoids all known feasible cryptanalytic attacks. Current elliptic curve discrete log algorithms for strong curves do not gain as much of an advantage from precomputation. In addition, ECDH keys are shorter than in “mod p ” Diffie-Hellman, and shared-secret computations are faster. Unfortunately, the most widely supported ECDH parameters, those specified by NIST, are now viewed with suspicion due to NSA influence on their design, despite no known or suspected weaknesses. These curves are under- going scrutiny, and new curves, such as Curve25519, are being standardized by the IRTF for use in Internet proto- cols. We recommend transitioning to elliptic curves where possible; this is the most effective long-term solution to the vulnerabilities described in this paper.
and check which key exchange algo is used for bitcointalk.org it seems this board is not affected. besides i agree with VirosaGITS, NSA watching us feels like conspiracy theories.
I think you missed the news over the last years. They watch everything and everyone.
|
Im not really here, its just your imagination.
|
|
|
franky1
Legendary
Offline
Activity: 4368
Merit: 4743
|
|
October 16, 2015, 06:24:46 AM |
|
lets imagine it this way..
lets accept that the NSA has full access to all our data.
dont get me wrong, i dont like 3rd parties having my information. but you have to ask yourself, if you put your information out-there either letting it pass through your ISP or put onto facebook, or having an online bank account as oppose to a bill-by-post account then you are just asking for your data to be spread.
now.. the important part
out of 7 billion people, what are the chances that the NSA would even look at your data specifically, investigating you and looking at everything you do for official reasons?
i personally dont care about NSA having access to my data, because chances are id never be investigated.. but im more concerned about my privacy in regards to random people. even people temping and subcontracted to the NSA, or hackers, or ex-girlfriends trying to get at my data for their own amusement or to use it against me in someway.
so dont worry about the NSA as an institution because unless your doing anything illegal, theres nothing to worry about.. but do worry about the PEOPLE that could get their hands on your data for unofficial reasons. and as i said that can include nsa employee's.
afterall if you personally worked for the police or fbi, wouldnt you be tempted to search out stuff on your neighbour or exgirlfriend..
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
Holliday
Legendary
Offline
Activity: 1120
Merit: 1012
|
|
October 16, 2015, 06:41:16 AM |
|
so dont worry about the NSA as an institution because unless your doing anything illegal, theres nothing to worry about.. How naive can you be? out of 7 billion people, what are the chances that the NSA would even look at your data specifically, investigating you and looking at everything you do for official reasons? Gee... a user of that "shady, dark web currency"... I would say the chances are significantly higher than average.
|
If you aren't the sole controller of your private keys, you don't have any bitcoins.
|
|
|
LiQio
Legendary
Offline
Activity: 1181
Merit: 1002
|
|
October 16, 2015, 06:51:14 AM |
|
out of 7 billion people, what are the chances that the NSA would even look at your data specifically, investigating you and looking at everything you do for official reasons?
Sometimes it's the other way round with big data collections: you might not be investigated specifically, but sometimes political institutions need to leave someone holding the baby. This could be you, because your pattern matches best: guilty by inference.
|
|
|
|
Amph
Legendary
Offline
Activity: 3248
Merit: 1070
|
|
October 16, 2015, 07:06:56 AM |
|
there are not 7B using internet, that's a naive thinking, more like half of, that, and i'm sure that with a right scrypt they can check those pretty fast
they can monitorize you but don't have the tool to investigate? would be stupid and pointless from their end
but anyway i don't have anything to hide so i'm not worried
|
|
|
|
Kakmakr
Legendary
Offline
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
|
|
October 16, 2015, 07:16:32 AM |
|
lets imagine it this way..
lets accept that the NSA has full access to all our data.
dont get me wrong, i dont like 3rd parties having my information. but you have to ask yourself, if you put your information out-there either letting it pass through your ISP or put onto facebook, or having an online bank account as oppose to a bill-by-post account then you are just asking for your data to be spread.
now.. the important part
out of 7 billion people, what are the chances that the NSA would even look at your data specifically, investigating you and looking at everything you do for official reasons?
i personally dont care about NSA having access to my data, because chances are id never be investigated.. but im more concerned about my privacy in regards to random people. even people temping and subcontracted to the NSA, or hackers, or ex-girlfriends trying to get at my data for their own amusement or to use it against me in someway.
so dont worry about the NSA as an institution because unless your doing anything illegal, theres nothing to worry about.. but do worry about the PEOPLE that could get their hands on your data for unofficial reasons. and as i said that can include nsa employee's.
afterall if you personally worked for the police or fbi, wouldnt you be tempted to search out stuff on your neighbour or exgirlfriend..
Most of us believe this, until you say something on a forum or Facebook or Twitter that they flagged as a possible threat to the USA. The topic could have been flagged out of context, but the software scanning the communication could isolate your words from those 6 billion people. Simply typing the N$A abbreviation will already flag your post on their database. The only solution is to stay legal in everything you do, and hope someone will not browse into your privacy for their pleasure and entertainment. We have seen with the Silkroad case that there are corrupt agents out there, so it is not impossible for people to misuse these systems for their own benefit.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
pawel7777
Legendary
Offline
Activity: 2590
Merit: 1623
|
|
October 16, 2015, 10:23:32 AM |
|
This raises a question: Are you sure that Bitcoin-related websites visited by you are not monitored by NSA? Or maybe you don't care?
I don't care at all. I have nothing to hide and to have fear. Everyone who want can read everything I write or everything I do at internet. So no fear from NSA or every kind of Agencies who make the same or similar jobs. Oh really? If so, would you mind sharing your personal info + address (scanned docs) right here in this post? Would you allow anyone to view your personal emails, text messages, call logs, google search history etc? Edit: something to consider for all those blue-pilled members who think NSA is all about tracking terrorist and criminals: http://www.dw.com/en/germany-fears-nsa-stole-industrial-secrets/a-16925289http://www.informationclearinghouse.info/article37484.htm
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1530
No I dont escrow anymore.
|
|
October 16, 2015, 11:21:07 AM |
|
This raises a question: Are you sure that Bitcoin-related websites visited by you are not monitored by NSA? Or maybe you don't care?
I don't care at all. I have nothing to hide and to have fear. Everyone who want can read everything I write or everything I do at internet. So no fear from NSA or every kind of Agencies who make the same or similar jobs. Oh really? If so, would you mind sharing your personal info + address (scanned docs) right here in this post? Would you allow anyone to view your personal emails, text messages, call logs, google search history etc? -snip- Even if they dont mind, its still no argument. Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.
|
Im not really here, its just your imagination.
|
|
|
neoneros
|
|
October 16, 2015, 11:48:03 AM |
|
A breach like this will only make the ones who really want to be private to better their efforts to keep out the eavesdroppers,
I Do not like being eavesdropped, but what I do is what I do and at the moment I do not care what others think of it or if they tap into it, they shouldn't, just like when someone in the train besides me is not allowed to watch what is on my phone, I try to guard it with my hand. The NSA is harder to guard against, but technology will catch up. If I ever feel that the things I say or do might get me in trouble because the NSA or any institure thinks what I say or do is 'bad'. I will try harder to conceal. But at the moment, I feel safe enough to say and do as I like. So I might cut myself short here, if I ever digitaly disappear, they know that what I am doing is not meant to be seen and worthy investigating..
So as long as Bitcoin is not linked to being criminal, I will not hide my bitcoin activities for the NSA, though I do think their eavesdropping is a big nuiscance.
|
|
|
|
DarkHyudrA
Legendary
Offline
Activity: 1386
Merit: 1000
English <-> Portuguese translations
|
|
October 16, 2015, 12:30:16 PM |
|
https://weakdh.org/This website is nothing new, it's been around a few weeks the first time I saw it, if not more then a whole month, no? And anybody can check if the website is protected from this attack.
|
English <-> Brazilian Portuguese translations
|
|
|
|