Has the NSA already broken bitcoin?

[01BTC10]

I'm reading this book right now. Pretty on topic. In this novel the NSA can decrypt any algorithm except one...

I'm sorry for your loss.  That book is total junk.  At least with the other formulaic dan brown novels, they touch on something he knows about (religious history).  This one does not.  

I'm reading about 1 novel a year. Much more than that when I was younger. I don't expect everything in this book to be accurate. I'm 50% done and enjoying it. The rest of the years, I'm reading technical books and stuff so this is relaxing for my mind.

[vesperwillow]

Your signature fits perfectly the self-portrait you just painted.

*blink*

What does any of that have to do with anything being discussed? It's a signature to public donation and low volume receipt wallets. Most of us have them.

Still I doubt the NSA would want anything to do with bitcoin besides use it to pay their own spies in Iran and Russia."Comrade, here is your 1000BTC for political blackmail purposes. Please get picture of Putin wearing lipstick passed out drunk in a dress".

Exactly. Could the technology and its adaptation/adoption/evolution be of interest in general? Perhaps. But they likely don't give a rip about people using it to send basic transactions.

[citboin]

This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

can anyone think of a lower risk way to test...?

I have an idea, do what these guys did

http://www.dailymail.co.uk/news/article-2407949/Test-reveals-Facebook-Twitter-Google-snoop-emails-Study-net-giants-spurs-new-privacy-concerns.html

[Alpaca Bob]

This is the crypto standard that the NSA sabotaged: http://boingboing.net/2013/09/11/this-the-the-crypto-standard-t.html

[Puppet]

This is the crypto standard that the NSA sabotaged: http://boingboing.net/2013/09/11/this-the-the-crypto-standard-t.html

Or that's the one they dont care about if you know it, since apparently its used pretty much nowhere.
I also dont see how that would fit in to this quote from the guardian article:

An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"

The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

I dont think anyone would be gobsmacked if they found out an obscure, slow, suspect, almost never used psuedo random generator was hacked.

I dont know what to trust anymore right now, but on the top of things I no longer trust, is Tor;
http://news.softpedia.com/news/The-US-Government-Funds-60-Percent-of-the-Tor-Project-381195.shtml

Is that what they cracked in 2010? Who knows.But I doubt they would fund 60% of a project which sole goal is precisely to make it virtually impossible for NSA and others to snoop on its users, unless there was a tangible benefit to it.

[vesperwillow]

Is that what they cracked in 2010? Who knows.But I doubt they would fund 60% of a project which sole goal is precisely to make it virtually impossible for NSA and others to snoop on its users, unless there was a tangible benefit to it.

Knowing what's in the network packets that folks don't want them to know.

http://en.wikipedia.org/wiki/The_enemy_of_my_enemy_is_my_friend

[marcus_of_augustus]

This is the crypto standard that the NSA sabotaged: http://boingboing.net/2013/09/11/this-the-the-crypto-standard-t.html

Or that's the one they dont care about if you know it, since apparently its used pretty much nowhere.
I also dont see how that would fit in to this quote from the guardian article:

An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"

The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

I dont think anyone would be gobsmacked if they found out an obscure, slow, suspect, almost never used psuedo random generator was hacked.

I dont know what to trust anymore right now, but on the top of things I no longer trust, is Tor;
http://news.softpedia.com/news/The-US-Government-Funds-60-Percent-of-the-Tor-Project-381195.shtml

Is that what they cracked in 2010? Who knows.But I doubt they would fund 60% of a project which sole goal is precisely to make it virtually impossible for NSA and others to snoop on its users, unless there was a tangible benefit to it.

"Gobsmacked analysts", "huge breakthrough circa 2010", these kinds of comments have now come from more than one source so it is gaining credibility that they are wielding a rather big cracking hammer right now ... all sound reasoning ... as I have suspected for some time Tor is just another spook honey pot.

[Dabs]

They want you to avoid using Tor. They also use Tor themselves.

[marcus_of_augustus]

They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

In related news Matthew Green one of the Zerocoin guys has got into trouble with his dept. dean at JHU criticising the NSA ... what a bunch of PC BS! (Not to mention smacks of censorship, 1st amendment suppression, etc)

http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog

Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data.

JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers.

[niko]

They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

In related news Matthew Green  on of the Zerocoin guys has got into trouble with his dept. dean at JHU criticising the NSA ... what a bunch of PC BS! (Not to mention smacks of censorship, 1st amendment suppression, etc)

http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog

Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data.

JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers.

Andrew Douglas, how pathetic! He belongs more to the Soviet or Albanian past, or to the North Korea of today. In my experience, most of today's so-called intelectuals in the U.S. academia are similarly brain-washed into blind, politically-correct obedience. Dangerously stupid people.

[prophetx]

This would be pretty easy to test. Just get a bunch of friends to start exchanging encrypted messages about bombing an embassy or govt office. If these douche-bags can break it, they'd be on you like white on rice.

can anyone think of a lower risk way to test...?

You all sign a notarized piece of paper that these conversations are to exercise artistic speech to create a book and that there is no intent to carry out the discussion that will take place beyond creating a work of fiction?

[Dabs]

They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

They helped design and implement Tor so their own people (government) can use it in foreign places. Actually, Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications.

[cypherdoc]

They want you to avoid using Tor. They also use Tor themselves.

How could you possibly know that?

In related news Matthew Green one of the Zerocoin guys has got into trouble with his dept. dean at JHU criticising the NSA ... what a bunch of PC BS! (Not to mention smacks of censorship, 1st amendment suppression, etc)

http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog

Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data.

JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers.

you are aware that JHU has since apologized for the reprimand and allowed his original post to remain public?

[freedomno1]

Not sure on the bitcoin security

Bitcoin does use ECDSA

 https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm

So does that make it vulnerable to the NSA

http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005. The algorithm was approved by NIST in 2006. In 2013, the New York Times revealed that Dual Elliptic Curve Deterministic Random Bit Generation (or Dual_EC_DRBG) had been included as a NIST national standard due to the influence of NSA, which had included a deliberate weakness in the algorithm.[3]

[DeathAndTaxes]

ECDSA is not the same as Dual_EC_DRBG.   The vulnerability is with Dual_EC_DRBG not the entire ECC concept.  Actually the speed at which the crypto community sounded the alarm on Dual_EC_DRBG should be seen as a positive sign.  It was/is an obscure algorithm with no real widespread usage and the flaw was found and published internationally in the span of a few months.   

[BTCisthefuture]

it's certainly not out of the realm of possibility.  for people who think certain encryptions can't ever be broken, that's very naive to think that way. throughout history we end up breaking or doing things people never thought would be possible.  heck just go back 100 years or so and try to explain a smart phone to people.  so to think encryption can't be broken or won't be broken is very naive, i always assume that it can or is or will be broken at some point so it's going to be up to "us" to continue to make new and improved forms of encryption.

if the question is has the NSA already done it.... no, i don't think so.  But I do believe eventually at some point in the future it very well could happen.

[jubalix]

The NSA created Bitcoin and used ECDSA in it because they already had it broken.

This risk is already mitigated for any bitcoin address that has not been used for spending (i.e. its public key is not yet known).

Even if ECDSA is broken wide open, it doesn't really matter with respect to bitcoins that have been received at addresses that have never been used for spending, because the corresponding ECDSA public key is not known and cannot be determined without also breaking both RIPEMD160 and SHA256 simultaneously.

Can anyone speak to the issue, if I use a deterministic wallet (eg electrum,) and I spend from one address, thus ECDSA is all that is needed to be cracked, can that private key be used to access the rest of the address even though Unspent.

Thus would it be safer if I use multibit or the QT, as the issue is in the random generation only but the secon vulnerability is no their as those addresses are not determanisitc.

Where is the best place to generate the safest addresses keys, as I like the electrum interface and could always import keys.

I have tried to raise this in the elctrum sub boards, and the answer was not as definitive as I would have hoped.

[Dabs]

That's one reason I don't use deterministic wallets. You guess the master key somehow, you get all the keys. If you can get it from one of the spent keys, I don't know and that is up for debate, but I'd rather not take the risk when it is so easy to just use a brand new randomly generated bitcoin address.

[cactus-pits]

NSA even invented Bitcoin.

Nakamoto SAtoshi = NSA

lol

[marcus_of_augustus]

That's one reason I don't use deterministic wallets. You guess the master key somehow, you get all the keys. If you can get it from one of the spent keys, I don't know and that is up for debate, but I'd rather not take the risk when it is so easy to just use a brand new randomly generated bitcoin address.

How well do you know your RNG that created those addresses?