Welcome Guest [Log In] [Register]
Welcome to Crypto. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
How to remain secure against NSA surveillance
Topic Started: Sep 6 2013, 08:01 AM (325 Views)
coder
NSA worthy
[ *  *  *  *  *  * ]
Bruce Schneier's article is worth reading here:

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

Mok Kong Shen's aversion of backdoors is given a good airing. Several useful open-source programs are listed.
quot homines tot sententić
Offline Profile Quote Post Goto Top
 
JOE.TEKK1
Elite member
[ *  *  *  *  * ]
Thank you. Yes, also see Bruce Schneir's column and commentary articles. I am interested in this "Tails" program.
I know about SilentCircle and GnuPG ( OpenPGP ) . Have a great weekend, everyone ;-) . /s/ Joe

-- 11:26AM ; Friday 6 SEP 2013 --

Offline Profile Quote Post Goto Top
 
mok-kong shen
NSA worthy
[ *  *  *  *  *  * ]
Incidentally there is also an article http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0 that says among others:

"The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world's most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world."

It is my "belief" that with appropriate knowledge and extremely conservative disciplines secure communications for limited volumes/efficiency over the Internet is actually realizable despite claimed "groundbreaking" analysis capabilities of NSA (at least in case of symmetric encryption and faultless key management). Nevertheless, how communications of a normal (average) person or commercial firm could be "effectively" entirely immune to attacks of the mighty spyagencies "in practice" remains a riddle for me (excepting one would perhaps fall back on the old-fashioned practice of employing personal couriers). Note that even Schneier has in his recommendations "This might not be bulletproof..." etc. On the other hand, in "really" critical cases that need protection and that may even be "particular" targets of the mighty spyagencies (i.e. NSA and its counterparts elsewhere) anything less than 100% security is defacto no security IMHO. Another "belief" of mine is that the "main" activities/results of the mighty spyagencies in their universal data acquisation on the Internet are to date not cracking down of terrorists or mafias but financial and industrial espionages. It's really high time that we all actively attempt to eventually find good "practical" means to effectively curb, if not stop, such malicious work.

[Addendum] See also: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

[Addendum] Quoted from http://www.reuters.com/article/2013/09/08/us-internet-security-idUSBRE98701J20130908:

"Vint Cerf, author of the some of the core internet protocols, said that he didn't know whether the NSA had truly wreaked much damage, underscoring the uncertainty in the new reports about what use the NSA has made of its abilities. 'There has long been a tension between the mission to conduct surveillance and the mission to protect communication, and that tension resolved some time ago in favor of protection at least for American communications,' Cerf said."

Interesting IMHO is anyway the phrase "at least for American communications". What about non-American communications??

[Addendum] http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?_r=0

[Addendum] http://news.cnet.com/8301-13578_3-57602701-38/nsa-disguised-itself-as-google-to-spy-say-reports/

[Addendum] http://www.networkworld.com/news/2013/091913-nsa-tech-industry-274011.html?page=1

[Addendum] RSA Security urgently warns against further use of the PRNG that was heretofore the preferred standard in its BSAFE-Library. See http://www.zdnet.de/88170660/nsa-affaere-rsa-warnt-eigenem-produkt/ (in German).

[Addendum] Concerning elliptic curves of NIST: http://www.zeit.de/digital/datenschutz/2013-09/Dan-Bernstein-NSA-NIST/seite-2 http://www.golem.de/news/elliptische-kurven-die-herkunft-der-nist-kurven-1309-101567.html (in German).

[Addendum] http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown-blog-post-johns-hopkins
Edited by mok-kong shen, Sep 27 2013, 04:23 PM.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
ZetaBoards - Free Forum Hosting
Join the millions that use us for their forum communities. Create your own forum today.
Learn More · Register Now
« Previous Topic · News · Next Topic »
Add Reply