Read the Beforeitsnews.com story here. Advertise at Before It's News here.
Profile image
Story Views
Now:
Last hour:
Last 24 hours:
Total:

NSA Forces Replacement of RSA Encryption (SSL is next)

% of readers think this story is Fact. Add your two cents.


If you’ve been following the recent news on the NSA, you have seen something disturbing about RSA’s public/private key encryption. Last week, a story came from Reuters that stated RSA had taken $10 million for a deal from the NSA to make RSA the standard, but that ended up weakening the algorithm so it could be broken. Here’s the link to that story on TechDirt.  Unseen.is is one of the first companies to announce it has completely removed the RSA code from it’s products.

We’ve known about this sort of thing for several years, ever since some former govt contractors told us “if the encryption is widely used and public, it’s broken”.  We’ve planned for this replacement since starting our project.  Edward Snowden confirmed much of this, but one of the more shocking allegations he released had to do with a systematic program to weaken encryption that was reported by the Guardian:

 The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs.

And this little tidbit:

To think that something as important as RSA, the leading public/private key software could be compromised for only $10 million shows how low the price is to get to these folks.  Just think about the researchers at a university and how little it would cost to buy a grant and influence them, too.  This now makes all “open source” encryption suspect — how can you trust all the various people making contributions to code, that they didn’t get a taste of NSA money?  Of course, there are still some very good and honest people working in cryptography, but all it takes is one bad one to ruin everyone else’s work.

Once the weakener is installed and these things become established standards, they get into everything.  The biggest security risk is now that other governments, the Russians, Chinese, French, etc., know about these backdoors, they have also been exploiting them.  This ability to break encryption is filtering down to the criminal gangs who broke into Target and stole millions of credit and debit cards, along with PIN numbers (that are stored encrypted).  Some banks have put limits on cash withdrawals, most likely because they believe the encryption that stores the PIN numbers has been broken.  With any technology, it’s only a matter of time before criminal elements get ahold of it and master it.

We initially used the public domain RSA to create your public key as a way to get started, but we also understood, it had two major problems.  First, it was broken.  The NSA and CIA stopped complaining about 2048 bits RSA encryption that was used by various companies in the mid-1990′s.  Even if you double the bits for that encryption, it’s not going to hold up, given the side attacks made possible by weakeners placed in the code as we discussed above.  The second problem is one of speed.  RSA is very slow to generate a key and to do it effectively for consumers who are short of time or using lower powered mobile devices, we had to generate keys in batches on our servers and deliver the private keys to our users.  That’s far from ideal and we found a way to improve that and completely replace the RSA code.

We selected another technology known as NTRU, which is a public/private key system based on an entirely different technology, and it’s been used commercially for a number of years, mainly by banks.  Because it’s still under patent protection, most of the open source community avoided it so they wouldn’t have to pay any license fees.  Most of the quantum resistant codes are still covered by patents, and we have a license and pay royalties.  NTRU is believed to be resistant to quantum computing attacks.  Quantum computers are the next generation computer that can be used for code cracking — it’s literally 10 billion times faster than current computers.  That means if you have a code that will take 30 years to crack on a regular computer, it could be broken in seconds or just a few minutes with a quantum computer.  That renders all but a few encryption methods obsolete if you’ve got a quantum computer at your disposal.  We know that Google and NASA together recently bought a D-Wave quantum computer,  and if that kind of gear is publicly available to companies like Google, you know that the top spies have even better stuff at their disposal created by their best scientists, crashed UFO’s or whatnot (just joking).

We don’t believe NTRU has been broken, so we took their publicly available code and modified it.  First, we removed the SHA-1, which is only 160 bits strong and replaced it with stronger code.  We also added our own xAES at 4096 bits, which significantly increased the number of dimensions in the computation.  All of this is now done on YOUR computer, you are generating the key.  Many of our competitors still keep the key, or send it over SSL to your computer, which makes it vulnerable to interception.  If someone else gets your private key, you might as well not bother with encryption at all — that’s how important this is.  As soon as next month, our premium users will also be able to store the key themselves, too, using very strong encryption on your local computer.  That’s the only way to guarantee your security.

Once we complete that, the only weak area from an encryption point of view is the SSL encryption used to establish the “padlock” connection between your computer and the server.  We’ll be adding another NTRU layer to that before we leave “beta” and will then have what we believe will be the most solid “end to end” encryption available to the public.

What’s the problem with SSL?  We were told by a former ISP from a communist country in Asia that their government had been provided with a toolkit from the US government to break the SSL encryption being used to secure web visits and communications.  Even earlier, I had been told in 1997 that the NSA had broken then current 128 bits SSL in real time.  You can imagine what the capabilities for breaking into SSL are today, from state actors and organized and technical criminal gangs.  This is why you can only rely on encryption that’s obscure, strong, and mature and it’s always going to be a cat and mouse game with the people who want to break into your messages.



Source: http://blog.unseen.is/2013/12/25/nsa-forces-replacement-of-rsa-encryption-ssl-is-next/


Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world.

Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.

"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.

Please Help Support BeforeitsNews by trying our Natural Health Products below!


Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST

Order by Phone at 888-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST

Order by Phone at 888-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST


Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!

HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation

Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.

MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser!  Cleans out toxic buildup with oxygen! 
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover -  Reduces Smart Meter radiation by 96%!  (See Video)

Immusist Beverage Concentrate - Proprietary blend, formulated to reduce inflammation while hydrating and oxygenating the cells.

Report abuse

    Comments

    Your Comments
    Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

    Total 8 comments
    • Jack F00BAR

      Open source people don’t avoid patent owned works before it costs money. They avoid it because you can’t see the NSA fking with the code. Your panacea of blindness with NTRU is just as deadly as trusting a name brand like RSA.

      Unless it’s open sourced, you will never know how it works, and therefore your security is just as much of an illusion as your hopes and dreams.

    • GBCIR

      Phi Mod9 cracks prime numbers.

      Primes squared are correct BASE.

      RSA was compromised from the beginning.

    • RandomDude

      RSA never was broken. They paid $10 mio to “influence” the random number generation process (RNG) that is used to generate RSA keys. RSA is not a software, it is an algorithm. As cryptographer this article hurts my eyes. *sorry*

    • RandomDude

      Also the D-Wave is not a real quantum computer. At this time quantum computing is stil in its early days. The key to “cracking” RSA keys, is the ability to factorize large numbers into primes, current quantum computers have ~5 bits, they can factorize 15 into 5 * 3. However. RSA uses 1024 or 2048 bit keys, so where is the problem for now?

    • RandomDude

      The future threat to RSA will be, that a quantum computer will need close to zero time to find that solution, while “normal” computers with algorithms will take much longer.

    • RandomDude

      i have not mentioned that it takes one day to setup the current quantum computers to “calculate” that 5 * 3 = 15 and another day to read the result (this has recently been improved to much less time).

    • RandomDude

      another thing regarding the ability to generate RSA keys, there a quite a few methods to speed it up. even a mobile can generate RSA keys theese days. if you have to do it on a server, then your code suckz. just my 5 cents.

    • RandomDude

      “We don’t believe NTRU has been broken, so we took their publicly available code and modified it”

      well….now it’s broken for sure.

    MOST RECENT
    Load more ...

    SignUp

    Login

    Newsletter

    Email this story
    Email this story

    If you really want to ban this commenter, please write down the reason:

    If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.