NSA surprises, not?

NSA surprises, not?

SIGS Special Event 2015 @ Zurich

3ef4e5cd368d1f7089deed74d1388e16?s=128

JP Aumasson

April 01, 2015
Tweet

Transcript

  1. 1.
  2. 7.
  3. 9.
  4. 11.
  5. 12.
  6. 13.
  7. 14.

    Key theft Passive and active collection (Exploit devices holding keys,

    etc.) Static secrets for VPNs (IPsec PSKs, SSH usernames/pwds, etc.) Private keys of CA certs (TLS interception) SIM cards’ subscriber keys
  8. 15.
  9. 16.
  10. 22.
  11. 25.

    “According to another top official also involved with the program,

    the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US.” James Bamford, March 2012 http://www.wired.com/2012/03/ff_nsadatacenter/all/1
  12. 28.

    AES

  13. 30.
  14. 36.

    RC4

  15. 38.
  16. 40.

    RSA

  17. 42.
  18. 43.
  19. 44.

    Assumption No major algorithmic advance (In particular, no polytime algorithm)

    But 1024-bit factoring may be doable (For high-value targets, when other methods failed)
  20. 47.
  21. 48.
  22. 50.

    Tor

  23. 52.
  24. 55.