back to article Tor de farce: NSA fails to decrypt anonymised network

A new round of NSA documents snatched by master blabbermouth Edward Snowden appeared online late on Sunday, revealing spooks' internet security pet hates. The latest dump of PDFs published by Der Spiegel appeared to show what the Five Eyes surveillance buddies – the USA, the UK, Australia, Canada and New Zealand – see as …

Page:

    1. MustyMusgrave
      Facepalm

      Re: Clarification needed

      See Moxie Marlin Spike and thought-crime, when they said we've had a break through at decrypting huge bulks of private traffic what they meant is we've got hold of this long haired hippies work on defeating SSL with Man-in-the-Middle and SSL-Strip and now it's a strippers club with a free for all on Big-Data!

  1. Anonymous Coward
    Anonymous Coward

    Wait a mo.

    "The false positive rate looks low enough to suggest this technique should be carried forward."

    Oh yeah? What exactly is the FPR? If it is 1 in 1000, then a trawl of all 20,000,000 (guestimate) UK adults would yield 20,000 'suspects' by FPR alone. How many 'terrorists' are there in the UK - ignoring those mentored by the security services - 20 maybe? The FPR better be nearer 1 in 1,000,000 for this to be anything other than a total waste of taxpayer funds.

    1. Flocke Kroes Silver badge

      Wasting taxpayer funds is a strategic goal

      You can defend a much bigger budget with a high FPR.

    2. tom dial Silver badge

      Re: Wait a mo.

      The amount of work (by people and probably machines as well) associated with the deanonymising TOR users by a timing attack is far too large to apply to 20,000,000 UK citizens. The technique described requires, in practical terms, GCHQ ownership of the exit node and ability to monitor the entry node. It is worth noting that exit node ownership exposes any unencrypted exit traffic as well, without a need to infer from correlation of TOR entry/exit timing.

      1. Mark 85

        Re: Wait a mo.

        Well... maybe they "own" one or two.

        I'll get my tin foil hat and go quietly. Except... that it's possible.

    3. Anonymous Coward
      Anonymous Coward

      Re: Wait a mo.

      The FPR better be nearer 1 in 1,000,000 for this to be anything other than a total waste of taxpayer funds.

      It needs to be better than that really. The problem with this is that is trying to find a very low occurrence event really compounds the even amazingly low false positive / false negatives.

      Also, its going to be pretty hard to baseline the accuracy here as we dont really know how many terrorists there are in the first place.

  2. scrubber
    Mushroom

    Wtf?

    Why is a service I pay for (govt.) Spending my money to see what I do online rather than spending money to ensure other people/countries can't see what I do online?

    1. Flocke Kroes Silver badge

      Who is the biggest danger to an MP?

      1) A guy with a gun in Afghanistan.

      2) A comentard in the UK.

  3. Wzrd1 Silver badge

    I've said something before, which was ignored, but resulted in some personal discomfort...

    So, I will say only this.

    The NSA uses AES.

    Need I say more?

    OK, the *rest* of the US DoD uses AES.

    1. Paul Crawford Silver badge

      Re: I've said something before, which was ignored, but resulted in some personal discomfort...

      The AES was the subject of a public competition with various cryptographers around the world studying the choices and weeding out obvious weaknesses, which is how it should be and leads to a strong and trustworthy standard.

      That is not the same as saying the NSA, etc, might find a non-obvious (by global expert standards) weakness that speeds brute-forcing by some useful amount, nor that they might not have spent a small country's GDP on dedicated brute-forcing hardware to attack real high-value messages.

      Nor is it the same as saying an implementation using the AES has not screwed up on not leaking the key, etc.

      But its a damn sight better than the Dual Elliptic Curve Deterministic Random Bit Generator where the NSA basically wrote the spec with known-to-them weaknesses!

  4. Tail Up

    Fireworks were unexpected (-:

    Took my 10 minutes from the Uber Reg to correct the initial thought :-) the better XD

    В текущей (2015 н.э) парадигме практически все современное "гражданское" произошло от когда-то военного. Мы едим консервы, банки которых сделаны на снарядных заводах. Мы считаем интернет ноосферой Вернадского, несмотря на то, что когда-то его спонсировали военные Никсона. Мы смотрим дальше, чем могут себе представить иные бюрократы, и смотрим примерно так же далеко (-; как делают это телескописты Птенцов Гнезда Феникса. Не будем критиковать уровни, рекомендованные при принятии государственных бюджетов. В них не может быть заложено никаких определений реальной динамики в силу секретности отдельных статей формирования доходов, порой превышающих бюджет государства на текущий год.

    Традиционалисты (conventionalists) в области генерации убеждений уже имеют возможности оценивать перспективы неконвенциональных средств убеждения. Во-первых + во-вторых, имеется возможность обозначить анахронизм противостояния моря и суши как не имеющий питания в век мгновенного доступа к информации. Море теперь так же желанно для суши, как и ранее суша была желанна для моря, и благодаря новейшим средствам связи они взаимно понимают, что являются равноинтересными объектами. Для блага продолжения описания и изучения моря, суши и того, что вокруг, они могли бы принять текущую данность как догму, поскольку они - догматики, или иначе, если они в потенциале смогли бы освободиться от догматического диктата.

    Wish you Happy New Year. Fireworks are blowing up just above my yard!

    http://youtu.be/mfPd_JWHPQo

    1. Anonymous Coward
      Anonymous Coward

      Re: Fireworks were unexpected (-:

      39 words, says Watson.

  5. Anonymous Coward
    Anonymous Coward

    Am I the only one?

    Am I the only one who's freaking out about SSH possibly being compromised on New Year's eve?

  6. Anonymous Coward
    Anonymous Coward

    Gullible

    That's what most people are who believe information disseminated as secret reports by a self-serving rogue.

    1. Anonymous Coward
      Big Brother

      Re: Gullible

      If this self-serving rouge is Snowdon, how did he benefit?

      Was he being naive or a ill thought out plan that got him hunted across the planet? Was he after money & fame?

      He's now in Russia with his every move monitored...

      1. MustyMusgrave
        Devil

        Re: Gullible

        Yeah monitor that Kiddy, dont let him near our secret strap-on stuff he might pull out his thumb drive and tell the world, we're stealing there browsing experiance and handing it to the state along with spying on lawyers, spying on judges, spying on the legal profession in so many differant countries, wait a minute what do you mean theres a telecommunications GATS treaty, nobody told us... We're just doing what every other nation does.. It's all in accordance with strict legal guidelines and in accordance with erm.. Wait a minute what do you mean the EU is scraping US safe habor rights, they cant do that, god damn them we'll spy on them all with Reign! Oh LOLOLOLOLOLOL lets all trolololol the documents on IC off the record... Internet Consortium, hollywood, big buisness, big data, just waiting for the spoof movie to come out poking fun at all of it!

        You'll do what we say, because we're the NSA, if you dont we'll render you with the CIA!

        1. MustyMusgrave
          Angel

          Re: Gullible

          You can just imagine them screaming "thats not how we operate" yeah, target those sysadmins, target those providers, suck it all up.. It makes no differance because the hackers have always and will always be one step ahead of some texan billionare and his oil fueled chum's. Illuminati, they dont exist, oh wait is your next presidential candidate a free-mason, do the stars and stripes depict a hebrew star of david, is that the masonic eye on the 1 dollar bill? Wasnt it 9 free masons who signed the declaration of independance and isnt the OS that's now fucking everybody called Plan-9 from outer space? Formerly known as Plan-B from Bell-Laboratories.

          TAO - tailored access operations, conducted in secret by the Jewish free-mason's fraternity, no it doesnt happen, oh yes it DOES! Strap-that-On! Co-intel Pro never ceased it's operations after Nixon, they just changed the name... to preserve the holy C and the "Federal reserve!"

          1. MustyMusgrave

            Re: Gullible

            Look on the bright side, when they finally run out of fossil fuels, we can eat the rich people and rape there children all night and all day... the price was worth it!

            Nay, we'll keep it quiet, how fracking is leveling off, oil production is falling down, spy on the masses for they must be controlled in the interests of the Bildenburg Group and its exclusive members.. Whom include Microsoft, Apple & Google.. <sigh> I think history has a good lesson for all, emperor Nero watched Rome Burn!

            1. Anonymous Coward
              Anonymous Coward

              Re: Gullible

              All hail ozzy!

              https://www.youtube.com/watch?v=7TIdWKa3f9c

  7. Anonymous Coward
    Anonymous Coward

    How About?

    or even better how about a little Gold Dust!

    https://www.youtube.com/watch?v=IXDVqCP7Crg

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like