PRISM && Excited Guardianista
Peter Fairbrother
zenadsl6186 at zen.co.uk
Wed Jun 12 16:56:34 BST 2013
On 12/06/13 11:17, James Firth wrote:
> Bending the discussion a bit to crypto, I've seen questions on my Twitter
> stream about Kasper's talk at OrgCon this weekend. Slides:
> http://www.openrightsgroup.org/assets/files/pdfs/presentations/How_to_wireta
> p_the_Cloud_without_anybody_noticing_ORGcon_8.6.2013.pdf
>
> Specifically on slide 16, NSA capability to collect all cross-border
> traffic.
I don't know for sure that GCHQ can do the same, but it would be lawful
if a warrant to do it has been issued by the Foreign Secretary - and as
historically, GCHQ are known to have tapped all telephone traffic
entering of leaving the UK, so I imagine nowadays they actually do
intercept almost all internet traffic entering or leaving the UK.
Quite how much of it they look at is another question, but I imagine
they can look at anything they please.
There are a couple of hints about that in RIPA, especially section 16.
> And slide 17 "(FISA §1881a) reaches inside the SSL!"
I think Caspar is saying that US law can require IPSs, websites like
Google, Facebook etc, the Banks, Cloud providers, and anyone else, to
assist in decrypting SSL traffic. Which it can.
In other words, the websites, banks and clouds could be required to give
out plaintext anyway, so the use of SSL wouldn't achieve much.
> I suspect Kasper may have been referring to PRISM collection *bypassing*
> SSL, however does anyone have a feeling on whether FISA could be used to
> compel a CSP to hand-over private SSL keys to be able to decrypt this
> cross-border traffic?
It could.
However the Websites, Banks and Clouds would raise a stink about giving
up their master SSL certificate keys, as they are also used to identify
the websites, banks and clouds to USPersons.
Instead they might prefer to give up SSL session keys, and/or forward
secrecy data.
They might use a different certificate for nonUSPerson traffic, and give
NSA that private key.
> Also I remember late in 2011 Google started using forward secrecy:
> http://googleonlinesecurity.blogspot.co.uk/2011/11/protecting-data-for-long-
> term-with.html
>
> FS would, in theory at least, make knowledge of the private key somewhat
> moot.
>
> Or would it?
It should to some extent, if Google create the FS secrets randomly,
don't give them out, and destroy them as soon as they have been used.
However as an example, Google could/would in any case keep a note of the
time and sender's IP and what they searched for anyway, plus which links
were clicked, which data could be demanded - so in reality FS doesn't do
all that much.
> Knowledge of the system architecture, being able to watch the secondary key
> exchange, and the possibility - likelihood - of the NSA having custom kit
> (D-wave quantum computer, anyone?) opens the possibility that sessions can
> be decoded with workable overhead.
I think it possible that NSA have the capability to break 1kbit RSA, if
only at a rate of a few keys per week - but after a few weeks they would
have keys to about 99% of the web's non-FS SSL traffic.
If they can do that then most likely they can also break FS 1kbit DH,
again at a few primes per week, but as SSL only uses a few primes.
A D-Wave machine wouldn't help though, it's the wrong kind of Quantum
Computer (if it is a QC - it seems to be, but I'm not entirely sure) and
doesn't seem to give much if any speedup over classical computers anyway.
-- Peter Fairbrother
More information about the ukcrypto
mailing list