Hacker News new | past | comments | ask | show | jobs | submit login

#3 doesn't necessarily require breaking RSA, just TLS (via fake certificates or something else). Breaking RSA would be pretty interesting though.



SSL/TLS was broken once by breaking MD5. Now if the NSA can break SHA-1 using its numerous known weaknesses (there's a working attack on SHA-1 with 2^52 operations), they can pull off internet-wide MITMing.

It's safe to assume the NSA can easily do way more than 2 petaflops, and they have an exaflop goal, and that would be enough to run known attacks against DES, factor 1024bit RSA moduli ... and if they can compromise just one root CA (which uses 1024bit RSA) they can issue valid certifications of their own and MITM everyone, and none would be the wiser.

And all of this assuming the NSA relies on publicly known weaknesses in SSL/TLS. The matter of the fact is that they have very smart people with access to unlimited resources researching new vulns and actively exploiting them.


Bill Binney has already stated that the NSA does not even need to break online encryption in most cases, since they already have the key(s) in the first place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: