Phone Taps And Prevalency In Australia

[Tom]

I understand what you're saying, but it's effectively impossible to crack good encryption.

I have been in the IT industry for over 10 years and heard that claim many times and up to now it has been proven totally wrong every time, encryption is only a deterrent and not a cure. What can be done with one computer can be undone by another and the super encryption/decryption software used today by the CIA, DEA, NASA, etc, is probably already available for download somewhere.

 

There is no such thing as total security on the internet and never will be and as several members have already stated, your security on any internet site is you own responsibility and no one else’s, Oz has done everything within reason to secure this site, personal security is up to those that choose to visit as is normally the case on the internet.

[pipeman]

Well there is now an SSL Option at the top of the page so obviously Oz is working on it.

[Medicalman]

Good info there Niall. I think the NSA is way further ahead than anyone thinks. NASA publicly admits to their newest supercomputer operating at a sustained 1228 gigaflops per second. I'd bet large amounts of $$ that the NSA possesses multiple computers capable of far exceeding that processing power. Heck, setiathome reports over 63 Teraflops per second over the last 24 hour period just from "civilians" who volunteer their PC downtime to the project.

setiathome stats.

 

Im pretty sure that the most advanced agency in the US, that is reported to possess more computational power than all other agencies combined (including NASA) can outdo that performance quite easily, likely through their multiple hypercomputers combined with their distributed networks and access to literally multiple millions of government owned pc's. But I agree with you, a brute force attack against such large keys isnt likely. I still think it's possible, but not practical. I think I remember randomness and probability having a significant effect on the overall results. Like starting 10 or 100 different computers on the key all at different points in the process. The chances of randomly coming across the solution early in the process increase with every different computer working on every different number sequence starting point. The maths for that are way way beyond me, but I saw something about it at the MIT museum in Boston.

 

But I wouldn't count out the NSA just based on that. It is arguably the most powerful agency in the world and operates with the least amount of informed oversight. They dont face normal govt payroll restrictions. They flat out will outbid anyone for the services of mathemeticians, theorists, computer scientists, etc if they want them. They also recruit their crackers directly from federal prisons. No pesky pardons or court orders needed. They just go get em. NSA is able to commit otherwise illegal acts under the blanket of national security and that aspect has been strengthened even more under the Patriot Acts and such. Cracking an encryption program's source code and inserting their own backdoor to be downloaded during "product updates" is not beyond their reach, as is outright threatening and/or "security sanctions" of program designers. I mean, its all for the good of the country, right?

 

Best

MM

[Guest niall]

I understand what you're saying, but it's effectively impossible to crack good encryption.

I have been in the IT industry for over 10 years and heard that claim many times and up to now it has been proven totally wrong every time, encryption is only a deterrent and not a cure. What can be done with one computer can be undone by another and the super encryption/decryption software used today by the CIA, DEA, NASA, etc, is probably already available for download somewhere.

There is no such thing as total security on the internet and never will be and as several members have already stated, your security on any internet site is you own responsibility and no one else’s

Note I said *effectively*. Of course nothing is 100% secure forever, the point is that Public Key Cryptography, when used properly and at high key sizes, cannot currently be cracked by mankind. Just because it may be cracked at some indeterminate point in the future doesn't mean that it's not useful *now*, *today*. It will remain useful long enough for the investment to pay for itself, and that's all we really need isn't it. Global banking is happy with 128bit SSL encryption, why aren't we?

 

Every encryption scheme will eventually be cracked, this is a no-brainer. The trick is in staying ahead, having as many layers of security as you can. Nothing you've said really disputes this, I think you misunderstand the reality of the topic. Encryption is as much about discouraging as it is about obfuscating. Even a cracked encryption algorithm has some use if 99% of the population doesn't have access to the equipment and knowledge to capture and decrypt a message. Think of cordless phones. The old analogue phones can be picked up by anyone with a scanner, it's just an RF signal. To intercept "digital" phones requires more than a few cheap products, and if the signal is complex or incorporates even basic encryption it's simply beyond the capability of the vast majority of people (until someone markets an illegal appliance to do the work for you).

 

Encrypting the world's email, even with weak, crackable encryption, increases the effort required to intercept and read this email *significantly*. This is nothing to be sneezed at.

 

Oz has done everything within reason to secure this site, personal security is up to those that choose to visit as is normally the case on the internet.

 

Note Tom said *within reason* and *this site*. I agree, but you're dodging the real issue here or you simply don't understand. Of course personal security is up to the user, of course Oz should secure his website, but we're not actually talking about either of these things

 

What I, and others, have suggested is that Oz takes on additional responsibility to safeguard this website's members. It can be done. It's not hard and it's not expensive.

 

Not only is it a nice gesture, showing that he cares not just about his own security but the well-being and security of his website's members, it's just common sense given our topic.

 

Why would you *not* do it?

[Guest niall]

Well there is now an SSL Option at the top of the page so obviously Oz is working on it.

And it seems to work so I am ECSTATIC! ::

 

Everyone should update their bookmarks, everyone with an SSL capable browser should use this, hell an ANNOUNCEMENT should be made!

 

...coombayah my lord, coombayah...

[Guest]

Shit. That was dead easy. One click and then I signed in again. Looks the same except the SSL link has gone and a Non SSL link has appeared on the left side. Now I'm just waiting to see if anything goes wrong. I just got a security certificate. Never understood what the fuck those things are trying to say. I just click them away. Fuck. There's another. And another. Am I going to get these dicky pop ups every time I change the page? Yep, looks like it. How do I banish these fuckers. Is there a spell? Edited April 11, 2004 by Chong

[Guest niall]

Shit. That was dead easy. One click and then I signed in again. Looks the same except the SSL link has gone and a Non SSL link has appeared on the left side. Now I'm just waiting to see if anything goes wrong. I just got a security certificate. Never understood what the fuck those things are trying to say. I just click them away. Fuck. There's another. And another. Am I going to get these dicky pop ups every time I change the page? Yep, looks like it. How do I banish these fuckers. Is there a spell?

Looks like SSL isn't quite working yet, the Invision menu seems to be "disabled".

Not sure what you're seeing with those security certificates but you need to accept it permanently, that'll prevent it from popping up ever again. Looks like we're still a ways off yet on SSl though

[Guest FLOWER]

Shit. That was dead easy. One click and then I signed in again. Looks the same except the SSL link has gone and a Non SSL link has appeared on the left side. Now I'm just waiting to see if anything goes wrong. I just got a security certificate. Never understood what the fuck those things are trying to say. I just click them away. Fuck. There's another. And another. Am I going to get these dicky pop ups every time I change the page? Yep, looks like it. How do I banish these fuckers. Is there a spell?

Looks like SSL isn't quite working yet, the Invision menu seems to be "disabled".

Not sure what you're seeing with those security certificates but you need to accept it permanently, that'll prevent it from popping up ever again. Looks like we're still a ways off yet on SSl though

Mmmmm well i don't get any pop-ups, but i haven't been able to log in under SSL

 

I guess there are a few bugs, but at least it's comin .

 

Good on ya Oz.

 

FLOWER

[Luke Skywalker]

My only problem appeared to be the images posted were bringing up a "There are secure and non-secure items on this page, do you want to display the non-secure ones?" and that came up on every page.

 

As flower has said, there's bound to be bugs in such things, and I'm sure these things will be sorted in time.