Encryption and Security Agencies - Computerphile

These Computerfile vids are highly addictive :-) Thanks for producing these.

Brilliant! love it! :D
Well, I was always told, "It's impossible to prevent someone stealing something, you can just make is economically too much trouble or take too much time" anyhow.

This actually plinged like a message on my cellphone through the UA-cam app. "Computerphile has uploaded a new video"

True. There are always trade offs. The NSA can still use traffic analysis on you also. (And, of course, there are always thumb-screws if they really want to get the information from you.)

It would be really interesting to know how TOR works. Especially as the FBI recently managed to kill one of the biggest sites using it, Silk Road.

Nice one. Would love more on what we think NSA is capable of. Additionally, it would probably be beneficial to touch on the "surveillance" that social media and other private companies do. Usually we think of this as "analytics" or "experience tracking," but it is (I think) a more salient threat than nsa (not to mention I can't really do shit about nsa, though I can choose which social media I use).

This reminds me that I spent lots of time on learning how to make openssl exclude all the vulnerable ciphers... not to mention I actually had to find out which of the ciphers are not vulnerable yet...

Yes, this is called a brute-force attack and all practical encryption algorithms make the problem space so large that it is impractical to search it in a brute-force fashion. The breakthrough of quantum computers and quantum cryptanalytic algorithms is is that they (simplifying here) explore pretty much every possible state of the system in parallel rather than in sequence.

(Hopefully) constructive feedback; I understand a static face-centered shot would get boring so off-center and movement helps with that, but when his face was being cut off by the edge of the screen I found it distracting enough to pull my mind away from the line of thought.
Useful topic (and interesting as always), thanks for covering it!

The article (pause playback to see the URL) states that
The New York Times alleges that the NSA may have intentionally introduced a flaw into the algorithm known as Dual Elliptic Curve Deterministic Random Bit Generation, and then [got] it adopted as a security standard by the US National Institute of Standards and Technology (NIST).
Cryptographers suggest avoiding elliptic-key algorithms for now. Fortunately there are good established alternatives.

No, I think it's better than that. Chaos is not the same as pseudo-randomness. What they did was add very loud chaos to a small real signal (they used an audio message as the signal). This chaos could be reproduced by a receiver if it were driven by the transmitter, in some clever way I won't to go into here. The receiver could then subtract the loud chaos from the composite signal and get a fairly clean real signal out of it (there was a tiny amount of distortion).

That would be something I'd be curious about, they have an example of RSA on Numberphile, but there are other (much stronger) systems out there.

A feature that lets you find/use YOUR OWN computer over the internet is not a backdoor. Also, you can simply leave it turned off if you're afraid someone else could get in. It's possible that some operating system has an NSA backdoor, but the presence of an anti-theft feature is absolutely no proof. Just like the presence of an integrated lock on a bicycle isn't proof that anyone has a skeleton key for these locks.

If you need some really really tough security, get Tor. That's pretty much as good as it gets when it comes to internet security.

The NSF has a quantum computer (the D-Wave 1), so I doubt VERY much that the NSA doesn't AT LEAST have priority access to that one.
I absolutely expect that they've bought their own.
Granted, the D-Wave isn't the complete fulfillment of Feynman's idea, but it does count as a quantum computer.

Yeah I didn't mean to imply they own the company; I was simply referring to the specific machine they own and couldn't be bothered to look up what the model is called. I wouldn't call it a quantum computer either, but had too few characters left to get into that argument :)

LOVE this channel

Great video but could you next time emphasize more on what kinds of encrypt ions there are and which ones are most likely to have holes for the NSA?

There's a whole list of things I wouldn't want to NSA looking at. Some of my AutoCAD stuff, I design things for fun. But if I ever wanted to patent on, I've then got to deal with the fact that some of these companies who are being trusted with my information might opt to use it for themselves. This has happened a few times, watch the news.. Then again, I tend not to store that sort of information on a network-accessible system anyway..

The trick is, if the noise produced by the encryption is random enough, in theory you could get an infinite number of false messages in addition to the real one. This means that even supercomputers aren't always going to crack these codes. There could be an instance of encryption that can be exploited just by running an algorithm through a powerful enough computer, but not always.

currently learning this in college!

In addition, if it was a small number, it would be difficult or impossible to tell if you had successfully decrypted it. There would probably be several solutions that appeared to be correct.

For a more technical explanation of the general scientific view on this "quantum computer", also search for "what can the D-wave quantum computer do? stackexchange" on the web.

I really like this guy, more of him, please!

i think it is highly likely that the NSA has a fully functional quantum computer at this point or else they would not be comfortable with leaking the information they have leaked so far.

I think the NSA didn't break the algorithm yet, the fact that they ask the TrueCrypt Foundation for a backdoor and the they wouldn't do that just to conceal the fact that they already broke the code.
BTW TrueCrypt wrote that on their site in the faq section.

Steve Gibson talked about this for a long time on security now

"Use open source implantations."
Yeah, probably the only thing you can do if you don't wanna build your own hardware and then write your own software. Sadly, some Linux distros can have backdoors too. SELinux is NSA code, as well as LSM. There's several discussions on Reddit about e.g. how secure gcc really is
FLOSS is the most secure way to avoid backdoors in the OS, but you still have your ISP spying on you. 2048- or 4096 bit VPN from a secure VPN provider should solve that problem though.

But you'd have to consider the time it'd take to get the key and if it's a small number than it either, one doesn't matter as much, two, the key gets changed often, three the key will be useless by the time you crack the encryption.
Brute force attacks like these are usually very inefficient from a time/result stand of point, unless it's very very important, you'd never go for this.

Was a very similar video made with James on Numberphile quite some time ago? Or am I confused?

I would have to assume that once quantum computers become available, they will also make possible new quantum encryption schemes that would protect against quantum hackers just as well as binary schemes work against binary hackers...

Want to get around the NSA. Log in to a Korean MMO with your friends and use a chat channel there. It's so simple.

I'm crossing my fingers for quantum encryption to land in my doorstep. May the computers gods gift me with this power

Well I guess he could. He would have to know that you are sending a small number, and he wouldn't be able to use that information to break any other message you send, because he would not learn anything about secret key. Also usually any new message gets new encryption keys generated just for that message.

Maybe you could use it to search for signs of intelligent form of life among the youtube comments.

Been there, done that. My SIYTI (Search for intrayoutubial intelligence) program misserably failed...

Ladar Levinson explains why he shut down lavabit

Scary. From now on I'll sign my comments in computerphile with comment[comment.length].value=comment.length+"th"

Open source software is better in this respect, cause the probability that NSA or somebody else put their backdoor in open code and nobody discovered it for many years is much lower. At least this applies to software with considerable userbase that is audited often. Most GNU/Linux can be treated as "probably secure until otherwise proven", but people that use proprietary OS like OSX or Windows are basically at the mercy of the corporations that develop them.

Public key distribution, trust and certification authorities would have been an important topic to bring up in this context. After all, I believe this is the main way to attack public key cryptography from all kinds of parties.

If you want to securely transmit messages over the Internet, use a one-time pad. The NSA can't decrypt that.

Did Richard just send a message to someone using that QR on the cup?

Extreme good video

What about the possible quantum computer, D-wave? Could that be used to break the encryption? I keep hearing everywhere that quantum computing will be the end of this kind of encryption.

You can't use a one-time pad to communicate with a stranger over the Internet. You gotta meet beforehand to transfer the OTP.

Wouldn't quantum entangled entropy sources (which will give the same random numbers) work for strong encryption if you used them to generate one time pads?

You can have my passwords and ID too if you like. I must warn you that you will be in a considerable amount of debt if you do so.

If I were to encrypt a small number with a public key, couldn't a spy just evaluate all the possible encryptions in the range and try to find the same encryption as the one sent out of my computer and thus find out the original unencrypted value (as the spy knows which number results in the same encryption)?

well no because exit nodes will be able to read any packets entering or leaving and identify your actual i.p. freenet is the best method for browsing the internet without leaving a trace.

On the same subject: Steganography .. it would be nice.

Interesting, he gave an example where he doesn't require strong encryption and would be OK with the NSA knowing what he's doing. But even though he mentioned that there are times when he does require strong encryption, he didn't give any examples. What is this guy up to?

NSA = No Secret Allowed

Take a look at the wikipage for D-Wave Systems and scroll down to the section "History of controversy". Trust me, it's not as impressive as they would have you believe. There's even (scientific) skepticism about whether or not it is *really* a quantum computer.

Your comment does not appear to be related to mine in any way...

Also, you either use encryption 100% of the time or never, using it selectively creates security problems.

Could you do a video on hashing algorithms and rainbow tables.

This is how Bitcoin works. Hey Computerphile, please do a video about Bitcoin! It's a fascinating protocol!

Why would you want to protect yourself against the hackers? it's not the hackers fault that there are serious security holes in some software. I would rather say you want to give the hackers some credit for actually finding the errors.

Wow, those are strong glasses.

I have quantum computer fully dedicated to commenting on youtube.

Yay computerphile!

or you know, you could just not use the built in number generator, and perhaps use actual real random noise instead of a pseudo-random number generator

Even if it was a video of him flicking snot at a wall, it's non of anyone's business.

Wait, Robin! It might a trap... of slippery slop logic!

I think that you need to make video about from sand to processor.

Nope, with a properly designed encryption scheme (e.g. RSA), this attack would not work. Before your small number is encrypted, the message would be padded with random data that the spy doesn't know.

So I take from this video that as long as the NSA hires the best people, they can hack around anything else that someone can create.

D-Wave Systems quantum computers... Anyone? D-Wave is commercial and has several contracts with US Organization i.e. Google, Lockheed Martin and NASA. Cheers

I really find it hard to understand some of the word he us saying even in high volume, maybe use a better microphone or get it closer ?

More Cryptography videos! :D

People surely watched Brady's video on 'first' people right??

What's in his left (right for him) eye?

Ladar Levison Explains Why He Shut Down Lavabit: Triangulation 125

Hah! It takes about 30 seconds of reading to discover that it is a toy and they're not even sure it is a quantum computer or hype. Good job.

brute force is used a lot today to break encrypted passwords using graphics card processors

Wow, Right when I wake up in the morning

Dwave is not owned by google and is technically not a Quantum computer.

Why not talk about the maths involved in computer science.

I want to go to the University of Nottingham, but I'm not British. DAMNIT. WHY DO I HAVE TO BE CANADIAN. WHY. I dont even get to be half-British for the accent either.

Because they have ridiculous amounts of money and they are interested in the possible technology?
Did I really need to answer that for you?

YES! Finally! :D

who knows maybe the Dwave 2 can already calculate the keys :)

More like this

Sounds like using a PRNG as a OTP...

When you poop you're not doing anything wrong, but would you like me to record you doing it and broadcast it to the world? How about we put a camera in every bathroom everywhere, build a little database, and allow everyone to live stream the video whenever they want to? Would you like that? Oh, we could do the same thing in every bedroom everywhere.

periodic videos

I like this

Long live Torvalds!

thats what I call timing

right...

So the math is strong but the flesh is weak.

same

If he had black hair, he would look like Adam Sandler.

the nsa are really interested in this guy's body...

Maybe

that is the point, its none of your business....

"use an open-source implementation" that's all you need to know to be 99% sure you are using an unflawed system. But how am I suppose to do so since Computerphile videos are not HTML5 compatible and force me to use a proprietary plugin ? There's a small chance that a huge amount of open-source bytes could host a malware, but it's quite sure that only a few proprietary bytes could do so. So first things first : let'sget rid of all proprietary software (and ideally hardware) on our machines !

The atacker would have to know, that you are encrypting a small number in the first place. You can also encrypt this "my small number is: #### + randomly generated mess #&&@~ˇ^"

Naked selfies.

Yeah NSA could have quantum computer. They r secret gov org.