Is NSA lying about cracking encryption? Sort of


Simon Black thinks NSA is blowing smoke about cracking most encryption on the net because open source encryption is secure. But that’s not the real issue.

I have to tell you, though, I’m deeply suspicious some of the NSA’s assertions.

They seem to be claiming that they have cracked nearly everything, and that they have backdoor access to privacy software. But this is practically impossible.

A lot of encryption software used today is actually ‘open source’. This means that the software code is freely available to anyone.

True, open source encryption software allows anyone to look at the code and most certainly does not have backdoors. And, absolutely, if you use a 4096 bit key, not even a supercomputer can crack it in any reasonable time. Why? Because it’s much harder to divide than multiply. Encryption software uses ginormous prime numbers, often 100 digits long, to calculate encryption keys, multiplying them to get a composite number. To crack the key you need to factor the composite back into the prime numbers. There is no known way to do this in anything less than decades, even with a supercomputer.

What Black misses is that commercial encryption or encryption offered by the highly compromised Microsoft, for example, may well have back doors in it. Plus the keys are on the servers and may only be 256 bit. That means NSA can read the data. Also, the vastly majority of people on the net do not use open source encryption.

2 Responses to Is NSA lying about cracking encryption? Sort of

  1. connecticutman1 Sat, Sep 07, 2013 at 3:25 pm #

    You could make this post even better by actually linking to what you are certain are some good open source encryption goodies for the benefit of those that might be looking and find this post, Bob. Not that I am looking. The government would have to be hell bent on wasting our tax dollars to take the time needed to get into my computer just to sift through pictures of my kids growing up and their saved homework/essays from over the years…

    • Bob Morris Sun, Sep 08, 2013 at 8:39 pm # is open souce pgp. Encrypt on your computer then upload to files to the load. That way the key isn’t on the server. And use at least 2048 bit encryption.