True enough, but the NSA recruits the best and brightest. Some are even cultivated as early as high school.
Classified is classified. A discovery that big would surely be protected by enough threat of prison that they would sit on it as long as necessary. GCHQ employees at Bletchley Park (including Alan Turing) built the first programmable computer, called Colossus, during WWII for the purpose of attacking Enigma. This was significantly prior to the building of ENIAC (1946), but the latter is still widely recognized as the first programmable computer. Another mathematician (James Ellis), also employed by GCHQ, invented public-key cryptography almost ten years before Whitfield Diffie and Martin Hellman came up with it in the private sector. This was, at the time, also the biggest thing since Euler, and it was kept secret until several years following the public unveiling of Diffie-Hellman PKE (this is detailed in The Code Book. A very good read, as sailor has already pointed out). The magic words here are “National Security” and I’m almost certain the people employed at NSA will sit on anything they’re told to.
True as well. It’s much easier to crack a person than to crack good encryption. It’s almost always easier to circumvent the crypto, rather than tackle it head-on. People can be tortured, bribed, or careless, until they give up either the data, the key, their mother’s maiden name, etc. Cameras can be planted to watch your keyboard and monitor. Your hard drive can be swiped, mirrored, and replaced and you’ll never know the difference. Your computer can be monitored with TEMPEST without even entering. Wetware is always the weak link in the security chain.
I meant, of course, to say that they were never allowed to reveal their invention, for security reasons. All plans, parts, and working models were destroyed, and it was not even announced until many years later.
Working in Intelligence means not gaining public recognition for your discoveries until long after your death, in many cases. They know this going in. But on the other hand, they have the recognition of their coworkers, which can be even better, if you know you’re surrounded by the best of the best.
kgriffey79 says:
I was just wondering, what do they mean by 1024 bit encryption???
The key which is basically the password is a number so big and accurate they need 1024 bits to represent it.
Chronos says:
Of course, they do have other ways to bypass the encryption, without actually cracking it. One of the more imaginative methods proposed is to attempt to crack the random number generator used to create the keys, rather than the keys themselves. Unless you’re using thermal noise or a lava lamp or some such to produce your random numbers, the NSA can probably use such methods to read your mail.
The PGP implementations I have used do try to use some random processes like time between keystrokes and mouse movements to get better random numbers. This sort of attack has been known for quite some time and PGP does a pretty good job of defeating this.
Early versions of netscape for unix and maybe PCs generated random numbers for Secure Socket Link web stuff using Process ID number and time of day to seed the random number generator. Both of these are not very secrete numbers especially time of day so the number of key to search gets cut down to a very manageable number. I believe that this problem has been address in even not so recent versions of netscape.
It depends on what kind of encryption you mean. Normally when you hear “1024” (or more) bit encryption, you’re talking about public key cryptography, like RSA or Diffie-Hellman. Basically it means you are using a 1024-bit modulus in the calculations. The modulus is P*Q in the quote below, from this site (which is a VERY useful one on the subject):