As of 2012, there are still some email and chat tools that have not been cracked by the NSA. For example, NSAs face "significant problems" when tracking users across the entire Tor network, and there are significant difficulties in cracking emails that are heavily encrypted by email provider Zoho.
In addition, when users use the open source disk encryption program TrueCrypt to encrypt data, NSA will face similar cracking difficulties. However, TrueCrypt was closed earlier this year. PGP encryption tools and OTR chat encryption will also bring difficulties to the NSA, so all the information does not appear in the system, just shows one: "This PGP encryption information can not be cracked."
But not all services are so lucky. In fact, tracking files on a normal network is a breeze for the NSA, and encrypted mail sent via the Russian email service Mail.ru is relatively easy to crack. In addition, virtual private networks (VPNs) do not provide much protection for users: the file shows that NSA is developing a technology that can monitor 20,000 VPN connections per hour.
Perhaps the most alarming thing is that the NSA seems to have completely bypassed the HTTPS system, a secure connection between the website and the browser. At the end of 2012, the agency could intercept about 10 million HTTP connections per day.
https://www.topvpnguides.com/best-vpn-for-android/
https://www.topvpnguides.com/best-vpn-for-netflix/
https://www.topvpnguides.com/best-vpn-for-torrenting/
However, PGP and Tor users are not absolutely secure. Law enforcement has used a variety of techniques to successfully attack Tor. In addition, even the most advanced encryption tools can't escape the infection of native malware. The 2012 document also shows that NSAs struggle to crack the AES encryption standard – one of the most widely used standards in the encryption industry. However, industry insiders worry that the NSA has successfully cracked this standard through two years of efforts.
For security personnel, this result is mixed. Many of the cracked standards have been recognized as flaws, so the news that HTTPS was cracked is worthy of caution, but it is not surprising. At the same time, users of tools such as PGP or Tor should be relieved.
But researchers should be aware that although they once thought that encryption tools made it a victory in the encryption war, the actual result was not the case.
No comments:
Post a Comment