Trurl

While it is only my speculation of the NSA. But I always picture them being very powerful. I never read all that stuff Snowden released. I listened to some os his book and he says stuff like the NSA nows you personality and how you think just on Internet habits. Most crypto algorithms are open source. I see intelligence agencies having the best of both worlds: if someone invents something they get it and if they invent something we don’t even know it exists.

Quote

The goal is not to destroy RSA and those ciphers that rely on factoring. That would cripple SSL certificates.

You should not send something confidential through HTTPS/SSL. Properly (professionally) made websites hash passwords on client-side in JavaScript HTML Form validation code.. So even if SSL is compromised (e.g. SSL Strip) password is still encoded.

Somebody bothering about security should archive the all data using 7zip with password. It is using AES 256. But it is not allowing to enter IV by user..

Quote

We probably don’t have any encryption the NSA can’t break.

AES has been approved by NSA for encryption of non-classified data, later extended also to classified data. With enough power e.g. supercomputer cluster or botnet with gpu acceleration, or better custom made hardware cluster for 10 bln usd, if there is known IV (init vector), or simply leaved zero by incompetent programmer, not knowing what he or she is doing, or using wrong mode, it is possible to find out password (especially 128 bits long) in some reasonable amount of time. Therefor to decrease of chance of brute-force attack on transmissed data the key is to frequently change IV (randomize?) and transmit it together inside of already encoded packets (or alternative route). If somebody (gov) will intercept transmission in the middle, won't be able so easily use plain brute-force algorithm if IV can be anything having 128, 192 or 256 bits and changing. Ordinary hackers don't have ATM patience nor resources to brute-force pass through the all possible passwords even if they know IV.

Example of what can happen if raw picture is encoded using silly insecure mode is on this website on the right.

https://en.m.wikipedia.org/wiki/Block_cipher

What if authentication through SSL, Sites could not prove they’re who they say.

This post reminds me how much more in crypto I have to learn. But what if the NSA doesn’t have to brute force. Every cipher has public algorithms. What if we thought something was solid and it is just a facade that the math behind it is solid? Seems unlikely; but possible. The British claim to created RSA 7 years earlier. I have read open source ciphers make stronger schemes, but with factoring it may not have a definite pattern, but it doesn’t mean educated guesses can’t defeat it. Brute force may be impossible, but patterns exist in everything. I just think with the knowledge available to the NSA their researchers are ahead of civilian researchers. (Not that I have any knowledge of crypto research.)

I admit I still need to learn about block chains and hashes. With RSA, p and q are in the enciphering and deciphering key. I am taking a given N and factoring it. But as you explained I need to find N from the enciphering and then break the message—where brute force is needed. But the only reason N is available is because it is the public key.

The next step for me is to try and decipher messages with public keys and test to see if it is the true N.

I have some names of ciphers that factoring can’t break. I am not familiar with them. You are right about brute force being useless. But one way functions are hard to make. As long as there is a public key brute force may not be needed.