By now Wonketeers are probably aware that the NSA (which stands for No Such Agency) has not only been collecting "metadata" from Verizon for oh, about seven years now, but also that it has been directly accessing servers from Skype, Yahoo, Google, Microsoft, Apple, and Skype in a program called PRISM in a gigantic effort to "Keep America Safe™."
Uh, this is basically completely inaccurate. Yes, essentially all older ciphers and ciphers with keys of, say, 64 bits or shorter should be regarded as badly broken. But properly implemented ciphers in current use with keys of 128 bits or longer are still for the most part secure, even in cases like RC4 which have been partially broken. Problems arise mostly from weaknesses in cryptosystem design, as in, e.g., 128-bit WEP, which can be trivially broken in less than a minute, even though it is effectively using a 104-bit key. But, as we increasingly move to 256-bit keys, and the flaws in existing designs are addressed, "breaking" ciphers in the traditional sense becomes less and less an issue.
Which is why places like NSA increasingly are not going that route. After all, what is the point in trying to break an SSL connection to a Gmail server, when I can just go to Google and tap into the contents after they've been transmitted?
It doesn't take much to imagine how this metadata could be used to pursue whistle blowers.
Uh, this is basically completely inaccurate. Yes, essentially all older ciphers and ciphers with keys of, say, 64 bits or shorter should be regarded as badly broken. But properly implemented ciphers in current use with keys of 128 bits or longer are still for the most part secure, even in cases like RC4 which have been partially broken. Problems arise mostly from weaknesses in cryptosystem design, as in, e.g., 128-bit WEP, which can be trivially broken in less than a minute, even though it is effectively using a 104-bit key. But, as we increasingly move to 256-bit keys, and the flaws in existing designs are addressed, "breaking" ciphers in the traditional sense becomes less and less an issue.
Which is why places like NSA increasingly are not going that route. After all, what is the point in trying to break an SSL connection to a Gmail server, when I can just go to Google and tap into the contents after they've been transmitted?
Someone set us up the bomb!
We will make our time.
We all know there is only one solution for all this, as distasteful as it might be.
We must repeal Obamacare.
For great justice
So certain NSA staffers are being paid to watch porn. How much do these jobs pay?