[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 26/06/13 20:59, Martijn Grooten wrote: > On Wed, Jun 26, 2013 at 8:09 PM, bad apple wrote: >> In essence: virtually everything is captured live, sure. But the vast >> majority of it is only decrypted and processed afterwards, depending on >> *insert unknown GCHQ/NSA policies here*. >> >> Hopefully that makes this clearer - at least my take on it. > Sure. That's more or less what I assume to happen as well. > > I'm just curious how you think having the root keys of CAs would help > them decrypt traffic, either in real-time or later on. > > They might have access to the private SSL keys of Facebook, Yahoo, > Google etc. - I agree that would decryption pretty easy. However, it's > good to point out that the encryption Google uses generates a unique > server-side key for each session. So I wouldn't know how they get > around that, other than by having a backdoor installed. > >> PS> Disclaimer - I most definitely don't work for these guys, so >> obviously, this is nothing more than educated musings! > Neither do I, of course. I can't but make some educated guesses about > what we, erm I mean they are doing. :) > > Martijn. > This is where the TLS session ticket renegotiation attacks come in - forward secrecy isn't a magic bullet, and requires that both the servers at Google aren't taking shortcuts and the clients (your shitty browser) are behaving properly. And that your attacker can't arbitrarily setup and tear down MITM attacks anywhere on the traffic route (which they can). So we still have a clear set of steps where the spooks can break even that, without having to have actual backdoors into Google - which I personally presume they do anyway. I don't know how many big companies even provide this by default - Google since ?2011 but I don't know about any others. Google also got a LOT of "legitimate" data requests from the spooks as well of course, I have been guessing all along that these were for session keys/logs, not actual content - the NSA already have all the content and I believe wouldn't trust or want to wait on Google to deliver everything they wanted. So they grab the relevant keys - they already have all the main keys remember - and then decrypt their own complete backups of the relevant data streams from warm or cold storage tiers. Google will be mandated by the spooks to retain exactly the same session keys that theoretically make forward secrecy so tough to crack, but in reality, provide a minor speedbump at best due to this specific technical/legal gotcha. Remember, all these big American companies have been swearing blind that the NSA don't have direct access into their systems and I actually believe this to be "true" in a tortured, exactly defined, mealy-mouthed and strictly legal sense of the word. The spooks don't need direct access, their system is better! Mandatory retention of theoretically ephemeral security data like SSL session keys, CA key escrow and a near complete "tcpdump -w /home/NSA/infinite-storage-array/all-your-data -i internet0" packetlog kind of obviate actually having to bother backdooring anything. Cheers PS: Just before sending this, I saw your replies - luckily we're on the same wavelength, as I'm talking about forward secrecy as well. I see no issue with breaking it completely, when you're the NSA. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq