Jump to content
IGNORED

Sinovi kineskog zmaja


Lord Protector

Recommended Posts

Posted (edited)
46 minutes ago, Venom said:

 

Jacim kriptografskim protokolima 😁. Kinezi ce da izmisle sopstvenu enkripciju jer je tajnost protokola kljuc sigurnosti 😁.

 

Nije tajnost protokola već u slabljenju protokola i ugrađivanju backdoora u hardver i softver

 

Dovoljno je da ugrade prefabrikovan generator slučajnih brojeva možeš da se oprostiš od sigurnosti protokola (vidi dole pod Dual_EC_DRBG )

 

Quote

The NSA encourages the manufacturers of security technology to disclose backdoors to their products or encryption keys so that they may access the encrypted data.[9] However, fearing widespread adoption of encryption, the NSA set out to stealthily influence and weaken encryption standards and obtain master keys—either by agreement, by force of law, or by computer network exploitation (hacking).[5]

According to a Bullrun briefing document, the agency had successfully infiltrated both the Secure Sockets Layer as well as virtual private network (VPN).[1][2] The New York Times reported that: "But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government's nuclear department and another's Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300."[5]

As part of Bullrun, NSA has also been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets".[10] The New York Times has reported that the random number generator Dual_EC_DRBG contains a back door, which would allow the NSA to break encryption keys generated by the random number generator.[11] Even though this random number generator was known to be insecure and slow soon after the standard was published, and a potential NSA kleptographic backdoor was found in 2007 while alternative random number generators without these flaws were certified and widely available, RSA Security continued using Dual_EC_DRBG in the company's BSAFE toolkit and Data Protection Manager until September 2013. While RSA Security has denied knowingly inserting a backdoor into BSAFE, it has not yet given an explanation for the continued usage of Dual_EC_DRBG after its flaws became apparent in 2006 and 2007.[12] It was reported on December 20, 2013 that RSA had accepted a payment of $10 million from the NSA to set the random number generator as the default.[13][14] Leaked NSA documents state that their effort was “a challenge in finesse” and that “Eventually, N.S.A. became the sole editor” of the standard.[5]

 

The N.S.A.'s Sigint Enabling Project is a $250 million-a-year program that works with Internet companies to weaken privacy by inserting back doors into encryption products. This excerpt from a 2013 budget proposal outlines some methods the agency uses to undermine encryption used by the public:

 

budget1.png

 

Edited by slow
Posted

Australija je pre neki dan donela zakon po kojem mogu da zahtevaju od bilo koga da modifikuju software i zaobidju enkripciju. Npr. i od Huaweia; sto isto mogu da urade svi ostali.

Posted (edited)
23 minutes ago, Venom said:

Australija je pre neki dan donela zakon po kojem mogu da zahtevaju od bilo koga da modifikuju software i zaobidju enkripciju. Npr. i od Huaweia; sto isto mogu da urade svi ostali.

 

Mogu, ali u svom dvorištu, to je sasvim ok iz bezbednosnih razloga, npr borbe protiv kriminala ili terorizma, to se radi.

Problem je kada se to radi globalno i tajno, bez saglasnosti države koja je kupila opremu. Ako Amerikanci (ili Kinezi) prodaju opremu i softver sa ugrađenim backdoorom nekoj zemlji onda je to veliki sigurnosni problem za tu državu, i taj problem ona ne može da sanira.

Ovde je u pitanju borba za prevlast u globalnom špijuniranju, nešto što prevazilazi snage pojedinačne države i njene sposobnosti da se odbrani. Ako ti neko proda telecom opremu i softver koji je izmenjen fabrički onda teško možeš da se odbraniš od toga, sva tvoja telekomunikaciona infrastruktura i poverljive informacije su na izvolte strancima.

Edited by slow
Posted

To ne da nije ok, nego je suludo ali je druga tema. NSA moze dakle preko Australije potpuno legalno da zaobidje enkripciju posto su jeli sigurno dobri "partneri". Preko ostalih mogu ilegalno 😁. I da se vratimo onda na pocetak i "jace kriptografske protokole": u najboljem slucaju moze da bude ono o kurti i murti, a u praksi ce da bude jahanje i kurte i murte. Doslovno niko nece okaciti kopacke o klin.

Posted (edited)
19 minutes ago, Venom said:

To ne da nije ok, nego je suludo ali je druga tema. NSA moze dakle preko Australije potpuno legalno da zaobidje enkripciju posto su jeli sigurno dobri "partneri". Preko ostalih mogu ilegalno 😁. I da se vratimo onda na pocetak i "jace kriptografske protokole": u najboljem slucaju moze da bude ono o kurti i murti, a u praksi ce da bude jahanje i kurte i murte. Doslovno niko nece okaciti kopacke o klin.

 

Pa jeste tema, Amerikanci su otvoreno govorili mesecima unazad šta im je to problem u vezi kineske 5G opreme, Huaweia i ZTE-a kao kineskih dobavljača. Naprasno su se setili kršenja sankcija da bi otpočeli 5G rat, to im je bio neposredan povod, uzrok je ono prvo, globalna utakmica u prisluškivanju. Nije im problem to što oni rade godinama, već što sada Kinezi imaju priliku da rade isto što i oni.  :D

 

 

 

Edited by slow
Posted
Ako ti neko proda telecom opremu i softver koji je izmenjen fabrički onda teško možeš da se odbraniš od toga, sva tvoja telekomunikaciona infrastruktura i poverljive informacije su na izvolte strancima.


OT: koliko je moguće uspomoć domaće pameti „zakrpiti“ backdoor, bilo hardverski ili softverski, kad kupiš tako neku značajniju komunikacionu opremu npr. za potrebe vojske ili poverljivih državnih veza?

Poslato sa HUAWEI VNS-L21 uz pomoć Tapatoka

Posted

Nije toliki problem - kad znaš da ima nešto. Problem je kad ne znaš - ipak su to milioni linija koda... na primer OpenSSL je imao rupu 15+ godina za koju se nije znalo... 

Paranoici sa parama (vojska, banke...) ukrštaju tehnologiju više različitih proizvodjača, na primer sve prolazi kroz 2 ili više firewalla, obavezno različite tehnologije... 

Posted

Pa recimo da posle juesej vs. dojčland slučaja možeš osnovano pretpostaviti da uvek ima, zato i pitam. Ne postoji fora da neki AI „skenira“ kôd na prepoznate rupe, tipa onoga što se radi sa bazama podataka o virusima? 

Posted
3 minutes ago, Tribun_Populi said:

Pa recimo da posle juesej vs. dojčland slučaja

Ili npr Iranske centrifuge VS stuxnet 

Posted
6 hours ago, Tribun_Populi said:

OT: koliko je moguće uspomoć domaće pameti „zakrpiti“ backdoor, bilo hardverski ili softverski, kad kupiš tako neku značajniju komunikacionu opremu npr. za potrebe vojske ili poverljivih državnih veza?

 

Pa zavisi na koga si se namjerio - rekao bih da generalno možeš da se slikaš kad su troslovne agencije umješane.

Posted

Sve te sa tri slova na gomili < jedna jedina sa 6 slova u imenu. 

Posted (edited)
13 hours ago, Tribun_Populi said:

 


OT: koliko je moguće uspomoć domaće pameti „zakrpiti“ backdoor, bilo hardverski ili softverski, kad kupiš tako neku značajniju komunikacionu opremu npr. za potrebe vojske ili poverljivih državnih veza?
 

 

 

Skoro nemoguće. Veliki igrači se trude da prave komunikacionu i vojnu opremu sa što više svojih komponti. Idealno bi bilo da se proizvodi sve, od hardvera do softvera, ali je taj luksuz rezervisan za USA, Rusiju, Kinu, Izrael i možda još par država.

Rusi npr prave svoje mikroprocesore (Elbrus-8 i Elbrus8s) u državnoj firmi MCST. Pored ostalog ugrađuju ih i u superkompjutere...

http://mil.today/2017/Science29/

 

Ako nisi u top 5, osuđen si da kupuješ komponente za kritičnu infrastrukturu, a to je uvek mačak u džaku, i to u džaku koji nema šanse da zakrpiš.

Npr velika švajcarska firma Crypto AG, koja proizvodi kriptografsku opremu snabdeva veliki broj država, čak i velikih. Ta oprema se koristi u tim državama u njihovim diplomatskim predstavništvima, obaveštajnim agencijama i vojsci. 

 

https://www.crypto.ch/en

 

Međutim, ispostavilo se da su njihovi proizvodi sa ugrađenim backdoorom, za koji su ključ imali NSA, BND i britanske službe 

 

Quote

According to declassified (but partly redacted) US government documents released in 2015, in 1955, Crypto AG's founder Boris Hagelin and William Friedman entered into an unwritten agreement concerning the C-52 encryption machines that compromised the security of some of the purchasers.[4] Friedman was a notable US government cryptographer who was then working for National Security Agency (NSA), the main United States signals intelligence agency. Hagelin kept both NSA and its United Kingdom counterpart, Government Communications Headquarters (GCHQ), informed about the technical specifications of different machines and which countries were buying which ones. Providing such information would have allowed the intelligence agencies to reduce the time needed to crack the encryption of messages produced by such machines from impossibly long to a feasible length. The secret relationship initiated by the agreement also involved Crypto AG not selling machines such as the CX-52, a more advanced version of the C-52, to certain countries; and the NSA writing the operations manuals for some of the CX-52 machines on behalf of the company, to ensure the full strength of the machines would not be used, thus again reducing the necessary cracking effort. Crypto AG claims that the products it currently sells are not compromised.

 

a imaju tako lepa rešenja:

 

https://www.crypto.ch/en/solutions/crypto-network-centric-warfare-solution

 

https://www.crypto.ch/en/solutions/crypto-secure-diplomatic-messaging-solution

 

https://www.crypto.ch/en/solutions/crypto-e-government-solution 

 

:happy:

 

 

Edited by slow
Posted

pa sta su mislili, da ce kinezi da predju preko toga ko da se nista nije desilo?

×
×
  • Create New...