Chinese & Russian Encryptions

coldbugcoldbug Member Posts: 189
I was just wondering how Chinese and Russians tolerate using US's NSA Encryption standards. Pretty sure they really hate to use ours since they do everything on their own way and there is no way they will let us watch their data transfer. I've heard that you can't hide anything from NSA and they have a backdoor to your data.
Do you guys think they have developed their own AES by now?
"If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."

Comments

  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    You obviously hasn't researched the subject.

    1. No known even theoretical way to break AES, other than very convoluted only slightly better than brute force ways that are equivalent to ciphers with slightly lower key sizes.

    2. They have their own algorithms and have been using them for decades and all their government communication must use their own algorithms.
  • coldbugcoldbug Member Posts: 189
    You obviously hasn't researched the subject.

    1. No known even theoretical way to break AES, other than very convoluted only slightly better than brute force ways that are equivalent to ciphers with slightly lower key sizes.

    2. They have their own algorithms and have been using them for decades and all their government communication must use their own algorithms.

    Oh really? All countries use their own algorithms? Not to disagree with you, but it won't work with every countries. For example, Myanmar. They barely had internet 10 years ago and I don't think they are smart enough to create their own.
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    coldbug wrote: »
    Oh really? All countries use their own algorithms? Not to disagree with you, but it won't work with every countries. For example, Myanmar. They barely had internet 10 years ago and I don't think they are smart enough to create their own.

    And where did "All countries" quote come from exactly? But nevermind, I'm outta here
  • beadsbeads Senior Member Member Posts: 1,520 ■■■■■■■■■□
    These algorithms are the results of numerous encryption "bake-offs" or competitions sponsored by the US Government under the care of... the NSA of course. First step is publishing the proposed encryption solution, allowing fellow cryptologists to review the underlying maths and finally testing the concept in order to either make the algorithm better or to utterly destroy it.

    Every few years the US Government/NSA will ask for these refined protocols to be submitted for further testing to replace the current AES encryption. Same with hashes, etc. Its very much a known quantity at this point and most possible solutions fail rather quickly if they haven't already. Go look up some of the past runners up like: two-fish, LOKI, the list goes on and on.

    AES (FIPS 197) is the short name/subset of Rijndael (pronounced RAIN-DOLL) encryption standard later certified and adopted but not written by the NSA.

    The answer to the OP's question is simple. There is no need to develop another encryption standard when the one provided is already secure and documented as not having a backdoor. Audit after audit. The algo is out there in the public domain. Who cares if their favorite was trounced in competition after competition. And as I said above: Who you gonna talk to after your encryption is in place? No one that's who.

    - b/eads

    Simply put the world uses AES in its many forms (standard, compact, fast, very fast) as the gold standard of encryption because it works. Why reinvent the wheel? The algorithm is freely distributed and if you have the mathematical brilliance to make it better, by all means, please do so. The Chinese and Russians both use the AES standard though throughout history have tried to create and support their own homegrown crypto, these solutions are usually quickly and quietly retired because of flaws. Why? First because of compatibility with every other piece of equipment out there and secondly most cryptologists are more than happy to show the world how brilliant they already are at breaking inferior crypto. Its a bit like sadomasochism to one's own work.

    If you could post a few examples of currently in use, not yet broken cryto from either of these two countries I would be happy to investigate farther. Currently, I have a Tableau device combined with a rockin' good support PC replete with your choice of either Passware and/or Elcomsoft ready to break whatever you might need to break most encryption.

    Yes, AES-128 with SHA-1 has been depreciated and no longer supported on your SSL/TLS certs since December 2016, etc. If your still using these algo's I suggest replacing them ASAP.

    Look up Sweet32, birthday attacks, etc.
  • jelevatedjelevated Member Posts: 139
    Crypto is Crypto. If AES fits the use case, they will use it as well. AES is as good as it gets so no point in them trying to reinvent the wheel. Maybe for a subset of very sensitive communications but even then, AES would work.

    The crypto keys are a much more attractive target. They're tiny, easier to grab, and depending on how you do it, it can give you persistent access if the keys aren't rotated by the parties using them.
  • coldbugcoldbug Member Posts: 189
    beads wrote: »
    ....Currently, I have a Tableau device combined with a rockin' good support PC replete with your choice of either Passware and/or Elcomsoft ready to break whatever you might need to break most encryption....

    $599 for up to 5 clients. What does it mean by per client? Users? and is it legal to encrypt someone's passwords?
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
Sign In or Register to comment.