Russia hacked lightweight FBI radios

Status
Not open for further replies.

jonwienke

More Info Coming Soon!
Joined
Jul 18, 2014
Messages
13,409
Location
VA
My parents never expected to see smartphones, HDTV or a man on the moon.
Every one of those things was believed to be possible long before they became a reality.
Smartphones: communicators in Star Trek.
HDTV and space travel: too many references to list.

Nobody has proposed a plausible way to crack AES, besides brute force and social engineering. And brute force, even assuming Moore's Law extrapolates out to single-atom transistors, isn't going to happen.
 

slicerwizard

Member
Joined
Sep 19, 2002
Messages
7,718
Location
Toronto, Ontario
Let's see - so far, we've got "AES will be cracked because Enigma, man on the moon, Moore's Law, quantum computing, Bitcoin mining gear, what one man makes, another can take apart...

At least another dozen "reasons" why AES is toast have been floated on the RR forums. They're all poppycock. Sorry, just stating the facts.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,471
Not going to happen!
Forget AES-256. Consider AES-128.
If some machine existed that could test 2^80 possible key variables a second (that's 1,208,925,819,614,629,174,706,176 keys a second) which is very unlikely to exist anywhere, it would take that machine about 100,000 years to test just 1% of the key space.
For AES-256 multiply 100,000 years by 2^128 to test 1% of the key space.

I had to come back to this. If as you state, AES-128 Is so very secure that it would take 100,000 years to test 1% of the key space, why bother with a 256 bit key space? Do the developers know something we dont?
 

jonwienke

More Info Coming Soon!
Joined
Jul 18, 2014
Messages
13,409
Location
VA
It's a safety factor to keep the algorithm secure even given quantum computing and Moore's Law hitting the fundamental limits of technology.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,471
It's a safety factor to keep the algorithm secure even given quantum computing and Moore's Law hitting the fundamental limits of technology.


So the developers perceive a point in their lifetime where somehow 128 bits is breached. This is important because going to 256 bits has a real cost when scaled over all the devices that must accommodate it.
 

jonwienke

More Info Coming Soon!
Joined
Jul 18, 2014
Messages
13,409
Location
VA
128 bits is unlikely to be cracked, except possibly by quantum supercomputers. For average folks, that's good enough, but for governments who need to keep encrypted messages secret for a long time, that may not be good enough. 256 bits adds a substantial safety factor above and beyond even the most wildly optimistic estimates of possible advances in computing technology.
 

prcguy

Member
Premium Subscriber
Joined
Jun 30, 2006
Messages
16,570
Location
So Cal - Richardson, TX - Tewksbury, MA
128 bit AES is a Type 3 encryption that anyone can own and use in the US. 256 bit AES is a Type 1 classified level encryption and not legal to own or use by us mortal humans. It would require an account with the NSA and an authorized custodian for the equipment.


128 bits is unlikely to be cracked, except possibly by quantum supercomputers. For average folks, that's good enough, but for governments who need to keep encrypted messages secret for a long time, that may not be good enough. 256 bits adds a substantial safety factor above and beyond even the most wildly optimistic estimates of possible advances in computing technology.
 

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
I'd also note that as far as I'm aware, to date, some algorithms with less pedigree, like DES and RC4, have not even been cracked.


Then I hate to say it but you are in fact not aware. I can tell you right now that there exists a DSD+ version that can crack ADP on the fly, but they won't release it to the public for obvious reasons. There's other methods as well... Now if ADE is anything like WEP WiFi encryption with interesting IVs, the game is over very fast and I have to wonder if that's how that non-released version of DSD+ can do it.

Also, there was a write up by a hacker or what ever you want to call him that broke ADP I think it was and published a paper about it. The article was mentioned on slashdot and is echoed on all sorts of radio hobby websites. All you really have to do is use the search terms, "ADP +crack" in Google to find the relevant material I'm talking about.
 

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
I don't discount the possibility of peeps choosing weak keys - in fact I've seen it from time to time. It's still not cracking. And it's your only hope for AES.


Believe it or not, SCADA systems are like this and Shodan is the key to the "universe."

128 bit AES is a Type 3 encryption that anyone can own and use in the US. 256 bit AES is a Type 1 classified level encryption and not legal to own or use by us mortal humans. It would require an account with the NSA and an authorized custodian for the equipment.


So my use of AES256 with full disk encryption is illegal? BAHAHA! Even the Cert for a website I run?
 

mikewazowski

Forums Manager/Global DB Admin
Staff member
Forums Manager
Joined
Jun 26, 2001
Messages
13,780
Location
Oot and Aboot
128 bit AES is a Type 3 encryption that anyone can own and use in the US. 256 bit AES is a Type 1 classified level encryption and not legal to own or use by us mortal humans. It would require an account with the NSA and an authorized custodian for the equipment.

I think you'd better cite your source on this one.
 

prcguy

Member
Premium Subscriber
Joined
Jun 30, 2006
Messages
16,570
Location
So Cal - Richardson, TX - Tewksbury, MA
Look here under Type 1 product: NSA cryptography - Wikipedia

"A Type 1 Product refers to an NSA endorsed classified or controlled cryptographic item for classified or sensitive U.S. government information, including cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed". VINSON and Fascinator encryption share the same category.

Then look up Type 3 products further down on the page and you will find the earlier AES 128 flavor which is bundled with DES, etc. A Type 3 product is "Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. A Type 3 Algorithm refers to NIST endorsed algorithms, registered and FIPS published, for sensitive but unclassified U.S. government and commercial information".

If you, a regular human is in possession of a Type 1 encryption device, its supposed to be under control of a custodian and someone would be in trouble for loosing control of it. If the US Govt finds out you have a Type 1 device you can get a visit from someone in the Govt to fetch it back. This happens a lot with military radio collectors.

I think you'd better cite your source on this one.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,471
128 bit AES is a Type 3 encryption that anyone can own and use in the US. 256 bit AES is a Type 1 classified level encryption and not legal to own or use by us mortal humans. It would require an account with the NSA and an authorized custodian for the equipment.

There are export restrictions, but as far as I know there is no restriction on US citizens owning AES 256 .
 

mikewazowski

Forums Manager/Global DB Admin
Staff member
Forums Manager
Joined
Jun 26, 2001
Messages
13,780
Location
Oot and Aboot
You're reading that wrong.

AES-256 is the only flavour of AES good enough to be considered Type I by the NSA.

However AES in general is good enough to be considered Type III by the NSA.

Nowhere does it say regular humans can't possess AES-256.

I'm pretty sure the US Government would have a hard time seizing all those contraband AES-256 devices deployed all over the world.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,471
Look here under Type 1 product: NSA cryptography - Wikipedia

"A Type 1 Product refers to an NSA endorsed classified or controlled cryptographic item for classified or sensitive U.S. government information, including cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed". VINSON and Fascinator encryption share the same category.

Then look up Type 3 products further down on the page and you will find the earlier AES 128 flavor which is bundled with DES, etc. A Type 3 product is "Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. A Type 3 Algorithm refers to NIST endorsed algorithms, registered and FIPS published, for sensitive but unclassified U.S. government and commercial information".

If you, a regular human is in possession of a Type 1 encryption device, its supposed to be under control of a custodian and someone would be in trouble for loosing control of it. If the US Govt finds out you have a Type 1 device you can get a visit from someone in the Govt to fetch it back. This happens a lot with military radio collectors.


The confusion here is that an item must be "appropriately keyed" for it to retain Type 1 CCI. Once it is zeroized it can be disposed of, sent to depot etc without concern. However, export from US is controlled and restricted for such an item. The Fascinator and Vinson are old exceptions where the feds went out of their way to recover the hardware items. They would be very busy today to trying to scoop up AES256 hardware now that it is a part of P25 and being used by many public safety agencies.
 

prcguy

Member
Premium Subscriber
Joined
Jun 30, 2006
Messages
16,570
Location
So Cal - Richardson, TX - Tewksbury, MA
Originally AES 256 was full blown Type 1, can't own it, etc. With further reading it appears it was downgraded to a Type 1 "Suite B" then bundled into a newer category called "Commercial National Security Algorithm" which can even be exported under certain conditions.

I have radios with AES 128 and have never had to worry about those.



You're reading that wrong.

AES-256 is the only flavour of AES good enough to be considered Type I by the NSA.

However AES in general is good enough to be considered Type III by the NSA.

Nowhere does it say regular humans can't possess AES-256.

I'm pretty sure the US Government would have a hard time seizing all those contraband AES-256 devices deployed all over the world.
 

RayAir

Member
Joined
Dec 31, 2005
Messages
1,946
I had to come back to this. If as you state, AES-128 Is so very secure that it would take 100,000 years to test 1% of the key space, why bother with a 256 bit key space? Do the developers know something we dont?

Quantum computers.
AES-256 is designed to resist brute force using a quantum supercomputer if and when one exists.

If one is ever deployed against encryption, all asymmetric algorithms will be rendered useless. On the symmetric side, AES-128 will be reduced to 64-bit strength (weak).
AES-256 would be reduced to 128-bit strength (still very secure).
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
7,471
There is a lot of interesting research going on regarding "side attacks" to AES256. One is actually more successful (but impractical) on AES256 than AES128. AES will be a continuing target of researchers trying to spill its guts.

It kind of reminds me of all those lock picking videos where they show an expensive combo lock getting picked by a sliver of a coke can. One of the combo locks is one I own and recognized on a 60 minutes show about the nuclear bunkers. That same lock is used to protect the codes and keys the pairs of launch officers keep seperate from each other. Scary to think that a rogue launch officer might see a youtube video of that same lock and figure he can get his buddies half of the launch procedure and key with just a coke can and scissors.
 
Status
Not open for further replies.
Top