[Bradford] Search engine: StartPage
Robert Burrell Donkin
robertburrelldonkin at gmail.com
Sat Jul 6 16:02:32 UTC 2013
On Fri, Jul 5, 2013 at 10:33 PM, Alice Kaerast <alice at kaerast.info> wrote:
<snip>
> The NSA have had access to not just the companies explicitly named in the
> Prism leaks, but core routers around the world. We know that this includes
> China, I haven't been following closely enough recently to know if it
> includes Europe.
The raptor stuff in the late 90's is consistent with British engineers
handling the European theatre.
The special relationship is best understood as a continuation of the
wartime cooperation which won two wars (one hot, one cold). Hence,
spheres of responsibility are likely (yet again, old dogs etc). So, it
is reasonable to expect that the Brits would get Europe, the Aussies
south-east asia outside China and the US+Canadian the rest of the
world. Of course, given the turf-wars amongst US agencies and
distrust, I would also expect that the US also conducted
extra-curricula activities and black ops to reassure themselves that
none of the others were playing a double game...
> Snowden claims that good security still can't be broken by
> the NSA, but we don't know if that includes SSL.Startpage.com use SSL, but
> only 128-bit encryption, the certificate is only 2048 bit
These are almost certainly too low to avoid being cracked if the NSA
has reason to target you. Probably strong enough to avoid being broken
routinely (unless the key is within one of the islands of weakness).
However (after the British debacles in the 20s) the NSA is almost
certainly not going to supply intelligence to law enforcement or
politicians that show they can break the current encryption standards
out there. The same goes for the Brits and the Chinese.
The danger lies in public exposure of current operational capacities
by well meaning leaks.
Were this to happen, the inmates that run this asylum would have no
excuses left for failing to pander to bigotry, vested interests and
dirty money. The French have already tried this approach when they
banned strong (by which they mean laughably weak) crypto. But people
on the internet just said 'Stuff that for a game of Soldiers" and
ignored the law. Turned out their police had better things to do than
arresting everyone who used a computer...
Were the public exposure scenario to play out, then I expect that
everyone would just step up to 9k certs and 2k session keys. The NSA
would then deploy improved cracking methods without telling the
politicians. And the good old game would begin again, just a little
wiser and dirtier than last time...
Lots of fun :-)
Robert
More information about the Bradford
mailing list