J.TrIDr3ESpPJEs ID: 473e1b June 13, 2018, 10:28 p.m. No.1740948   🗄️.is 🔗kun   >>1936 >>1214 >>1276 >>1443 >>2001 >>6672

Just as a word of warning (and a consideration to the "The Q" comments, of which this does reek of advanced mil-int), AES is NIST approved, which in my book always constitutes it as being 'backdoored'.

 

Certain types of AES (such as NoPadding variants or ECB - Electronic Code Book) have fundamental weaknesses (NoPadding is vulnerable to 'Oracle attacks' - look it up), and my thoughts are the NSA (who likely nudged NIST into approving AES - remember, AES is used by the US government) built fundamental mathematical backdoors into it (basically, a mathematical backdoor is 'if you calculate X in a slightly different way, you get more efficient returns, EG in brute forcing attacks').

 

What 'StarGate' is describing sounds EXACTLY like a mathematical backdoor (the whole point of an encryption algorithm is that it's meant NOT to be 'easily brute forceable' if you change certain aspects of it), and I highly doubt they just 'casually' discovered such a backdoor in an algorithm that has been around for quite some time, which either means:

 

1) SG is some sort of insane genius (timing is circumspect, as is their disregard for Julian Assange's safety - they could have kept this quiet), but with no prior history establishing as such I doubt this.

 

2) SG works for a research body or university with the resources necessary to make solving this equation possible (IE with cryptographic experts, mathematical professors, and the like), or the most likely in my book,

 

3) SG is an NSA employee and the NSA, in their sheer desperation and panic over Q, and in an effort to neutralise Julian Assange in the same move, have voluntarily given up a mathematical backdoor in their own proposed encryption (note: this is a double-edged sword, ANY AES based encryption is hypothetically exposed - although I notice SG is VERY quiet on the details of how exactly he did it) and are thus publishing the passcodes in order to nullify Julian Assange's insurance policy.

 

If it is the third case, then we can be confident the NSA already read the insurance files, and have concluded either there was nothing of merit, or they've already solved whatever problems they've presented.

 

It's unclear what benefit it would have to expose this information publicly though (why not just neutralise Julian Assange and let the whole thing naturally flop?), unless their goal is to now discredit Julian Assange by basically saying 'hah, his insurance files contain nothing (because we've already purged the evidence'.

 

Either way, something about this reeks, and I'd advise we dig just a little further into StarGate to validate their claims. People don't just make major breakthroughs on cryptography overnight - usually specialist researchers 'chisel away' at a problem set.

J.TrIDr3ESpPJEs ID: 473e1b June 13, 2018, 10:42 p.m. No.1741090   🗄️.is 🔗kun   >>2453 >>2734

Just to prove I'm not the first to have thought about AES being backdoored:

 

"I wouldn't assume that the NSA has cracked AES ciphers. I would assume that most crypto systems that use AES have implementation flaws that the NSA exploits when they feel it is worth it. "

 

https://crypto.stackexchange.com/a/2252 (As early as 2010)

 

Maybe Julian Assange had a nonce moment in picking a government approved crypto, but I'd advise people always wrap their own data in their own crypto prior to placing it inside a 'trusted' crypto.

 

"Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze."

 

https://www.wired.com/2012/03/ff_nsadatacenter/5/

 

NIST approval:

https://www.nist.gov/publications/advanced-encryption-standard-aes

 

Oracle padding attack:

https://en.wikipedia.org/wiki/Padding_oracle_attack

 

Why ECB is insecure:

https://crypto.stackexchange.com/a/20946

 

If you guys ever plan to do insurance files, pro-tip:

 

1) Use different encryption algorithms for each individual file or file groupings (this would force the NSA to give up a lot of legwork just to expose it)

 

2) Build your own crypto, and have that as the 'primary' layer (hardwork, but understanding crypto reaps it's own benefits). A lot of experts will say 'but yours will be flawed'. Yes, but so are the NSA's: your own flaws means a manual analysis and time has to be spent looking for those flaws (more time = more security).

 

3) Make sure some insurance files are kept with specific trustworthy individuals who cannot leak the information online until after a specific period.

 

End result:

 

1) Breaking one encryption does not break all of them, so some insurance remains.

 

2) Breaking the outer layer encryption does not break the inner layer.

 

3) Even if both broken, having isolated units of other insurance files that cannot be easily obtained means there's still coverage (even the thought of 'missed insurance files' as a scare-thought is still insurance)

 

Adage: don't put all your insurance files in one encryption basket.