Home | Community | Message Board

NorthSpore.com BOOMR Bag!
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Bridgetown Botanicals Bridgetown Botanicals   PhytoExtractum Kratom Powder for Sale   North Spore Cultivation Supplies   Unfolding Nature Unfolding Nature: Being in the Implicate Order

Jump to first unread post Pages: 1 | 2  [ show all ]
Invisiblenooneman
Male

Registered: 04/24/09
Posts: 14,561
Loc: Utah
A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :)
    #23476539 - 07/25/16 06:57 PM (7 years, 6 months ago)

I understand completely if this thread might get a little too close to something and ends up removed. I just thought I might write a short, short introduction to these technologies since many people ask about them.

WARNING: I am no expert. I know how to use these technologies, but not to any high level of understanding.


TAILS:
https://tails.boum.org/
This is a linux based OS built around security. It is widely regarded as one of the best and most secure operating systems. Here's it's main advantage: it can be burned onto a CD or DVD, and used without any kind of hard drive (zero records). You cannot infect a CD or a DVD with a virus, or otherwise corrupt it because the moment you reboot everything is back to normal. Also, it includes tor browser and GNUPG.


Tor:
https://www.torproject.org/
Tor is a way to access the internet semi-anonymously (more anonymously than normal anyway). It comes a variety of different ways, but the most common is the Tor Browser, which is a browser bundled with tor in an easy to use format. "Tor Browser" is available for most operating systems.


GNUPG:
https://www.gnupg.org/
This is the most complicated technology here. This allows you to encrypt and decrypt messages. Roughly, it works like this: you create for yourself a private key and a public key (these are generated together). You keep your private key secret. Your public key can be used by someone else to encrypt a message. This message can then only be decrypted by you using your private key. Likewise, using someone else's public key you can encrypt a message that only they can decrypt.

The various GUI versions of GPG allow you to quickly and easily generate yourself a private/public key pair. You should generate one of these, and give your public key to anyone who you want to communicate with. Generally there is an option to "encrypt" or "decrypt" a message, as well as options to "import credentials" and so on.

Try encrypting and decrypting a few messages using your own public and private keys to get a feel for it. Try generating a few different private/public key pairs, and encrypting and decrypting using this variety of different keys to get an even better feel for it.


Bitcoin:
https://localbitcoins.com/buy_bitcoins
https://blockchain.info/
https://www.coinbase.com/
There are a large number of ways to buy bitcoin. The first thing you need is a bitcoin wallet. You can get these from sites like blockchain.info or coinbase. There are even more sites and ways to have wallets, but these are the two most common.

Once you have a wallet, you need to buy bitcoin. You can either do this in person using "localbitcoins.com" or you can use your bank account or ATM card on coinbase and other sites. There are also bitcoin ATMs that allow you to buy bitcoin at an ATM like machine without interacting with anyone. These are also listed in localbitcoins.com and other websites.

When you buy bitcoin, you may need to "receive" the bitcoin into your wallet. This normally involves going into your wallet on your phone or computer and clicking "receive." You will then be given a code and one of those QR code things that you will have to give to the person/machine/etc sending you bitcoin.

To transfer bitcoin to another person, you go into your bitcoin wallet and click send. You will have to either scan the QR code that they give you, or enter in the code manually.

Buying, selling, and transferring bitcoin takes time. Generally, for transfers it happens in 30 minutes or less, but sometimes much more. Buying bitcoin can require much longer waits depending on who you're buying from. A bitcoin ATM is almost instant, while a website might require a waiting period of days.


VPN:
http://www.pcmag.com/article2/0,2817,2403388,00.asp
VPN stands for virtual private network. It is a secure network that you log into through which you access the internet.

The advantage is that your ISP cannot tell what you're doing on the internet because all your data is encrypted for the VPN. This means if your ISP is delivered a warrant, they will only be able to hand over encrypted data. Further, your ISP will have no idea what you're doing online, so if anyone from your ISP snoops on you they will find nothing.

The disadvantage is that from a security perspective you provide your opponent with what is called "a larger attack surface." Instead of only your ISP having access to your data, now both your ISP and your VPN have access to your data. This means that there are two opportunities to steal/break into/etc. your data instead of one. Further, using a VPN is relatively suspicious. Having said that, it's unlikely that someone would bother unless you caught the serious interest of a nation-state.

VPNs which are out of the country are not necessarily under an obligation to provide data to US law enforcement even if they have a valid warrant. Not all VPNs operate in such a way that this is possible, but some do.

You want a VPN that takes bitcoin as payment so that you are not tied to your VPN.




If anyone has anything they'd like to add, or if I got something wrong please feel free to post! As I said, I'm no expert in this stuff, I just know the basics of how to use it.


Edited by nooneman (07/25/16 06:59 PM)


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: nooneman]
    #23477669 - 07/26/16 04:53 AM (7 years, 6 months ago)

Tails running Tor through a VPN is a good idea although Tor has already shown to have several vulnerabilities. The VPN you use will only be as good as they say/their reputation in that they truly delete their logs an do what they say ie...(are respectable). Bitcoin as a crypto currency has proven to be increasingly vulnerable to attacks/ hacks although it has recently shown to be on the rebound an could potentially revalue to what it once was. PGP encrypted messages is another good suggestion for encrypted communication as is using a public wifi connection rather than the house while doing all of the above. Regardless depending what you do an the types of crimes you commit you can still be found using all the encryption available to us the public as governments are already way past it and onto future encryption technology such as quantum encryption/computing. All backbone traffic is intercepted by the NSA in the United States I would imagine so in other countries and can eventually be de crypted if you pose any significant threat to the nation or commit a significant crime. Also the more time you do large buys or whatever you do of course the chances of getting busted are higher as well, small drug buys at random intervals will probably not warrant enough attention but it is still possible. The early days of masking behind Tor are over an there are now several task forces from multiple agency's that are dedicated to combating cyber crime on Tor.


Edited by tdubz (07/26/16 05:06 AM)


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23663726 - 09/20/16 11:46 PM (7 years, 4 months ago)

Sorry to bump old thread but wanted to add that I've been advised to not use Tor because it is the FBI's system.  That would explain Tor's "vulnerabilities".  When I asked this person what system he uses for his company that operates in multiple countries, he said he couldn't tell me or he'd have to kill me.

So I'm looking at VPN's recommended in these two articles:

https://www.bestvpnprovider.com/best-logless-vpn-services/

http://www.howtogeek.com/221929/how-to-choose-the-best-vpn-service-for-your-needs/

Considering Ecuador provides asylum for Julian Assange, I'd love to find a VPN based in Ecuador since they are clearly not interested in bending over for bullies.

Thanks OP for posting and opening discussion.  I just saw the new Snowden movie; saw documentary last year.  US Govt is not messing around - it's collecting any and everything not protected.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
    #23663761 - 09/21/16 12:01 AM (7 years, 4 months ago)

Tor has various vulnerabilities it's a false sense of security, just depends what you do on it if the feds decide to go after you. It has lost it's credibility of being secure. Several articles point this out no matter how much they the tor staff attempt to fix holes.


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23663859 - 09/21/16 12:36 AM (7 years, 4 months ago)

I believe this statement in the OP is incorrect:  "The disadvantage is that from a security perspective you provide your opponent with what is called "a larger attack surface." Instead of only your ISP having access to your data, now both your ISP and your VPN have access to your data. This means that there are two opportunities to steal/break into/etc. your data instead of one."

A good VPN will keep your ISP from seeing your activity (and prevent the ISP from keeping logs), otherwise what would be the point of a VPN if the ISP has everything logged and accessible with a simple subpoena.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
    #23663892 - 09/21/16 12:51 AM (7 years, 4 months ago)

The NSA can surely crack VPN encryption can the FBI, I don't know again just depends on the severity of crime you are committing. Small drug buys might not warrant the need for the FBI to ask for the NSA's help but other stuff most certainly can. The NSA can hack and see everyone pretty much they are the master hackers after all. Even the masters get fucked once in awhile as was seen by the Snowden leaks and the Shadow brokers leak.


Extras: Filter Print Post Top
Invisiblesh4d0ws
LSx
I'm a teapot User Gallery

Registered: 02/26/08
Posts: 12,086
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23666333 - 09/21/16 08:48 PM (7 years, 4 months ago)

I am not well versed in the topic, but curious, how do certain very large dark net marketplaces that operate on Tor get away with it if Tor is compromised?


--------------------


Extras: Filter Print Post Top
Invisiblenooneman
Male

Registered: 04/24/09
Posts: 14,561
Loc: Utah
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: sh4d0ws]
    #23666486 - 09/21/16 09:36 PM (7 years, 4 months ago)

If the US started busting markets, it would reveal the flaws in TOR that they're exploiting which would subsequently be patched. Then the US wouldn't be able to take down even more important targets like people selling childporn, murder for hire, nuclear materials, etc.

Further, if the market is in China or Russia, how is the US planning on prosecuting? Especially if the police are taking a cut, prosecuting someone in a corrupt third world country is virtually impossible.

Additionally, taking down markets appears to only end up creating more markets, so it's probably a bad idea for them because they'll only be diversifying the number of markets.

Quote:

Sarah Tonin said:
I believe this statement in the OP is incorrect:  "The disadvantage is that from a security perspective you provide your opponent with what is called "a larger attack surface." Instead of only your ISP having access to your data, now both your ISP and your VPN have access to your data. This means that there are two opportunities to steal/break into/etc. your data instead of one."

A good VPN will keep your ISP from seeing your activity (and prevent the ISP from keeping logs), otherwise what would be the point of a VPN if the ISP has everything logged and accessible with a simple subpoena.



Also, this is not an incorrect statement. A larger attack surface is a larger attack surface no matter how you cut it.

You have two things you can potentially target with a VPN and an ISP rather than just one which is always bad because if you have two things you can target then if you fail at targeting one you can just target the other. You're combining all the worst aspects of security of any two things whenever you combine two things instead of having just one. Essentially you inherit all the least secure parts of both as well as providing backup plans and more opportunities for attack.

If you have access to either the VPN or the ISP then you don't need to crack anything because you can perform a man in the middle attack.


Edited by nooneman (09/21/16 09:41 PM)


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: nooneman]
    #23666555 - 09/21/16 09:59 PM (7 years, 4 months ago)

:whathesaid:

If you have a window into crime, you don't destroy your window.  You just use the info you gain without destroying the window (allowing the criminal to know how the info was obtained that allowed him/her to get busted).

For those of you able to run Linux, Kali Linux has been recommended as an offensive operating system that can be kept on a thumb drive.  Another great feature is that a second "nuclear" password can be set up so that if ever under duress and being forced to log onto one's computer, the nuclear password can be entered which destroys the content upon entering.  And then it's retrievable, repairable later.  And if anyone takes the thumb drive, it's not a huge loss.  This may be one of the few NSA-proof programs out there.  Still researching all this.

But a good start seems to be VPN - at least that locks your ISP from gathering your data.  ISP's are required by law to log your activity at least in the US, Australia, and some other countries, maybe Canada and UK?  And all ISP's will turn over their logs to any law enforcement in a heartbeat. 

VPN's that do no logging whatsoever and that will take payment in form of bitcoin &/or gift cards (yes, that's right, gift cards for stores) will be the most secure if one is wanting to be totally invisible.  If they do no logging whatsoever, then they have nothing to reveal should a warrant be issued.  It's my understanding that it is obvious if one is using VPN but that using VPN is actually very smart and justifiable for anyone frequenting public wi-fi and in no way denotes a criminal.  VPN also allows a person to access their own network while traveling, another reason lots of non-criminals have VPN's.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: nooneman]
    #23666586 - 09/21/16 10:15 PM (7 years, 4 months ago)

The FBI can warn other police agencies in other countries to arrest people that's no problem and one way of America policing the world. This has been seen with the 2015 playpen hack which compromised thousands of computers all over the world. What the United States is doing policing other countries is a great question, but apparently all internet traffic get's routed through surveillance states so there is no way around it.


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23666615 - 09/21/16 10:25 PM (7 years, 4 months ago)

I hadn't heard about the Shadow Brokers until your mention of it.  That's cool.  Will have to check out the 2015 playpen hack. 

Anyone have any idea how difficult it is to run Linux?  And can I run Linux (or better Kali Linux) on a Mac part-time?  One of the medical sites I need to access regularly for work cannot be accessed from a Linux OS.  Is it possible to run another OS and just plug in Kali Linux with a thumb drive all the other times that I'm not on the medical site?


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
    #23666632 - 09/21/16 10:33 PM (7 years, 4 months ago)

Linux Mint is fairly user friendly.


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23666652 - 09/21/16 10:38 PM (7 years, 4 months ago)

Can I switch off to Safari at times and run Linux Mint from a thumb drive?


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
    #23666655 - 09/21/16 10:40 PM (7 years, 4 months ago)

Not sure on that one, though I do believe you can run from a CD or USB stick without installing.


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23666696 - 09/21/16 10:49 PM (7 years, 4 months ago)

Quick search looks like I can partition it and still keep OS X for updates.  USP would be even better if that's possible.  Really would like to try the Kali Linux although their site says it's not for beginners unfamiliar with Linux, so maybe I should start with Mint and work my way up.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
    #23666717 - 09/21/16 10:56 PM (7 years, 4 months ago)

And yes I do have a conspiracy theory that Tor was an has always been a government honeypot to snare all kinds of criminals. It's pretty much genius in terms of social control. Let the internet do all the hard work of bringing the criminals out to light right from their computers, I guess that's why they call it the dark net.


Extras: Filter Print Post Top
OfflineSarah Tonin
Gardener Gone Astray
 User Gallery

Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 17 hours
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23666749 - 09/21/16 11:07 PM (7 years, 4 months ago)

Hell yeah, makes perfect sense.  My guess is that the only reason Wikileaks gets to keep a site up is that they promote the use of Tor, feeding the lambs up for slaughter.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
    #23702352 - 10/03/16 03:09 AM (7 years, 3 months ago)

The fifth estate is a pretty good documentary on wikileaks, I doubt they are doing anything but exposing the wires. Hell Assange is still in asylum which he probably will be for life.


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23702993 - 10/03/16 10:01 AM (7 years, 3 months ago)

Quote:

tdubz said:
The NSA can surely crack VPN encryption can the FBI, I don't know again just depends on the severity of crime you are committing. Small drug buys might not warrant the need for the FBI to ask for the NSA's help but other stuff most certainly can. The NSA can hack and see everyone pretty much they are the master hackers after all. Even the masters get fucked once in awhile as was seen by the Snowden leaks and the Shadow brokers leak.




Do you have any proof to corroborate your claims? Assuming you're not referring to broken tech like PPTP with MS-CHAPv2, IPv6 traffic leakage or brain-dead "sysadmins" that lack the knowledge to properly configure a VPN (e.g. - using MD5 or SHA1, self-signed certificates, insecure key files, deprecated protocols.).

To recap; can someone, not just a nation-state actor, exploit a VPN? Yes, provided the target VPN was configured without following best practices.

Is there an fundamental issue with Virtual Private Networks that renders them useless, insecure or ineffective? No.

The fact is, your VPN is only as secure as the practices that were followed during implementation. That said, rather than depending on someone else (like a commercial VPN provider who is only worried about saving money and satisfying the lowest common denominator) to do things right, it is advantageous for a user to learn how to properly configure and implement a VPN and do so.

Best practices are aptly named. Failure to adhere to best practices will result in less-than-desirable results. Unfortunately, most (if not all) commercial VPN providers do not follow best practices for compatibility reasons.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: h0ldthedoor]
    #23704165 - 10/03/16 04:09 PM (7 years, 3 months ago)

I will have to dig through the NSA programs, but yes I can find the specific program they use in which they have claimed to be able to either decrypt or intercept most VPN data regardless of provider or set up.


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23705113 - 10/03/16 09:36 PM (7 years, 3 months ago)

Quote:

tdubz said:
I will have to dig through the NSA programs, but yes I can find the specific program they use in which they have claimed to be able to either decrypt or intercept most VPN data regardless of provider or set up.




Great, the security community would benefit greatly from a public disclosure like you are describing.

Defeating the protection offered by properly configured encryption, within the last four years would be no small feat; especially for the NSA.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: h0ldthedoor]
    #23706206 - 10/04/16 09:45 AM (7 years, 3 months ago)

https://www.lawfareblog.com/nsa-and-weak-dh

This may be the only NSA capability suggested to date that is mostly-NOBUS (Nobody But Us).  Today, building such a supercomputer truly is a $100M program (and add another 0 for classified markups and trusted fabs), limiting the ability of others to perform the same attack.  Unfortunately Moore’s law on price/performance remains.  What takes a $100M supercomputer today takes a $10M supercomputer tomorrow and a $1M supercomputer the day after that.

The NSA is directly breaking the the cryptography of VPN architecture, the exchange keys themselves. As computers get faster an cheaper (and the government has more money) they can decipher the exchange keys at a faster rate regardless of the encrypted protocol used.

It's not really about having a properly configured client and server...the NSA is breaking the VPN cipher keys in general and all encryption types for that matter.

http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/

The cost for adversaries is by no means modest. For commonly used 1024-bit keys, it would take about a year and cost a "few hundred million dollars" to crack just one of the extremely large prime numbers that form the starting point of a Diffie-Hellman negotiation. But it turns out that only a few primes are commonly used, putting the price well within the NSA's $11 billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."

"Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."

The article you posted has a lot more sources about this I'm not sure what we are arguing about.

VPN as mentioned above can be cracked regardless of configuration. By a nation state actor such as the NSA with an profound budget. 


Edited by tdubz (10/04/16 09:54 AM)


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
    #23706722 - 10/04/16 12:41 PM (7 years, 3 months ago)

Quote:

tdubz said:
https://www.lawfareblog.com/nsa-and-weak-dh

This may be the only NSA capability suggested to date that is mostly-NOBUS (Nobody But Us).  Today, building such a supercomputer truly is a $100M program (and add another 0 for classified markups and trusted fabs), limiting the ability of others to perform the same attack.  Unfortunately Moore’s law on price/performance remains.  What takes a $100M supercomputer today takes a $10M supercomputer tomorrow and a $1M supercomputer the day after that.

The NSA is directly breaking the the cryptography of VPN architecture, the exchange keys themselves. As computers get faster an cheaper (and the government has more money) they can decipher the exchange keys at a faster rate regardless of the encrypted protocol used.

It's not really about having a properly configured client and server...the NSA is breaking the VPN cipher keys in general and all encryption types for that matter.

http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/

The cost for adversaries is by no means modest. For commonly used 1024-bit keys, it would take about a year and cost a "few hundred million dollars" to crack just one of the extremely large prime numbers that form the starting point of a Diffie-Hellman negotiation. But it turns out that only a few primes are commonly used, putting the price well within the NSA's $11 billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."

"Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."

The article you posted has a lot more sources about this I'm not sure what we are arguing about.

VPN as mentioned above can be cracked regardless of configuration. By a nation state actor such as the NSA with an profound budget. 




Again,

Quote:

h0ldthedoor said:
Quote:

tdubz said:
The NSA can surely crack VPN encryption can the FBI, I don't know again just depends on the severity of crime you are committing. Small drug buys might not warrant the need for the FBI to ask for the NSA's help but other stuff most certainly can. The NSA can hack and see everyone pretty much they are the master hackers after all. Even the masters get fucked once in awhile as was seen by the Snowden leaks and the Shadow brokers leak.




Do you have any proof to corroborate your claims? Assuming you're not referring to broken tech like PPTP with MS-CHAPv2, IPv6 traffic leakage or brain-dead "sysadmins" that lack the knowledge to properly configure a VPN (e.g. - using MD5 or SHA1, self-signed certificates, insecure key files, deprecated protocols.).

To recap; can someone, not just a nation-state actor, exploit a VPN? Yes, provided the target VPN was configured without following best practices.

Is there an fundamental issue with Virtual Private Networks that renders them useless, insecure or ineffective? No.

The fact is, your VPN is only as secure as the practices that were followed during implementation. That said, rather than depending on someone else (like a commercial VPN provider who is only worried about saving money and satisfying the lowest common denominator) to do things right, it is advantageous for a user to learn how to properly configure and implement a VPN and do so.

Best practices are aptly named. Failure to adhere to best practices will result in less-than-desirable results. Unfortunately, most (if not all) commercial VPN providers do not follow best practices for compatibility reasons.




We are not arguing. There is no room for argument in this presentation of facts.

In the lawfareblog.com link above, it is stated that "Much of the vulnerable VPNs involve VPN hardware, not software." This goes back to the earlier point about brain-dead "sysadmins". If you are running hardware from a decade ago, without taking into consideration the repercussions that could arise from keeping legacy equipment in service despite the advancements in technology, you deserve to have your asshole owned by your adversary(ies).

Heck, the UK is still using equipment from 2009 despite it's being proven vulnerable to cryptographic attacks. Using an NSA developed tool, researchers were able to extract keys from the equipment, up to 4096 bits.

With any current VPN technology, IPSEC, SSTP, L2TP, OpenVPN, et al. it is possible (and also extremely reckless and negligent) to configure the product in such a way that renders it utterly insecure. Alternatively, the products can also be configured in such a way as to mitigate all known attacks from the NSA. Again, it all comes down to the competence of the "sysadmin" and whether or not they bothered to follow and keep current with BCP.

Though, in limited cases, a sysadmin can do everything possible to follow BCP; only to be defeated by the NSA through interdiction and modification of hardware. Today, Cisco is using fake addresses to send hardware to clients, in an effort to avoid interdiction by the NSA.

As outlined in the quoted post above, the attacks on PKI released through the NSA leaks require a flawed implementation to be viable. If a "sysadmin" decides to go against best practices and configure their implementation to use weak key files, attacks on the flawed implementation should come as no surprise.

One major method of exploitation is through weak DH primes; which can be avoided entirely by following BCP and/or the use of sound EC cryptographic standards (avoiding back-doored cryptographic standards).

For reference, the following SSL Test was run on a server configured with the goal of following best practices, at the expense of compatibility.



Notice the A+ Grade and lack of any warnings or red flags.

Here are two SSL Tests, both sites tested are extremely popular and are accessed by countless users on a daily basis to handle sensitive information. Due to their popularity, the servers are configured with legacy compatibility in mind. As a consequence of making these sites compatible, you will notice warnings and red flags on both; as a result the security of both sites is degraded when compared against the web server configured with goal of following BCP.





You have yet to present a single shred of evidence that supports the argument that "VPN as mentioned above can be cracked regardless of configuration."; as the likelihood of exploitation depends on whether or not best practices were taken into consideration during PKI implementation (assuming the hardware being configured has not been compromised).

Is the NSA decrypting encrypted communications en masse? Of course, that's their job.

Can the NSA pick and exploit any target? No (assuming the target is up-to-date, current on patches/updates, has not been physically or technologically compromised and was configured following BCP).

To borrow a line,

Quote:

Alan Rockefeller said:
Do you have some kind of amazing secret that you are hiding, or are you just talking out of your ass?




Until objective evidence is presented to support the former, we can only assume the latter.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: h0ldthedoor]
    #23708020 - 10/04/16 08:23 PM (7 years, 3 months ago)

First of, there are many articles/research that allude to that possibility (you have said it yourself)....I guess I would stand down and say "I'm speculating" but with the largest budget in cryptology in the entire world I cannot see how it is unreasonable to think that any targeted VPN can be compromised regardless of hardware or server configuration. Maybe only in a completely perfect setting, but that is not the case on the internet. You are essentially proving myself right I understand what you are saying but there are too many factors to consider to believe that a VPN configuration would be "completely optimal" especially with any large amount of traffic. 


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz] * 1
    #23708969 - 10/05/16 05:58 AM (7 years, 3 months ago)

Quote:

tdubz said:
You are essentially proving myself right I understand what you are saying but there are too many factors to consider to believe that a VPN configuration would be "completely optimal" especially with any large amount of traffic. 




The only thing being proved here, is that you are talking out of your ass.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Jump to top Pages: 1 | 2  [ show all ]

Shop: Bridgetown Botanicals Bridgetown Botanicals   PhytoExtractum Kratom Powder for Sale   North Spore Cultivation Supplies   Unfolding Nature Unfolding Nature: Being in the Implicate Order


Similar ThreadsPosterViewsRepliesLast post
* choosing vpn: buy anonymously with bitcoin or just with my cc? use with tor and general browsing Anonymous 450 12 01/07/15 07:46 PM
by Stonehenge
* SILK ROAD CAN BE TRACED EASY AS FUCK ( PUBLIC DOCUMENTS ON BITCOIN) *DELETED*
( 1 2 all )
Tsukasa 983 23 11/14/12 05:12 AM
by Alan Rockefeller
* TOR Security Advisory - "relay early" traffic confirmation attack unmasks hidden services
( 1 2 all )
Alan RockefellerM 767 29 03/28/15 05:35 PM
by filamentous
* Using TOR correctly Anonymous 531 17 10/07/12 07:46 PM
by Observatory
* How safe is Tor ???
( 1 2 all )
desant 853 20 07/10/14 07:31 PM
by Alan Rockefeller
* tor and vpn Anonymous 273 6 03/26/15 01:01 PM
by filamentous
* TOR and the silk road
( 1 2 3 all )
otaku on shrooms 1,981 40 10/07/12 06:00 PM
by unknown1123
* TOR for long time members? An appeal to admins and mods Abraxis0 501 19 06/26/13 04:15 PM
by Anonymous

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Enlil, Alan Rockefeller
1,718 topic views. 0 members, 1 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.03 seconds spending 0.008 seconds on 15 queries.