Re: Somebody is keep trying to ssh into my systems, how can I stop that?



left_coast wrote:

responder wrote:

Peter Pearson wrote:

On Fri, 04 Aug 2006 06:01:51 -0400, responder <no@xxxxxxxxxxxx> wrote:

I thought someone told me that NSA had a copyright or a patent on the
algorithms used in RSA. But I might be mistaken. Or it could just be
hearsay. I'm sure I heard or read it several times. I do remember
the last person who mentioned it to me, but it still might not be
true. Could you possibly confirm or deny that, authoritatively?

The RSA patent (4,405,829, issued 1977.12.14) expired a couple years
ago, and never belonged to NSA.

I also thought that I had read that the US government had demanded and
received assurances that they would have "backdoors" or "trapdoors",
whatever the right term might be, to all cryptology or cryptography
available in the US. Do you have any information on that to share
with us all about that all, please?

The US government has no way to enforce a "backdoor" requirement on
open-source software like GPG and OpenSSL. Anybody in the US can
download the source from any site in the world, scrutinize it for
backdoors, publicize them, remove them, and recompile.

Before the message gets too old, I wanted to say thanks for the kind and
reassuring message. I am still reading background, etc. I do trust
open-source for the reasons stated. There are still security updates
coming for much open-source software, semi-regularly.

You are giving (almost all of us) too much credit if expected to do
these things and also have the mathematical expertise to scrutinize a
cryptographic algorithm and it's implementation. But thanks and a tip
of the hat for the positive assumptions. I truly hope and wish that you
are always and always right about this particular case.

Understand that the security of RSA encryption lies in the relative
difficulty of factoring large numbers into primes. Key is the word
"relative". In our current environment, I see no reason to doubt that
NSA would spend Billions of (public taxpayer) $ for adequate computing
power to factor the numbers of the beasts that they see, and within
short time frames.

Once the numbers are factored, the gained power is only exercised via
MITM.

Thanks again and best wishes.


Wow, how long did it take you to come up with that? To tell you the truth,
NSA would have lots of easier ways to get what they want. Hell, what they
would pay to break any key I have, they could have my computer and all the
passwords, just give me the money instead! I'm not worried that this is
any legitimate method of attack of my system.

Wow, took you less than 10 minutes to pick up my message and dash off a
typically vitriolic and vacuous message. (And there is even already
another one from you , too !!! ) If NSA thought you anything other than a
mindless troll, they would simply grab you and send you off to some secret
gulag in Romania or some such without telling anyone. ... No questions
asked, or answered. I'm guessing they don't much care what you say. ...
Joining the crowd. ...

If they take what you have, they will never pay you any money. Their
purposes and methods and results are all funded by US public taxpayer
funds and have nothing to do do with you any more than any other citizen.
If they want it, they will take it and never acknowledge what they have
taken or what use they or others have made of it.

Notice taken that you didn't really substantively address what I wrote.
But that's OK because it was a message of appreciation to the previous
writer, who you are not.
.



Relevant Pages

  • Risks Digest 27.66
    ... Secret contract tied NSA and RSA ... Data brokers won't even tell the government how it uses, ... RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis ... according to a report by security researchers. ...
    (comp.risks)
  • RSA Computer Security Firm Accepts $10 Million & Gives NSA Backdoor Access
    ... RSA, a leader in encryption software used throughout the technology ... industry, has been accused of having accepted $10 million from the ... formula for generating random numbers developed by the NSA. ...
    (alt.privacy)
  • Re: NSA & RSA
    ... RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness. ... "They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption. ... By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers. ...
    (sci.electronics.design)
  • Re: How to verify a SignedData with Crypto++
    ... When I said CAPICOM does not support some of the algorithms, ... My problem is that I can't get the Crypto++ to verify the signature ... signature (RSA) using the public key and get the digest. ...
    (sci.crypt)
  • Re: newbie Qs about RSA, OAEP
    ... > I've found articles covering the maths behind these algorithms, ... > Are there recommended minimum/maximum lengths for RSA keys? ... don't want to use "mode of the week to fill out PKCS documents" you should ... still use some sort of random padding. ...
    (sci.crypt)