Hi, I am Rafay Baloch, a security researcher, author and a public speaker.

Encryption In Times Of Espionage


Everyone knows that encryption is essential in modern times, among the main aims and objectives of this method are some functions such as protecting the financial networks that interconnect the banks in the world, does not allow mobile phone calls are heard, keep records of documents confidential, safe keeping sensitive information from military officers, doctors, lawyers and protect credit card and financial transactions.


Encryption algorithms also depend called "trapdoor functions", pieces of mathematics that are theoretically easy to perform encryption in one direction, but very difficult to reverse. A common method is based on the assumed difficulty of finding the prime factors of large numbers, but many security researchers were touting new codes based on a different and innovative math involving elliptic curves, but what if some entity or someone with great skill and can pick these constants so as to make the codes vulnerable to decoding result, this could be a global threat.


Most encryption systems utilize generating pseudo-random numbers as part of a complex mathematical codes in the creation of virtually unbreakable sequences were generated numbers can be predicted, this would make the code was broken attacked given power sufficient processing and a certain amount of time.
According to documents revealed by Edward Snowden (systems administrator fugitive from NSA who now lives in Russia and was considered a spy) the National Security Agency is three steps ahead in secret cyber war, using his favor supercomputers, techniques evolved and hitherto unknown to crack encrypted data, court orders, persuasion and agreement with major companies, to corrupt the main tools that protect the privacy of Internet communications usual.


Supposedly the NSA can break the codes that allow for private communication over the internet and also sabotage them. The strategy includes undermine the supposed official standards bodies and major IT companies bribe. The goal would be to insert  "backdoors" , The New York Times cites a document  "GCHQ" which says that the NSA has large amounts of encrypted data that used to be discarded and are now exploitable , and that was an aggressive effort toward breaking technologies encryption considered safe.

The recent leak suggests that not only was spying from foreign adversaries , but also commercial rivals of American businesses , something that other foreign companies and governments are worrying for years , there are those who are suspicious of Mr. Snowden and his allies , and contest the references taken from the leaked documents , and defend the role of the NSA , on the other hand can now put protectionist as privacy advocates and national dignity , German politicians have asked that people avoid American web companies if they want to keep their data insurance, the Indian government is considering a ban on the use of Google's Gmail service to send official communications and technology companies in places like Russia and Switzerland has seen a considerable increase in inquiries from companies seeking a haven for their data order to keep them protected.


The largest technology companies , with its global horizons spread around the world , have more to lose (reputation) , including Facebook , Microsoft , Google and Yahoo , may be requested through actions by the Court of the Foreign Intelligence Surveillance America that is requested permission to reveal more detailed information on the types of orders and requests they receive from U.S. government agencies , an information document "Bullrun" says the NSA had developed innovative capabilities against encrypted Web chats and phone calls and also performed successfully attack techniques against Secure Sockets Layer (SSL) and virtual private networks (VPN).

At this present time where we are vulnerable as rabbits return to the wolf pack, there is ways to get around this use tools that employ open-source and the best strategies , in the case of open source encryption the advantage is that the algorithm can be examined freely to potential security vulnerabilities that can arise throughout the tests.


Workarounds and useful tools:

GPG an open-source implementation of the OpenPGP protocol used to encrypt e-mail communications.
TrueCrypt (encryption on-the -fly OTFE) to confidential files , folders and entire drives on your PC , encryption, it can create a virtual encrypted disk or encrypt a partition , individual algorithms supported by TrueCrypt are AES , Serpent and Twofish, additionally , five different combinations of cascaded algorithms are available : AES - Twofish , AES - Twofish - Serpent , Serpent - AES , Serpent - Twofish - AES and Twofish - Serpent . Uses RIPEMD - 160, SHA - 512 and Whirlpool as hashing functions .

TAILS, a Linux distribution built for safety and anonymity, comes with numerous tools privacy and encryption, which lets you surf the web (mostly) in an almost anonymous .

Messages off- the-record, or OTR , an encryption protocol to encrypt and authenticate communications and instant messaging also use others as TLS and IPsec ,remember also apply to other software such as Silent Circle and BleachBit .


Regarding PRIVACY is important to know how to control the availability and exposure of your data , the AES algorithm was proposed to replace DES, NIST ("National Institute of Standards and Technology U.S.") held a competition (The selection process began in 1997 and ended in 2000 with the victory of the Rijndael algorithm written by Joan Daemen and Vincent Rijmen) for it to be made an algorithm that would be called "Advanced Encryption Standard " that meets the following specifications: algorithm publicly defined;

Being a symmetric cipher block; Designed for the key size can be increased; Deployable in both hardware and software; Powered freely, this algorithm Encrypt and Decrypt using an encrypted key and blocks, both sizes of 128,192 or 256 bits.

Concluding , I will address the most advanced technique for encryption , we got the "One Time Pad" (OTP) or "Vernam Cypher" single key cipher is an encryption algorithm where the plaintext is combined with a random key or " pad " that is as large as the plaintext and used only once , if the key is truly random , never reused , and kept secret , the one- time pad is unbreakable!

About the Author, RAFAEL FONTES SOUZA.

Over the years, acquiring knowledge of Webmaster Programmer (HTML5,CSS,XML,ActionScript), developer in languages like Python, Shell Script, Perl, Pascal, Ruby, Object Pascal, C and Java. I started studying with thirteen (SQL database), i have extensive experience in operating systems such as Linux, UNIX, and Windows.  I am maintainer of the “Project Backtrack Team Brazilian”, I am also a member of the "French Backtrack Team" and made partnerships with groups from Indonesia and Algeria, was prepared a collection of video lessons and made available on the website.

I am Founder of the "Wikileaks and Intelligence, Cypherpunks". Good communication in groups and the general public, attended college projects with a focus on business organization, I currently seek work experience outside of brazil”.


Contact: [email protected]
© 2023 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.