Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Privacy Security

NSA Infiltrated RSA Deeper Than Imagined 168

Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."
This discussion has been archived. No new comments can be posted.

NSA Infiltrated RSA Deeper Than Imagined

Comments Filter:
  • The only question is WHY DO THEY GO ON RECORD with the bullshit denials?

    • It is a calculated risk, and maybe out of habit.

    • by interkin3tic ( 1469267 ) on Monday March 31, 2014 @11:39AM (#46622571)
      I'm guessing it's because they honestly believe what they are doing is necessary to keep America safe. To the point that they think lying to the people who are supposed to be overseeing them is necessary for the greater good.

      Which is terrifying. Give me all the cynical, greedy, lying, corrupt asshole politicians you want. Just please, don't put zealots in power.
      • by fuzzyfuzzyfungus ( 1223518 ) on Monday March 31, 2014 @12:06PM (#46622845) Journal
        Anyone who falls into that belief might as well be written off and put up against the wall, second in line to the people who believe that their own possession of arbitrary power is the only way to ensure the nation's safety. They can go first.
        • Anyone who falls into that belief might as well be written off and put up against the wall.

          This would result in a dramatic reduction of the population of the USA. I have never seen a country as full of *braindead patriots as the USA.

          *Not implying patriotism is stupid, just that a disproportionate number of patriots in the USA are actually braindead.

      • And when their culture of lies and secrecy was started, in WWII when we'd secretly broken our enemies codes, it might have even been true.

      • by Rinikusu ( 28164 )

        Probably also because they had a vew "backroom" visits by the NSA who explained quite clearly that revealing or admitting to this sort of behavior will quickly get them thrown into a federal PMITA prison instead of a cushy white-collar prison. How many "hackers" have been "accidentally" put into a "real" prison who end up getting beaten nearly to death and viciously raped because they pissed off a particularly vindictive DA? (I can remember at least one. And there only needs to be one...)

      • I'm guessing it's because they honestly believe what they are doing is necessary to keep America safe.

        This is like the banks and sub-prime lenders "honestly believing" that house prices would go up forever and money would always be cheap.

        Read my lips: Everyone involved knew exactly what was going on.

        Everyone inside the NSA with so much as a high school Diploma, when encountering even a low level program, knew that it was fundamentally wrong, probably illegal, and corrosive to the civic society. You don't even need to know what civic society is to know that tapping and permanently recording all calls in the US is both dangerous and wrong.

        The on the record denials are effectively the NSA aping of the likes of John Corzine's claims of "We have no idea where the money is", despite being the man who took it right out of customers accounts. I dwell on the financial crisis because the breakdown in the rule of law, propriety, common sense, and all morality there is a mirror image and ultimately a fore-runner of the excesses and lies we now see in the NSA.

        All that Keeping America Safe is BS. This is all about budgets, contracts, staffing levels, prestige and power seeking on the part of an entire city block of executives, officers, and IT workers throughout the NSA. The purpose of the NSA is to procure BMWs and range rovers for its management, and for favored private contractors and sub-contractors. That is why the price of a incorporated city is being spent on all these ludicrously overblown surveillance programs.

        Forget the lies. Follow the money. Men will do anything, say anything, to anyone to keep such a gravy train flowing.

    • by mbkennel ( 97636 )
      | The only question is WHY DO THEY GO ON RECORD with the bullshit denials?

      Because they'd be put in federal prison---no parole system, extremely long sentences---if they don't. This is not an exaggeration, they were obviously forced to agree to certain national security requirements, and this is what they mean.

      The USA is slightly kinder than the equivalent in China or Russia (and there's no doubt they do just as much, but no defectors)---you'd get a multiple-gunshot suicide and polonium in your tea.
    • by AHuxley ( 892839 )
      Re: WHY DO THEY GO ON RECORD
      If you make a fuss you join
      "Only One Big Telecom CEO Refused To Give The NSA The Access It Wanted... And He's Been In Jail For 4 Years"
      http://www.businessinsider.com... [businessinsider.com]
      Former CEO Says U.S. Punished Phone Firm
      http://www.washingtonpost.com/... [washingtonpost.com]
      NSA Domestic Surveillance Began 7 Months Before 9/11, Convicted Qwest CEO Claims
      http://www.wired.com/2007/10/n... [wired.com]
  • Sales plummeted (Score:5, Interesting)

    by spacepimp ( 664856 ) on Monday March 31, 2014 @11:32AM (#46622495)

    I can only hope that this sort of bullshit maneuver by RSA reflects both globally and in the USA with respect to sales. Name one Government willing to buy this equipment any longer? 10 M compared to what they're going to lose now is nothing.

    • Re:Sales plummeted (Score:5, Insightful)

      by Anonymous Coward on Monday March 31, 2014 @11:36AM (#46622547)

      I can't imagine why anybody anywhere would ever invest in proprietary crypto software.
      The risk is too great to just take your vendor's word.

      • Re: (Score:3, Insightful)

        by NatasRevol ( 731260 )

        So your solution is what? Build your own crypto software?

        Should every company and person wanting to have encrypted communications do this too?

        Do you trust your compiler? Or your hardware?

        • Re: (Score:2, Informative)

          by Anonymous Coward

          So your solution is what? Build your own crypto software?

          Use open source implementations of the established standard algorithms, with many eyes on them.

          Should every company and person wanting to have encrypted communications do this too?

          Yes. Proprietary software should have zero market share in this area. It's too important.

          Do you trust your compiler? Or your hardware?

          Yes, I do, but you don't have to.
          If you're very very paranoid, use the "countering trusting trust" techniques.

      • Re:Sales plummeted (Score:4, Interesting)

        by ron_ivi ( 607351 ) <sdotno@NOSpAM.cheapcomplexdevices.com> on Monday March 31, 2014 @03:59PM (#46625347)

        why anybody anywhere would ever invest in proprietary crypto software.

        People forced by their customers to buy off of this list (i.e. people who sell to the federal government):

        http://csrc.nist.gov/groups/ST... [nist.gov]

        Sure there are a couple F/OSS groups that paid the pretty significant cost to get a certificate. But not that many, especially when it comes to networking products.

    • The problem is, given their resources and drive to spy, I doubt there's an alternative that hasn't been targeted by them.

  • by wjcofkc ( 964165 ) on Monday March 31, 2014 @11:48AM (#46622659)
    I can't help but wonder...

    When the acts of the NSA first came to light as we now know them, there was outrage not just from the tech sector, but from the general population as well. As these stories continue coming at a steady and regular pace, I still see outrage over the infringement of our rights - and the understanding of the general slippery slope creepiness of it - from those technically inclined. But less and less are the major outlets making a fuss, and even when the general population catches wind of each new story it is increasingly met with a sarcastic, "Gee, didn't see that coming." and a shrug of the shoulders. Is the possibility of a tipping point in favor of our rights being eliminated be the increasing apathy of the greater people toward these issues? I suspect we are on the losing side. I suspect that as the stories come out, and people in general not only become desensitized - but worse, it becomes the norm. In becoming the norm it will balloon to scales and scopes unimaginable. I feel we will reach a point where the majority of people will have forgotten that it was ever any other way. Even as it continues to get worse, they will continue to forget.
    • It is unfortunate that the popular media does what it does these days and ignores "boring" news in their chase to find the next hot story. Still, this is an election year and the Snowden revelations will likely come back to the foreground as candidates pander for votes, especially with the GOP fractured, having no real consensus on how to sell themselves.

      • They know how to sell themselves ... it involves large bags of unmarked currency and plausible deniability.
    • by TheCarp ( 96830 )

      "...Depression, strife, riots, murder, all this dread. We're irresistibly drawn to that almost orgiastic state created out of death and destruction. It's in all of us. We revel in it. Sure, the media tries to put a sad face on these things, painting them up as great human tragedies. But we all know the function of the media has never been to eliminate the evils of the world, no. Their job is to persuade us to accept those evils and get used to living with them. The powers that be want us to be passive obser

    • by neiras ( 723124 ) on Monday March 31, 2014 @12:04PM (#46622823)

      Government organizations like the NSA are playing a long game. If one generation is desensitized, the next will be uncaring as long as basic needs and a sense of freedom are preserved.

      They are winning, and even if we form long-lived organizations to fight them on their terms they will undermine until those organizations are publicly ridiculed and useless. Individuals who speak up will be tarred as "activists", "protestors", and later "traitors". They have the upper hand and there's no way to get it back without an actual war, which no one wants.

      They are winning.

      This began a long time ago. In two generations they will have won.

      • by ewieling ( 90662 )
        The only way to win is to not play the game. Unfortunately most people won't stop playing the game. They won't stop using the internet and won't stop using credit/debit cards. I am slowly weaning myself off the internet. At this point I use the internet around 90% less than before the Snowden revelations. I can't seem to give up that last 10% (which includes).
      • by wjcofkc ( 964165 )
        I agree. I wonder, yet also dare not wonder, what will become of those of us (a lot of people here) who will never be able to stop seeing the forest through the trees. Complacency from fear? Revolutionaries? Found out by technology that can spot us and executed? Perhaps all three where option two may be impossible.
      • The pendulum swings both directions. I recommend thinking bigger.

      • They're winning too. My family doesn't fly anywhere. We don't have passports. We don't visit places like Hawaii, Disneyland, Mexico, etc... All the places that other people take their families to for vacations... We only visit places in Canada (where we live) because there's plenty to see and do here without leaving the country... We've told our son why we've made this conscious decision... But our friends believe we're being unnecessarily cruel and inhumane by denying our son the experience of going to

      • This seems to be the attitude of the Roman government for a couple hundred years before the complete collapse of their nation. Then they started thinking that little things like the basic needs of the majority didn't really matter so much, and there was a revolution. America has gotten there a lot faster than Rome did. Maybe they will get to the next couple steps faster, too.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      You could write a series of books on why this occurs but in a nutshell it comes down to this:

      What are you (we) going to do about it?

      Sure "we" could all get together an elect people to "fix" things. That will never happen. Your special interest isn't the most important thing to everyone and most people vote based on a few select issues. Making sure this issue is everyone's core issue is impossible. Gay rights, women rights, abortion, religion, gun rights, taxes, welfare, etc are generally more important t

      • You should decide on the solution then agitate for it. For example, one might say Proportional Representation is a solution, as it permits for a broader spectrum of parties/mandates/issues to be represented. (This is my opinion having voted in UK for ~ 4 elections).
    • The idea of Greenwald was to trickle the stories out so they last years and he can get the most attention for his career. That started with 3-6 months of lies, where poorly written and misleading training PDFs were paraded out before they even started to trickle the documents talking about actual programs. Of course that reduced the effectiveness of the leaks to inform the public. That is a no-brainer.

      It won't "become" the norm, it is the norm, and it already was the norm.

      Many of us who are "on the left" we

      • by Jiro ( 131519 ) on Monday March 31, 2014 @12:57PM (#46623393)

        Reeasing things in dribs and drabs has benefits, though. It probably keeps the public's interest more than releasing the whole thing as a lump; even if public interest is down because of exhaustion, it's probably not as far down as it would be if nothing had been released in a year.

        The other reason is that it makes it harder for the government to lie. If you release a document, the government can't lie and deny it because they don't know that maybe tomorrow you'll release a document that could expose the lie. If you release the whole thing in a lump, they could just carefully tailor the lie to match the existing releases.

        • If public interest is down by the time the real programs get talked about, that is a recipe for people NOT ever knowing even what is going on. If you measure "public interest" by newspapers sold, sure it sells more papers. But if instead you were to take polls of how well the public understands what is happening, then no. Telling people the truth during the initial period of interest is what would do that.

          If people are already "exhausted" with the subject by the time the truth even comes out, they not only

    • I think Glenn Greenwald sees benefit to the approach of piecemeal releasing the Snowden files . Sensitizing rather than desensitizing.

    • by AHuxley ( 892839 )
      That was the long issue of tension between the NSA and GCHQ. The UK wanted it all kept very much out anything public: no books, no news, no helping sealed courts and no scientific review.
      The NSA seems to have more of a story to share to ensure standing and funding in the USA - they needed winning press to out flank other aspects of the US mil and gov getting material to political leaders.
      The UK saw great harm in hinting at a global domestic and international surveillance networks - i.e. seamless track
  • by mrflash818 ( 226638 ) on Monday March 31, 2014 @11:53AM (#46622711) Homepage Journal

    So those that know how, can test and verify open-source alternatives are cryptographically secure, not back-doored, and safe for people to use.

    • by cryptizard ( 2629853 ) on Monday March 31, 2014 @12:19PM (#46622951)
      Open-source doesn't help for shit in this situation. Dual_EC_DRBG was an open standard, all the details were public. The problem is that, with cryptographic algorithms, only a handful of people in the entire world are qualified to say whether something might or might not be secure. And even if there is a problem, it might go for years without being found.
      • by jandrese ( 485 ) <kensama@vt.edu> on Monday March 31, 2014 @03:34PM (#46625075) Homepage Journal
        For what it is worth, people who know the math thought Dual_EC_DRGB smelled funny from the first time it was announced, although it was impossible to prove if it was actually compromised or not. Combined with the fact that it's much slower than its competitors (and low speed is not a virtue in a RNG like it is in a crypto alg) and you have something that was only used by people who were explicitly told to use it.
        • low speed is not a virtue in a RNG like it is in a crypto alg

          FYI, low speed isn't a virtue in a crypto algorithm, either. This is true whether by "crypto algorithm" you mean "cipher" or "secure hash". Really, the only context in which poor performance is a virtue is password hashing, and you can always make a slow hash out of a fast one by iterating it.

    • So those that know how, can test and verify open-source alternatives are cryptographically secure, not back-doored, and safe for people to use.

      Simple question. Since I don't know or trust any of those people doing the evaluation of the open source alternatives, exactly how do you propose I trust that they are not back-doored as well? It's not a trivial question. I am not a software developer nor am I a cryptography expert. No one I know fits both categories either. Open source stuff could be absolutely riddled with holes and I'd have really no way to know. Even if numerous parties declare it safe, how can I be certain the compiled copy hasn'

  • Times have changed (Score:5, Insightful)

    by PvtVoid ( 1252388 ) on Monday March 31, 2014 @11:57AM (#46622757)
    Remember when the NSA was secretly changing widely-used crypto algortithms to make them stronger? I'm thinking of the DES sbox and differential cryptanalysis [wikipedia.org].

    One thing's for sure, RSA is toast. They can issue all the denials they want. Nobody's ever going to trust them again.
    • by thue ( 121682 )

      Meh - NSA at the same time asked them to use a too short key length. And it was an open secret for a long time that NSA could brute-force it. https://en.wikipedia.org/wiki/... [wikipedia.org]

    • I think this is the basis of Snowden's disagreement with the NSA -- the NSA could have taken a defensive mode and worked to make the country and its people more secure but it instead took an offensive mode and made crypto-weaker and found software bugs and used them to break in rather than working to have them fixed. The long term effect if this choice is a less secure country and a country with a shit reputation.

    • One thing's for sure, RSA is toast.

      Toast implies a nice, controlled browning. RSA? Burn it with fire.

  • by burni2 ( 1643061 ) on Monday March 31, 2014 @12:12PM (#46622877)

    I think Mozilla needs to be cleaned of moles and it seems "Eric Rescorla" is one of them, and look where he is active:

    https://tools.ietf.org/html/dr... [ietf.org]

    -- snip from reuters story -- .. Information Assurance Directorate, and an outside expert named Eric Rescorla.

    Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
    -- snip --

  • by bazmail ( 764941 ) on Monday March 31, 2014 @12:26PM (#46623005)
    RSA are little more than a government puppet. If you are serious about security, avoid their products.

    "RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months ."

    lol. Wonder what new broke ~6 months ago.
  • by TechyImmigrant ( 175943 ) on Monday March 31, 2014 @12:35PM (#46623097) Homepage Journal

    I think people are being blinded a bit by the dual_EC_DRBG issue. It makes people think the other 3 DRBG algorithms in SP800-90A are OK.

    However if your system implements FIPS140-2 compliance, there's another hole which affects all RNGs within the FIPS boundary. Please read section 4.9.2 of FIPS140-2. You will see this. I call it the FIPS entropy destroyer...

    "1. If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated
    after power-up, initialization, or reset shall not be used, but shall be saved for comparison with
    the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be
    compared with the previously generated block. The test shall fail if any two compared n-bit
    blocks are equal. "

    This will eliminate all adjacent pairs, which would otherwise appear with a frequency dictated by the binomial distribution derived from the bit width of the output and for a 16 bit source, is trivially distinguishable from random with less that 1MByte of output data.

    For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

    • by thue ( 121682 )

      I agree that the output is not random by the standard definition. And obviously a bad RNG.

      But making a practical attack based on that seems unlikely to me.

      > For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

      Wait what - you designed Intel's RdRand hardware RNG?

      So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P

      • by TechyImmigrant ( 175943 ) on Monday March 31, 2014 @01:36PM (#46623795) Homepage Journal

        >But making a practical attack based on that seems unlikely to me.

        Q: If you have a 128 bit 'full entropy' key K[127:0] , how much is the entropy reduce if K[(n*16)+15:(n*16)] K[((n+1)*16)+15:((n+1)*16)] for n in {0..7} ?
        A: A lot.

        I.E. It reduces the brute force search space by a lot.

      • >Wait what - you designed Intel's RdRand hardware RNG?
        Me and many others. I was the primary designer of the crypto processing hardware which intersects with these specs. My public comments on the specs are here [nist.gov].

        >So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P
        No. I say that as a personal statement. I don't speak for my employer in public forums.

        I'm in it to improve security of users from all comers. Good RNGs are a prerequisite for good security and in my design

        • Me and many others. I was the primary designer of the crypto processing hardware which intersects with these specs. My public comments on the specs are here .

          And how do you know the NSA's influence didn't simply steamroll over all your professional objections and put the flawed standard in the chips anyway? The NSA has social as well as technological backdoors.

          • >And how do you know the NSA's influence didn't simply steamroll over all your professional objections and put the flawed standard in the chips anyway? The NSA has social as well as technological backdoors.

            There are publicly published and peer reviewed mathematical proofs that the extraction algorithm (AES-CBC-MAC) and the PRNG algorithm (AES-CTR-DRBG) are secure outside of the NIST specs.

            I have also done things to work around all the questionable aspects of the SP800-90 spec. E.G. Massive over reseedin

      • Perhaps I will phrase the question in a more helpful manner.

        Let's take it as read that you are indeed a (possibly former) Intel employee who worked on RDRAND. Given the black box nature of the RNG and the fact that some time ago someone posted anonymously to Slashdot claiming that a small number of chips were jinxed so that RDRAND was predictable, do you know of a good way to rebuild confidence in the integrity of a particular chips RNG?

        More generally, do you have any interesting thoughts on the topic of b

        • >Let's take it as read that you are indeed a (possibly former) Intel employee who worked on RDRAND.
          You may, but I should really stick to bitching about the spec rather than things concerning my employer.

          I'm working on persuading NIST and X9.82 to write the specs such that a conformant implementation could expose internal state (like the raw entropy) without violating FIPS140-2 which has all sort of restrictions on that sort of thing. This also has to be done right so that it would make sense in a CPU. Th

          • While it's entirely possible to create trustworthy hardware, I don't know how it's possible to convey the trustworthiness. What you can do, which is probably as good as can be done, is to create things such that individually subverted instances of the hardware could be trivially distinguished from the standard issue hardware.

            Yes. I think you have nailed it, right on the head.

    • The 16 is just a lower limit. Almost every cryptographic RNG has a block size much, much larger so it's no big deal. Many applications rely on the fact that you will not get two blocks from an RNG that are the same so it seems like a good test to me.
      • >The 16 is just a lower limit. Almost every cryptographic RNG has a block size much, much larger so it's no big deal.

        But it asks for the test to be made at the output. The block size might be 128 or 256 bits, but the output is often less. E.G. RdRand has a block size of 16, 32 or 64 bits. So if you built a FIPS140-2 compliant software stack and didn't want to fight with the certification house and so implemented 4.9.2, it would fail easily at 16 bits and fairly easily at 32 bits.

        • But it asks for the test to be made at the output.

          No, the text you quoted asks for the test to be made at n-bit block generation, not output. And I'd say for n greater than, say, 40, any incidence of consecutive identical blocks indicates, with very high probability, that the RNG is broken. I do think the clause is odd, though, and can't think of any good reason to have it in there.

          • The 'block generation' term is not very well defined in SP800-90A, B, C or FIPS140-2. It could be interpreted as the output size of the drbg at the SP800-90 boundary or an internal service boundary or the FIPS140 boundary.

            Either way, FIPS 4.9.2 introduced algorithmic invariants that reduces the entropy. Depending on the model you choose, it could increase episilon in the full entropy source definition in SP800-90 to above 1 in 2^64, thus breaking SP800-90.

            I submitted comments to NIST telling them to fix it.

    • I dunno. I agree it reduces entropy by eliminating adjacent pairs, but the frequency of sequential 16+ bit random numbers being identical is 1/65536. 0.0015% or less. You're losing just a tiny bit of entropy.

      OTOH if the RNG breaks for whatever reason and keeps returning the same value, then throwing away identical sequential results would prevent the broken values from passing into the algorithm. It sounds to me more like this is a safeguard against the RNG crapping out, or attack vectors where the R
      • >OTOH if the RNG breaks for whatever reason and keeps returning the same value, then throwing away identical sequential results would prevent the broken values from passing into the algorithm.

        Yes, but SP800-90 has proper tests for addressing a crapped out RNG. FIPS140-2 (the enclosing spec) is no place to add ad-hoc tests that reduce the entropy of the output.

  • by real gumby ( 11516 ) on Monday March 31, 2014 @12:36PM (#46623109)

    EMC paid $2.6B for RSA. Could they sue the NSA for destroying the value of their property? What would be just compensation?

    • by sjames ( 1099 )

      No. RSA willingly prostituted itself.

      • I might be naive in believing that this second "extended random' was covert, rather than the EC weakening that the NSA bought.

        • by sjames ( 1099 )

          I suspect it was paid for. Notably, like the dual elliptic curve, RSA was one of the very few who adopted extended random. meanwhile, because RSA already took NSA money to incorporate a deliberately weakened standard, they were uniquely aware of NSA's program to weaken commercial crypto.

          Given how incredibly stupid and naive they would have to be (neither being a good quality in the security and crypto world) to have fallen for a covert weakening at that point (when nobody else did), assuming they prostitute

    • by arth1 ( 260657 )

      EMC paid $2.6B for RSA. Could they sue the NSA for destroying the value of their property?

      Two words: Sovereign Immnunity [wikipedia.org].
      In short, the NSA being an arm of of the government cannot be sued unless it consents to being sued.

      • EMC paid $2.6B for RSA. Could they sue the NSA for destroying the value of their property?

        Two words: Sovereign Immnunity [wikipedia.org].

        Well, the fifth amendment to the US constitution ends with

        nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

        Seems like a clear case of "private property being taken for public use." Possibly even "deprived of property".

    • Re:Could EMC sue? (Score:4, Interesting)

      by whoever57 ( 658626 ) on Monday March 31, 2014 @06:37PM (#46626689) Journal

      EMC paid $2.6B for RSA. Could they sue the NSA for destroying the value of their property?

      No, because the PHBs at EMC/RSA already accepted payment from the NSA. Someone should be fired over the fact that a $2.6B investment was hugely devalued for a payment of only $10M.

  • I think you fail to understand how deep the rabbit hole goes, Neo.

  • I can't imagine anything deeper than "balls deep" as i originally assumed the NSA was into RSA. This leaves me dumbfounded I have written the NSA and asked for schematics on how they managed to get past balls deep, how much further they went, and did they get a whole leg in? did they get past the hips? was there a a device similar to the jaws of life employed in the process?

Keep up the good work! But please don't ask me to help.

Working...