Snowden pretty much had <i>root</i> - he had access to more or less everything that wasn't airgapped, including things the NSA wasn't supposed to have direct access to as part of their data-sharing agreements. (Of course, some ECIs presumably <i>are</i> airgapped - but <i>much</i> less than you probably expect these days.)<p>Not everything is being published, however. There are details from GCHQ STRAP3 (location of individual listening sites) but only STRAP2 documents, and all details of personnel and telephone numbers has been redacted by the journalists (perhaps a little too broadly - for example as in the GCHQ "refer requests for disclosure to" telephone number, you could actually Google it! I think they know by now, however <g>). Snowden wanted to end mass surveillance and sabotage of public security products; not reveal their cryptanalytic advantage to targets. It's the journalists who are doing most of the selection, I gather - but they've seen the whole haul, including what is <i>not</i> being published, and the picture is consistent, though (yes) incomplete.<p>My impression has been for some time that their cryptanalytic advantage is not actually vast, but their operational resources truly are. Throwing money at things doesn't magically give you breaks to the DLP - but it totally can buy you computing resources that can break 1024-bit Diffie-Hellman. (It mentions Cavium cores - suggesting large, parallel RSA/DH-optimised multipliers were on their HPC shopping list. They are much faster at 1024-bit than higher.) It can buy you insiders, or let you conduct operations that threaten or coerce insiders, or conduct astroturfing campaigns to frighten people away from encryption you can't break, or further the goals of your agency (which do not necessarily align with the government paying your way - it's not so much "oversight" as "don't get caught doing anything you shouldn't"). You can throw (a lot of) money at military contractors and hope some malware-by-committee comes out that you can use to hack anyone that looks interesting, grab intelligence or keys, or any of the above. And they typically attack from <i>every</i> angle at once.<p>My take on the HPC resources is that they're mostly used as brute force CPU/GPU power for low-entropy situations - anything where passwords are involved may be vulnerable. Email an encrypted DOC, ZIP or RAR file to someone? They're going to at least <i>try</i> it as a matter of course, even <i>en masse</i>, but they're not going to give it much juice unless you're tasked.<p>Money can't give you magic. However you very, very rarely need magic.
One thing to keep in mind.<p>It's inherently dangerous to assume that NSA doesn't pay much of attention to the breaking of fundamental crypto math based on these documents.<p>If they <i>did</i> find a practical weakness in RSA and such, I think it's safe to assume it would be assigned the highest level of secrecy and simply won't be in range of Snowden's document sweep.
Overall I'd like to commend the writer of this document on what has been by far the most neutral writing I've ever seen on this topic. The writer still takes jabs at the NSA here and there (NSA and Tor, for example), but generally the tone is very neutral.
I find the story very telling. The NSA is one of the largest employers of mathematicians, and yet it appears that the NSA has had more success simply by using backdoors.<p>I have to wonder if academic progress (like defeating cryptographic algorithms) can be achieved under a climate of secrecy. Without the free exchange of ideas and knowledge, how much progress can be had?
I wonder why the writer claims the recommendations of the presidential review council have been "largely disregarded". Do we know that's the case?
<i>During the period in question, we know of at least one vulnerability (Heartbleed) that could have been used to extract private keys from software TLS implementations. There are still other, unreported vulnerabilities that could be used today.</i><p>His analysis that there are unreported vulnerabilities in TLS implementations sounds definitive enough to think he knows some of these vulnerabilities.