From a technical perspective, what are the data collection, analysis, and code-breaking capabilities available to the NSA?<p>What implications does this have on widely used security protocols and methodologies?
I think it'd be better to consider "what can't the NSA do" given their budget and capabilities.<p>Tapping and storing terabits of data is effectively trivial, analysis is the hard part. If they hold useful SSL keys (like Facebook, Google, etc) they'll have a much a much easier time figuring out what people are doing.
Your own secure crypto:<p>Assume everything popular is attacked, assume vast
libraries of primitive and proprietary cryptanalysis routines.<p>Of their thousands of hires with security clearance, the cipher newbies are likely given exercises attacking odds-and-ends with massive (old?) Cray orchards.<p>OTP - is always secure but inadequate for large plaintext. Pad transport is vulnerable.<p>Naive stream ciphers are seductive but weak.<p>Brits, MI5(?) had RSA a decade and a half(?) before RSA.<p>Factorization is RH(`assume Riemann Hypothesis'), perhaps new unpublished vulnerabilities to probable primes?<p>Better amateur practicing crypto analysts than me can likely offer good points here.<p>Wikipedia has terrific crypto intro. eg:<p><a href="http://en.wikipedia.org/wiki/Outline_of_cryptography" rel="nofollow">http://en.wikipedia.org/wiki/Outline_of_cryptography</a><p>and ...<p><a href="http://en.wikipedia.org/wiki/Deniable_encryption" rel="nofollow">http://en.wikipedia.org/wiki/Deniable_encryption</a>