Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security



Kent Borg wrote:
> Okay, maybe ROT-13 isn't worth much.  But ROT-12, being a bit more
> obscure, starts to be useful.  And something that requires a
> man-in-the-middle attack, is very valuable.

Substitution ciphers fall in near real time to automated frequency 
analysis. The obscurity of the algorithm is irrelevant when there is a 
1:1 correspondence between clear text and cipher text.

Weak encryption can be broken quickly. c.f. any of the DES/3DES cracking 
engines.

Flawed encryption can be broken very quickly. c.f. WEP cracking.

It may not matter how expensive an attack is. The NSA has an effectively 
unlimited budget. Let's compound the issue: what are the most commonly 
used ciphers used for encrypted communications today? Which of these 
were approved by the NSA for purposes other than those requiring secret 
or higher security classifications?

Flawed cryptography is useless. Good cryptography may be useless when 
one of your foes is responsible for approving and endorsing the 
encryption systems you use.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org