Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security



Kent Borg wrote:
> Lessor crypto, however, might be very breakable--when they care about
> specific and limited targets--but impossible for them to handle in
> snoop-everything bulk.

I believe that this is not true. If I'm right, if the NSA has 
compromised most of the public CAs (if not all of them), then what you 
describe as impossible is only slightly more difficult for them than 
snooping on unencrypted traffic.

I believe that the NSA can break 3DES in near real time and AES in 
substantially less than polynomial time. If I'm right about this then 
the NSA has more than enough resources to devote to cracking "private" 
SSL and SSH communications that aren't exposed through public CA 
compromises.

And even if these fail through there are still the CRIME and BREACH 
attacks against SSL. These require massive quantities of known 
plain-text "phrases". The NSA probably has the largest amalgamation of 
such phrases in the world, and it has the computing capacity to exploit 
that data.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org