 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Jerry Feldman wrote: > The main issue is that assuming you encrypt all your outgoing emails, > and most of your respondents encrypt email to you if someone with enough > compute power wanted to decrypt your emails they can do it. And, I previously suggested that the NSA has intentionally and secretly weakened encryption standards. Two days ago, the New York Times published an article from the Snowden files that indicate precisely this kind of weakening in the FIPS Dual_EC_DRBG standard. If this is the case then supposedly random keys -- both permanent and session -- generated with this algorithm are in fact deterministic. The Times article suggests that the NSA could recover such keys in trivial time from as little as 32 bytes of encrypted data. Previous Times and Guardian articles indicate that the NSA has planted similar back doors in other algorithms and in end-to-end encryption hardware such as VPN servers and SSL/TLS accelerators. It's no longer a matter of having sufficient resources to break encrypted messages. It's a matter of having sufficient resources or sufficient luck to identify and exploit the back doors that the NSA has secreted in FIPS standards and possibly other standards. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
