[Discuss] email privacy/security

Kent Borg kentborg at borg.org
Tue Aug 6 08:25:27 EDT 2013


On 08/05/2013 04:26 PM, Edward Ned Harvey (blu) wrote:
> Their budget is not large enough to crack really good crypto (256 bit 
> with truly random key, and no other way to expose the key). 

You overstate what it takes.  No one has the budget to count on cracking 
a truly random 256-bit key, not by brute force.  256-bits is a really 
large space to search.  Play with some numbers...

My point is that the amount of hardware and electricity and cooperation 
needed to mount active man-in-the-middle attacks is horribly more 
expensive than just tapping data that is not encrypted.  When their goal 
is to get a copy of *everything* just tilting the per-capture economics 
a little, shatters their task.

Americans might decide that all this snooping is worth it, that we are 
scared enough to let it happen.  But if a couple of zeros need to be 
added at the end of the NSA's budget, that becomes an enormous economic 
burden on the country, and people will complain.  Just because a budget 
is secret doesn't mean there are no economic consequences.

So we should use crypto.  The best crypto we can find.  And if there are 
flaws, fix them, but even still use the flawed crypto until we can get 
better, because it throws a horrible monkey wrench in their works.

Note: off-line, passive attacks are not so expensive for the NSA, it is 
active attacks that are so expensive, and that don't scale when trying 
to listen to everything.


-kb




More information about the Discuss mailing list