[Discuss] email privacy/security
Kent Borg
kentborg at borg.org
Tue Aug 6 11:06:45 EDT 2013
On 08/06/2013 10:48 AM, Edward Ned Harvey (blu) wrote:
> I didn't overstate anything. Your statement agrees with mine.
Sorry.
My point is that the crypto doesn't have to be as good as 256-bits to
cause them very real headaches. And if it *is* as good as 256-bits it
is no longer a question of whether their budget is big enough, it is
whether the universe is big enough. It doesn't matter whether they have
a lot of 256-bit traffic or a single message, it is thought to be
impossible to be brute forced. The numbers are just too big.
Lessor crypto, however, might be very breakable--when they care about
specific and limited targets--but impossible for them to handle in
snoop-everything bulk.
They operating on a horrific scale here, snooping everything they can.
This requires efficiencies. And, this then makes them vulnerable to
speed bumps, anything that doesn't scale cheaply.
Good crypto stops them*. (That's good.) Bad crypto can** still stop
them, at least from their read-everything strategy.
-kb
* Stops them from reading the message. Traffic analysis and attacking
endpoints is still a very rich avenue for the spies.
** Assuming vulnerabilities require active measures while the traffic is
happening, not passive, automatible, cheap, off-line analysis.
More information about the Discuss
mailing list