Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 08/05/2013 04:26 PM, Edward Ned Harvey (blu) wrote: > Their budget is not large enough to crack really good crypto (256 bit > with truly random key, and no other way to expose the key). You overstate what it takes. No one has the budget to count on cracking a truly random 256-bit key, not by brute force. 256-bits is a really large space to search. Play with some numbers... My point is that the amount of hardware and electricity and cooperation needed to mount active man-in-the-middle attacks is horribly more expensive than just tapping data that is not encrypted. When their goal is to get a copy of *everything* just tilting the per-capture economics a little, shatters their task. Americans might decide that all this snooping is worth it, that we are scared enough to let it happen. But if a couple of zeros need to be added at the end of the NSA's budget, that becomes an enormous economic burden on the country, and people will complain. Just because a budget is secret doesn't mean there are no economic consequences. So we should use crypto. The best crypto we can find. And if there are flaws, fix them, but even still use the flawed crypto until we can get better, because it throws a horrible monkey wrench in their works. Note: off-line, passive attacks are not so expensive for the NSA, it is active attacks that are so expensive, and that don't scale when trying to listen to everything. -kb
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |