Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security

On 08/06/2013 10:48 AM, Edward Ned Harvey (blu) wrote:
> I didn't overstate anything. Your statement agrees with mine. 


My point is that the crypto doesn't have to be as good as 256-bits to 
cause them very real headaches.  And if it *is* as good as 256-bits it 
is no longer a question of whether their budget is big enough, it is 
whether the universe is big enough.  It doesn't matter whether they have 
a lot of 256-bit traffic or a single message, it is thought to be 
impossible to be brute forced.  The numbers are just too big.

Lessor crypto, however, might be very breakable--when they care about 
specific and limited targets--but impossible for them to handle in 
snoop-everything bulk.

They operating on a horrific scale here, snooping everything they can.  
This requires efficiencies.  And, this then makes them vulnerable to 
speed bumps, anything that doesn't scale cheaply.

Good crypto stops them*.  (That's good.)  Bad crypto can** still stop 
them, at least from their read-everything strategy.


* Stops them from reading the message.  Traffic analysis and attacking 
endpoints is still a very rich avenue for the spies.

** Assuming vulnerabilities require active measures while the traffic is 
happening, not passive, automatible, cheap, off-line analysis.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /