 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Kent Borg wrote: > Lessor crypto, however, might be very breakable--when they care about > specific and limited targets--but impossible for them to handle in > snoop-everything bulk. I believe that this is not true. If I'm right, if the NSA has compromised most of the public CAs (if not all of them), then what you describe as impossible is only slightly more difficult for them than snooping on unencrypted traffic. I believe that the NSA can break 3DES in near real time and AES in substantially less than polynomial time. If I'm right about this then the NSA has more than enough resources to devote to cracking "private" SSL and SSH communications that aren't exposed through public CA compromises. And even if these fail through there are still the CRIME and BREACH attacks against SSL. These require massive quantities of known plain-text "phrases". The NSA probably has the largest amalgamation of such phrases in the world, and it has the computing capacity to exploit that data. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
