Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 08/13/2013 01:29 PM, Richard Pieri wrote: > If I did my math right, a facility like that can brute-force any > 80-bit key in about 32 hours. I'll accept your math, and it makes my point. You describe a facility that can only brute-force a couple hundred 80-bit keys a year. Which means brute-forcing 80-bit keys is not something routine and cheap for the NSA, not when they think they need a plaintext copy of *everything*. Sure, 32-hours is cheap when the spies are cracking into the Soviets or Red Chinese, but NSA sees more than two targets now, they think everyone on the planet is their target, at which point 32-hours is crushingly horrible. > Keys smaller than about 68 bits (28 seconds) would probably take > longer to spin up the jobs than run the actual searches. Even 28-seconds is crushing when your intention is to read everything. There are only 1.1 million of those 28-second windows in a year. And don't forget the "trillion guesses a second" Snowden is quoted as advising, you might be giving the NSA too much credit. Snowden has been described as paranoid and careful. Getting a public key for the reporter wasn't good enough for him, it was only good enough to describe something more secure that was maybe good enough for him. He might know what he is talking about. Don't get me wrong: if you want to keep the NSA from decrypting your data, and if there is any reason to believe they might be seriously interested in you, be *extremely* careful, and use good encryption and use long passphrases with lots of real entropy in them, and protect them. And worry about your endpoint security. And don't make any mistakes. And be lucky, too, for good measure. I think we agree on that stuff. But if enough millions of people start using a nice sloppy mishmash of halfway decent weak encryption on a daily basis, the NSA will have to choose what it cares about, and no, "everything" won't be an option any longer. > Protip: every cipher has weaknesses. > > Protip 2: assume the NSA knows these weaknesses. Protip 3: Weaknesses can be exploited, at a cost. Something that NSA can afford one of, or a thousand of, is not something the NSA can afford in infinite quantities. Bending their cost-curve matters. -kb
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |