Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Richard Pieri writes: > If I did my math right, a facility like that can brute-force any 80-bit key in about 32 hours. If they want to intercept and decrypt *all* traffic, that means decrypting more than one key. I have no idea how much daily encrypted traffic passes through the Internet on an average day, but just to have a number to play with, the daily logs I receive show that the BLU mail server processes approximately 20,000 messages per day. Let's pretend that each day, there are at least 20,000 email messages worldwide that are encrypted with randomly-generated session that are 80-bits, and that the NSA wants to decrypt as part of their "capture and analyze all traffic" plan. If a single 80-bit key takes up to 32 hours to brute-force, then 20,000 distinct 80-bit keys per day would take 32 x 20,000 hours == 640,000 hours == 26,667 days == 73 years. If there were 20,000 separate 8-bit keys per day for the NSA to crack, and it would take up to 73 years to crack a days' worth of keys at a cost of $300 million for the hardware, by your math.If there are significantly more than 20,000 such keys per day, then the time and cost will be much higher. If more people start routinely encrypting all their email, not just the messages containing sensitive information, then the number of keys will grow significantly. Weaker encryption could be cracked more quickly and at a lower cost, but even weak encryption costs them more to process than plain text. If it takes them more than a day to decrypt a day's worth of traffic, then they can't keep up with all traffic. In principle, sure, they can throw more money at the problem, but the money they can spend on decryption is limited by the amount of tax revenue they receive to pay for it. However much funding they receive, it's still a finite sum. On Tue, Aug 13, 2013 at 1:54 PM, Richard Pieri <richard.pieri at gmail.com>wrote: > Daniel Barrett wrote: > >> Just wondering how safe a file is when encrypted with a 4096-bit GPG key. >> > > GPG doesn't work that way. > > Your 4096-bit asymmetric key is either RSA or DH, both of which are VERY > slow algorithms, too slow for general use. > > When you encrypt a message, the encryption engine generates a random > session key. This session key is used to encrypt the message using a > symmetric cipher (GnuPG uses CAST-128 by default). The session key is then > encrypted with the public half of your recipient's asymmetric key pair and > attached to the message. > > When the recipient decrypts the message, the session key is decrypted with > the private half of the asymmetric key pair. The recovered session key is > used to decrypt the message. > > SSL and SSH both work roughly the same way. > > -- > Rich P. > > ______________________________**_________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/**listinfo/discuss<http://lists.blu.org/mailman/listinfo/discuss> > -- John Abreau / Executive Director, Boston Linux & Unix Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |