Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
John Abreau wrote: > Nope, sorry, each individual message has its own unique session key. > Cracking the session key on one particular message tells you nothing > about the session key on subsequent messages. If I decrypt the message by breaking the session key then yes, I can only decrypt that one message. But, if I can do this then I know what the session key is. This means that I have a 100% known plain-text correspondence with the encrypted session key. This may make it easier to attack a given RSA or DSA key pair. Attacking the RSA or DSA asymmetric keys directly is believed to be more difficult than attacking the session key. Given that the NSA has approved both for commercial use, just as they have approved AES for commercial use, I assume that they are aware of exploitable weaknesses in both. -- Rich P.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |