Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX

Agreed. But, breaking the session key only works for a single message or 
a single session. If they want to target a specific individual, breaking 
the RSA/DSA keys will give them access to all encrypted messages. 
(within the context is that a sent message is encrypted by the 
recipient's public key), so to make this bidierctional they need to 
break 2 keys, so the job gets more difficult. Breaking the session key 
works if they want to look at random messages, but breaking the RSA/DSA 
keys woprks better when they have a specific target in mind.

On 08/13/2013 05:40 PM, Richard Pieri wrote:
> John Abreau wrote:
>> Nope, sorry, each individual message has its own unique session key.
>> Cracking the session key on one particular message tells you nothing
>> about the session key on subsequent messages.
> If I decrypt the message by breaking the session key then yes, I can 
> only decrypt that one message.
> But, if I can do this then I know what the session key is. This means 
> that I have a 100% known plain-text correspondence with the encrypted 
> session key. This may make it easier to attack a given RSA or DSA key 
> pair.
> Attacking the RSA or DSA asymmetric keys directly is believed to be 
> more difficult than attacking the session key. Given that the NSA has 
> approved both for commercial use, just as they have approved AES for 
> commercial use, I assume that they are aware of exploitable weaknesses 
> in both.

Jerry Feldman <gaf at>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /