Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Agreed. But, breaking the session key only works for a single message or a single session. If they want to target a specific individual, breaking the RSA/DSA keys will give them access to all encrypted messages. (within the context is that a sent message is encrypted by the recipient's public key), so to make this bidierctional they need to break 2 keys, so the job gets more difficult. Breaking the session key works if they want to look at random messages, but breaking the RSA/DSA keys woprks better when they have a specific target in mind. On 08/13/2013 05:40 PM, Richard Pieri wrote: > John Abreau wrote: >> Nope, sorry, each individual message has its own unique session key. >> Cracking the session key on one particular message tells you nothing >> about the session key on subsequent messages. > > If I decrypt the message by breaking the session key then yes, I can > only decrypt that one message. > > But, if I can do this then I know what the session key is. This means > that I have a 100% known plain-text correspondence with the encrypted > session key. This may make it easier to attack a given RSA or DSA key > pair. > > Attacking the RSA or DSA asymmetric keys directly is believed to be > more difficult than attacking the session key. Given that the NSA has > approved both for commercial use, just as they have approved AES for > commercial use, I assume that they are aware of exploitable weaknesses > in both. > -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |