Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX

It may not be easier, but it would be more effective when monitoring 
specific people.

On 08/14/2013 10:03 AM, Richard Pieri wrote:
> Jerry Feldman wrote:
>> recipient's public key), so to make this bidierctional they need to
>> break 2 keys, so the job gets more difficult. Breaking the session key
> The public key is more easily recovered from, say, a public key 
> server. This requires no effort at all.
> It may be easier -- and it will become easier as time passes -- to 
> factor the prime numbers that comprise the public key and use them to 
> recreate the private key. The strength of RSA is that it is very, very 
> computationally expensive to factor large prime numbers.
> Kent Borg wrote:
> > if you are doing SSL with that public key, the key exchange cannot be
> > understood by a passive observer, so passively recording the packets
> > will not let someone later decrypt the exchange.
> If you have the certificate and you can snoop the session handshake 
> then you can recover the session key and decrypt the session. The 
> security of the secret key is paramount to every PK system.
> I assert that the NSA have compromised the public CAs just as they 
> have compromised the service providers. This is computationally very 
> inexpensive. It simply requires the FISC to fire up Word and print out 
> a few national security letters. The NSA either have copies of all of 
> the certificates issued by public CAs or can obtain them upon request.
> As you repeatedly point out, the NSA wants to store everything. 
> "Everything" includes SSL handshakes.
> Certificate + handshake = session key => decrypted session in real 
> time. Any user, any session, any time, any reason. No cryptanalysis 
> needed. No brute force needed.

Jerry Feldman <gaf at>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /