[Discuss] KeePassX

[gaf at blu.org (Jerry Feldman)]

It may not be easier, but it would be more effective when monitoring 
specific people.

On 08/14/2013 10:03 AM, Richard Pieri wrote:
> Jerry Feldman wrote:
>> recipient's public key), so to make this bidierctional they need to
>> break 2 keys, so the job gets more difficult. Breaking the session key
>
> The public key is more easily recovered from, say, a public key 
> server. This requires no effort at all.
>
> It may be easier -- and it will become easier as time passes -- to 
> factor the prime numbers that comprise the public key and use them to 
> recreate the private key. The strength of RSA is that it is very, very 
> computationally expensive to factor large prime numbers.
>
>
> Kent Borg wrote:
> > if you are doing SSL with that public key, the key exchange cannot be
> > understood by a passive observer, so passively recording the packets
> > will not let someone later decrypt the exchange.
>
> If you have the certificate and you can snoop the session handshake 
> then you can recover the session key and decrypt the session. The 
> security of the secret key is paramount to every PK system.
>
> I assert that the NSA have compromised the public CAs just as they 
> have compromised the service providers. This is computationally very 
> inexpensive. It simply requires the FISC to fire up Word and print out 
> a few national security letters. The NSA either have copies of all of 
> the certificates issued by public CAs or can obtain them upon request.
>
> As you repeatedly point out, the NSA wants to store everything. 
> "Everything" includes SSL handshakes.
>
> Certificate + handshake = session key => decrypted session in real 
> time. Any user, any session, any time, any reason. No cryptanalysis 
> needed. No brute force needed.
>


-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90