Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Tom Metro wrote: > I haven't looked at reference material to refresh my understanding on > this, so it may be wrong, but my recollection is that a CA compromise > would only facilitate man-in-the-middle attacks. Certificate escrow is the easiest way for a three-letter agency to obtain site certificates. > This strikes me as a wild assertion and I don't follow the logic. > References? CRIME and BREACH are examples of SSL side-channel attacks using known text to recover session keys. The more text you have, the more text you have available for making such attacks. > Superficially, it sounds like it could be right, as we've all heard of > attack vectors that make use of known plain text. But the NSA doesn't > *know* what is in a given document. But they do. For example, there are static data in every Google account sign-in process. If you capture many sessions of SSL-wrapped data and compare them to the clear-text data then you can draw correlations between known plain-text and the cipher-text. You can then apply those correlations to any arbitrary user's sign-in sessions. > Yeah, but why is that useful? If a repeat[1] occurs every 2^64, and you > send a high volume of messages, that means the NSA will be able to > decrypt 2 messages out of 18,446,744,073,709,551,615 messages. That's > assuming they've brute forced one to begin with. This assumes a truly random spread. Computers don't do truly random numbers. -- Rich P.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |