[Discuss] email privacy/security
Richard Pieri
richard.pieri at gmail.com
Mon Aug 5 14:07:24 EDT 2013
Kent Borg wrote:
> Okay, maybe ROT-13 isn't worth much. But ROT-12, being a bit more
> obscure, starts to be useful. And something that requires a
> man-in-the-middle attack, is very valuable.
Substitution ciphers fall in near real time to automated frequency
analysis. The obscurity of the algorithm is irrelevant when there is a
1:1 correspondence between clear text and cipher text.
Weak encryption can be broken quickly. c.f. any of the DES/3DES cracking
engines.
Flawed encryption can be broken very quickly. c.f. WEP cracking.
It may not matter how expensive an attack is. The NSA has an effectively
unlimited budget. Let's compound the issue: what are the most commonly
used ciphers used for encrypted communications today? Which of these
were approved by the NSA for purposes other than those requiring secret
or higher security classifications?
Flawed cryptography is useless. Good cryptography may be useless when
one of your foes is responsible for approving and endorsing the
encryption systems you use.
--
Rich P.
More information about the Discuss
mailing list