[Discuss] KeePassX
Jerry Feldman
gaf at blu.org
Wed Aug 14 14:56:40 EDT 2013
It may not be easier, but it would be more effective when monitoring
specific people.
On 08/14/2013 10:03 AM, Richard Pieri wrote:
> Jerry Feldman wrote:
>> recipient's public key), so to make this bidierctional they need to
>> break 2 keys, so the job gets more difficult. Breaking the session key
>
> The public key is more easily recovered from, say, a public key
> server. This requires no effort at all.
>
> It may be easier -- and it will become easier as time passes -- to
> factor the prime numbers that comprise the public key and use them to
> recreate the private key. The strength of RSA is that it is very, very
> computationally expensive to factor large prime numbers.
>
>
> Kent Borg wrote:
> > if you are doing SSL with that public key, the key exchange cannot be
> > understood by a passive observer, so passively recording the packets
> > will not let someone later decrypt the exchange.
>
> If you have the certificate and you can snoop the session handshake
> then you can recover the session key and decrypt the session. The
> security of the secret key is paramount to every PK system.
>
> I assert that the NSA have compromised the public CAs just as they
> have compromised the service providers. This is computationally very
> inexpensive. It simply requires the FISC to fire up Word and print out
> a few national security letters. The NSA either have copies of all of
> the certificates issued by public CAs or can obtain them upon request.
>
> As you repeatedly point out, the NSA wants to store everything.
> "Everything" includes SSL handshakes.
>
> Certificate + handshake = session key => decrypted session in real
> time. Any user, any session, any time, any reason. No cryptanalysis
> needed. No brute force needed.
>
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
More information about the Discuss
mailing list