[ILUG] Echelon exists..so says EU report

[Rick Moen]

begin John McCormac quotation:

> Just because it can be compiled and the source is freely available
> does not guarantee security. Even RSA is based on a theory that it is
> difficult to factor large numbers. If someone was to develop a faster
> factoring algorithm then RSA encryption could be vulnerable. 

That is true.  As a mathematician, I'd be at least moderately surprised
at a breakthrough in this area of which we had no hint in the academic
journals, regardless of how many geniuses they have on staff.  But it
could happen.

> Even with PGP, as far as I remember, the core encryption algorithm
> (that used to encrypt the data) is not RSA.

With PGP having gone proprietary after 2.6.3i, I use GnuPG exclusively,
these days.  GnuPG defaults to Blowfish for its symmetric cipher, and
DSA & ElGamal for the assymetric ones (with DSA favoured).  In the
latter category, RSA support was added in v. 1.0.3 (after the USA patent
expired on Sept. 20/21, 2000).

> RSA is used for the keyhandling.

Yes (in PGP), though there are actually two levels of keys (just as 
with SSH and TLS/SSL):  You can't use asymmetric aka public-key crypto
for the who thing, because it's too slow.

(That's not to mention the hashing algorithms.)

> In some cases, who the encrypted e-mail is going to can be far more
> revealing than the contents.

Oh yes.  There are all sorts of nasty tricks that can be played with
traffic analysis, and other methods.  See Bruce Schneier's _Secrets and
Lies_ for a good rundown.

And, when all else fails, the bad guys can always fall back on "lead
pipe decryption".  ;->

-- 
Cheers,                                      Right to keep and bear
Rick Moen                                  Haiku shall not be abridged
rick at linuxmafia.com                           Or denied.  So there.