LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Echelon exists..so says EU report

[ILUG] Echelon exists..so says EU report

Kieran Barry kieran at esperi.demon.co.uk
Sat Sep 15 15:59:15 IST 2001 

<delurk>
> 
> Colm Mac Carthaigh wrote:
> > 
> > while it's true that a mathematical "short-cut" may be known to the
> > NSA, their actions seem to indicate that it's unlikely.
> 
> Theoretically they would be unlikely to give any indication because they
> would want people to continue using a compromised system.

And in any case, weaknesses other than mathematical are likely to be 
available. Ferinstance, a random number generator that isn't truly random
is apparently a disaster. (There was a huge amount of traffic I didn't fully 
understand about this subject on Coderpunks this summer.)

And look at the material being published lately re: attacks on SSH. (Synopsis:
each keystroke gets sent in its own packet. This is _really_ bad. And 
you can figure out which keystrokes are the password, and then analyse the
timing to find particular keys)
>  
> > > Possibly. Though Enigma, JN25, Purple, DES and a lot of other encryption
> > > systems were supposed to be unbreakable. There would have to be some
> > > selection process for deciding what problems and identifying nets of
> > > 'connected' people is how it would logically be done.
> > 
> > I'm not entirely sure what you're saying here
> 
> All the algos above were supposed to be unbreakable. However the
> selection process also known as traffic analyss identifies a net of
> people communicating with each other. Thus if suss0 is communicating
> with suss1,2,3,4,5 and the level of communications rises from the normal
> level, something is happening. That is if suss[0-5] each use a fixed
> e-mail address in this extremely simple example. A lot of the breaks in
> the World War II algos (Enigma/JN25/Purple) were helped by a message
> being sent in a weaker code that had been compromised then being sent
> through the stronger algorithm. 
> 
I'd be very surprised if algorithms are attacked directly once the key
length gets beyond 56 bits.

The classic WWII crypto breaks came from poor info security, of course,
but cribs should be far less useful today. The reason? Cryptographers 
know about this kind of attack. It's known as "known plaintext" or, in the
case of public key systems, "chosen plaintext". Look at Schneier.

Attacks today are more likely to involve people using bad passphrases,
programming errors, or even man-in-the-middle attacks. 

Of course, I could be wrong :).

Kieran

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell