From: Colm Mac Cárthaigh (colmmacc at domain redbrick.dcu.ie)
Date: Sat 15 Sep 2001 - 02:26:38 IST
On Sat, Sep 15, 2001 at 03:12:31AM +0100, John McCormac wrote:
> Colm Mac Carthaigh wrote:
> > the opensource nature of openssh or openssl does make it
> > in the least bit less secure to the likes of the NSA,
> > if you use the right key strenths it's _very_ unlikely
> > anything the NSA have can defeat the encryption.
> Not quite correct for a number of reasons, one of which is that you do
> not know if NSA has developed a faster factoring algorithm. Another
> relates to possible leakage in the algorithms used. If you really want
> to be secure, don't use internet/phone based comms systems.
while it's true that a mathematical "short-cut" may be known to the
NSA, their actions seem to indicate that it's unlikely.
They seem to be covertly installing keystroke-loggers (of the hardware
kind) and make no secret about their desire for only lower keylengths
to be allowed in general. They also had the zany idea that thy get copies
While this could be part of a misinformation campaign it seems
> > yeah, I'd be more worried about covert operations to install kestroke
> > loggers and actual hardware intervention, network sniffing isnt
> > too much of a worry.
> Why not use standoff devices that just sniff the tempest radiation? :-)
> > It's currently pretty easy to encrypt securely, even from the NSA.
> Possibly. Though Enigma, JN25, Purple, DES and a lot of other encryption
> systems were supposed to be unbreakable. There would have to be some
> selection process for deciding what problems and identifying nets of
> 'connected' people is how it would logically be done.
I'm not entirely sure what you're saying here
-- ------------------------------------------------------------ colmmacc at domain redbrick.dcu.ie (master of the web, apache warrior)
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:09 GMT