Re: [ILUG] Echelon exists..so says EU report

From: John McCormac (jmcc at domain hackwatch.com)
Date: Sat 15 Sep 2001 - 03:06:27 IST

• Next message: David Golden: "Re: [ILUG] Echelon exists..so says EU report"
• Previous message: John McCormac: "Re: [ILUG] Echelon exists..so says EU report"
• In reply to: Rick Moen: "Re: [ILUG] Echelon exists..so says EU report"
• Next in thread: Rick Moen: "Re: [ILUG] Echelon exists..so says EU report"
• Reply: Rick Moen: "Re: [ILUG] Echelon exists..so says EU report"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Rick Moen wrote:
>
> begin John McCormac quotation:
>
> > Just because it can be compiled and the source is freely available
> > does not guarantee security. Even RSA is based on a theory that it is
> > difficult to factor large numbers. If someone was to develop a faster
> > factoring algorithm then RSA encryption could be vulnerable.
>
> That is true. As a mathematician, I'd be at least moderately surprised
> at a breakthrough in this area of which we had no hint in the academic
> journals, regardless of how many geniuses they have on staff. But it
> could happen.

It only takes one of them to come up with some completely new way of
looking at the problem. While everyone was concentrating on finding a
new factoring algorithm, some NSA head could have developed a method of
identifying a characteristic of information which does not change
through encryption.
 
> > Even with PGP, as far as I remember, the core encryption algorithm
> > (that used to encrypt the data) is not RSA.
>
> With PGP having gone proprietary after 2.6.3i, I use GnuPG exclusively,
> these days. GnuPG defaults to Blowfish for its symmetric cipher, and
> DSA & ElGamal for the assymetric ones (with DSA favoured). In the
> latter category, RSA support was added in v. 1.0.3 (after the USA patent
> expired on Sept. 20/21, 2000).
>
> > RSA is used for the keyhandling.
>
> Yes (in PGP), though there are actually two levels of keys (just as
> with SSH and TLS/SSL): You can't use asymmetric aka public-key crypto
> for the who thing, because it's too slow.

That was the problem that affected the encryption used on most smartcard
systems throughout the nineties. Most of the algorithms were simple
hashing algorithms with a few tweakable variables. (some of them such as
the original Sky 07 hash were not secure but it and other such systems
were compromised by technical means, the cryptanalysis came afterwards.)

> And, when all else fails, the bad guys can always fall back on "lead
> pipe decryption". ;->

It used to be a rubber hose - probably wasn't robust enough. :-)

Regards...jmcc

• Next message: David Golden: "Re: [ILUG] Echelon exists..so says EU report"
• Previous message: John McCormac: "Re: [ILUG] Echelon exists..so says EU report"
• In reply to: Rick Moen: "Re: [ILUG] Echelon exists..so says EU report"
• Next in thread: Rick Moen: "Re: [ILUG] Echelon exists..so says EU report"
• Reply: Rick Moen: "Re: [ILUG] Echelon exists..so says EU report"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:09 GMT