Re: Fiber cut - response in seconds?

[David Barak <thegameiam () yahoo com>]

--- On Tue, 6/2/09, Charles Wyble <charles () thewybles com> wrote: 
> David Barak wrote:
> > Encryption is insufficient - if you let someone have
> physical access for a long enough period, they'll eventually
> crack anything. 
>
> Really? I don't think so. I imagine it would be much more
> dependent on the amount of computing power the attacker has
> access to. More encrypted blobs won't help. If that was the
> case then the various encryption schemes in wide use today
> would be cracked already. Bad guys can setup networks and
> blast data through it and have complete access. I don't see
> them cracking encryption.

Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of 
sufficient power and duration[1].  I'm not trying to argue that the attacker in this case could necessarily detect a 
flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no 
consequences.  Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and 
then has free access to all of the transmissions.

Physical security is a prerequisite to all of the other approaches to communication security.  Those cases where 
physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to 
be resistant to attack, and it's very hard to make use of a connection of that type for regular operations.

Pretty much all security eventually boils down to people with firearms saying "don't do that."

David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com