nanog mailing list archives
Re: PGP/SSL/TLS really as secure as one thinks?
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 7 Jun 2013 10:34:05 -0500
On Jun 7, 2013, at 10:14 AM, Jeroen Massar <jeroen () massar ch> wrote:
If you can't trust the entities where your data is flowing through because you are unsure if and where they are tapping you, why do you trust any of the crypto out there that is allowed to exist? :) Think about it, the same organization(s) that you are suspecting of having those taps, are the ones who have the top crypto people in the world and who have been influencing those standards for decades...
I believe there are two answers to your question, although neither is entirely satisfactory. The same organization(s) you describe use cryptography themselves, and do influence the standards. They have a strong interest in keeping their own communication secure. It would be a huge risk to build in some weakness they could exploit and hope that other state funded entities would not be able to find the hidden flaw that allows decryption. Having "unbreakable" cryptography is not necessary to affect positive change. Reading unencrypted communications is O(1). If cryptography can make reading the communications (by breaking the crypto) harder, ideally at least O(n^2), it would likely prevent it from being economically feasible to do wide scale surveillance. Basically if they want your individual communications it's still no problem to break the crypto and get it, but simply reading everything going by from everyone becomes economically impossible. There's an important point to the second item; when scanning a large data set one of the most important details algorithmically is knowing which data _not_ to scan. When the data is in plain text throwing away uninteresting data is often trivial. If all data is encrypted, cycles must be spent to decrypt it all just to discover it is uninteresting. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: PRISM: NSA/FBI Internet data mining project, (continued)
- Re: PRISM: NSA/FBI Internet data mining project Phil Fagan (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Owen DeLong (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Phil Fagan (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project William Herrin (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Phil Fagan (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Warren Bailey (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Phil Fagan (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Warren Bailey (Jun 21)
- Re: PRISM: NSA/FBI Internet data mining project Owen DeLong (Jun 21)
- PGP/SSL/TLS really as secure as one thinks? Jeroen Massar (Jun 07)
- Re: PGP/SSL/TLS really as secure as one thinks? Leo Bicknell (Jun 07)
- Re: PGP/SSL/TLS really as secure as one thinks? David Walker (Jun 07)
- Re: PGP/SSL/TLS really as secure as one thinks? Joe Abley (Jun 10)
- Re: PGP/SSL/TLS really as secure as one thinks? Matthew Petach (Jun 10)
- Re: PRISM: NSA/FBI Internet data mining project Måns Nilsson (Jun 06)
- Re: PRISM: NSA/FBI Internet data mining project Jimmy Hess (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Matthew Petach (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Jay Ashworth (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Tom Taylor (Jun 09)
- Re: PRISM: NSA/FBI Internet data mining project Mike Jones (Jun 08)
- Re: PRISM: NSA/FBI Internet data mining project Warren Bailey (Jun 08)