[142] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Wed Sep 28 09:57:35 1994
From: hallam@dxal18.cern.ch
To: Mike Muuss <mike@arl.mil>, www-security@ns1.rutgers.edu
Cc: hallam@dxal18.cern.ch
In-Reply-To: Your message of "Wed, 28 Sep 94 03:02:32 GMT."
<9409272302.aa09810@wolf.arl.mil>
Date: Wed, 28 Sep 94 12:35:18 +0100
Reply-To: hallam@dxal18.cern.ch
>This sort of attack is not as difficult as you might think. It is not
>especially more difficult than conducting a wiretap on an analog line.
>If the rewards for doing so are sufficiently high, there will be plenty
>of people who will mount this sort of attack. To be more specific:
>when the amount of money or goods that can be stolen in a short time
>period by this sort of attack reaches the US$100k to US$250k range, then
>this attack will become commonplace.
Quite so, this is precisely the sort of threat we should be worrying
about. Worrying about the security of 512 bit RSA keys or the crackability
of DES is the sort of think we can leave out on at this stage.
Phill H-B
