[163389] in North American Network Operators' Group
Re: PGP/SSL/TLS really as secure as one thinks?
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Jun 7 11:34:58 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <51B1F8CC.9070402@massar.ch>
Date: Fri, 7 Jun 2013 10:34:05 -0500
To: Jeroen Massar <jeroen@massar.ch>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_8236046B-B166-43A0-93CD-0B6925918A56
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
On Jun 7, 2013, at 10:14 AM, Jeroen Massar <jeroen@massar.ch> wrote:
> If you can't trust the entities where your data is flowing through
> because you are unsure if and where they are tapping you, why do you
> trust any of the crypto out there that is allowed to exist? :)
>=20
> Think about it, the same organization(s) that you are suspecting of
> having those taps, are the ones who have the top crypto people in the
> world and who have been influencing those standards for decades...
I believe there are two answers to your question, although neither is =
entirely satisfactory.
The same organization(s) you describe use cryptography themselves, and =
do influence the standards. They have a strong interest in keeping =
their own communication secure. It would be a huge risk to build in =
some weakness they could exploit and hope that other state funded =
entities would not be able to find the hidden flaw that allows =
decryption.
Having "unbreakable" cryptography is not necessary to affect positive =
change. Reading unencrypted communications is O(1). If cryptography =
can make reading the communications (by breaking the crypto) harder, =
ideally at least O(n^2), it would likely prevent it from being =
economically feasible to do wide scale surveillance. Basically if they =
want your individual communications it's still no problem to break the =
crypto and get it, but simply reading everything going by from everyone =
becomes economically impossible.
There's an important point to the second item; when scanning a large =
data set one of the most important details algorithmically is knowing =
which data _not_ to scan. When the data is in plain text throwing away =
uninteresting data is often trivial. If all data is encrypted, cycles =
must be spent to decrypt it all just to discover it is uninteresting.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--Apple-Mail=_8236046B-B166-43A0-93CD-0B6925918A56
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
iQIVAwUBUbH9cLN3O8aJIdTMAQLJqhAAqQcbsfdcNytAOtdHI2s7WZXKjNNq3q2m
S8+f+XhYmJAklZHDLQKQ9ebEDYkvHXdUEKZCNz398kg66VH0WBdPEdqcQs25d7Nv
crNDCYrk0VwWj4QpGxfv8iI7zKkSBVzNk+yXIYr/DwfaBtiWng0UIn6NIQKvm+XZ
4xrGov81kXCMvvqVhogENu8n7NrP/OOnKYLL72NRhv9Uk0p9UvNXRvuQZG+8bwWJ
E+QX5bruHo4lqj/lEBORY+aXkItFmNyWPJa4YVAZYRSbSzZBxbt87cDhi1u/ozAV
mTJlkxqaCNE2wqXNlv3KBkKyQurvWc1XEqeE6oWPktR0OVQedG1M3KPVxGcODXl2
O+MbQejVjKgDjii9XKCpF9N8R1UPH1omAPNxbsi5CaUTyDYn6WeNO4KQmDWsXP6Q
SUQIHukraFYRaheW5K/kL/b6FSZb7G0zftZtNvx2XIP/UpryeHwuKb2JKGd20o3/
/sLSIjtXkmUUD1/A/NPgIJWlUpqGgmYaOB+/orqf8KOtfAfgse0LBHGC29QKtc6R
STAAAKeLQI7qzWxdNYxJz1G7nxTgr+6V3UDKG8tLmCGJzdPTNWq+ZDlXF5wTb2VN
eVOQMbgaFyEwAacdDDx9Xw1X9XWOoQp+LtOso5r5zzfI241bfr00wDIXUqB/24ex
yzclmJ0wvBE=
=uuc3
-----END PGP SIGNATURE-----
--Apple-Mail=_8236046B-B166-43A0-93CD-0B6925918A56--
