Fiber cut - response in seconds?

Marshall Eubanks tme at americafree.tv
Tue Jun 2 14:52:33 CDT 2009


On Jun 2, 2009, at 3:41 PM, Charles Wyble wrote:

>
>
> David Barak wrote:
>> Paranoia 101 teaches us that any given encryption approach will  
>> eventually fall before a brute-force onslaught of sufficient power  
>> and duration[1].
>
> Of course. Hence my comment bout the likely hood of success  
> depending on how much computing power they have access to. How much  
> easier does my job get if I have access to thousands of encrypted e- 
> mails vs 1 encrypted e-mail? Once I factor your PKI root private  
> key, your toast.

Note that most PKI (such as RSA) may be breakable when and if Quantum  
computers
become practical.

http://en.wikipedia.org/wiki/Shor's_algorithm

Storing large amounts of PKI encrypted data for that day I am sure  
would interest some organizations.

Regards
Marshall


> It was my impression that the various algorithms were designed to  
> prevent traffic analysis attacks, or at least vastly reduce there  
> effectiveness, and if some magical corner case is discovered it  
> should be further mitigated by key rotation right? I'm an operations  
> guy, not a math wizard. :)
>
> I'm not trying to argue that the attacker in this case could  
> necessarily detect a flaw in the algorithm; rather, they'll get an  
> effectively infinite number of chances to bang against it with no  
> consequences.  Once it's cracked, the attacker will *still* have the  
> physical access which is thus compromised, and then has free access  
> to all of the transmissions.
>
> Sure. However couldn't they do this in a lab environment? Various  
> botnets give them access to massive amounts of computing power on an  
> ongoing basis. I presume that the folks with sufficient expertise  
> and knowledge to do these attacks use exploits / back doors that  
> ensure continued access to this computing power, which won't be  
> detected/patched by the little tykes doing spamming/phising/data  
> correlation.
>
> Then there is the ability to buy a whole lot of specialized number  
> crunching compute gear as well.
>
> Granted the US govt has there own (classified) encryption algorithms  
> and as such that can't be replicated in a lab environment and  
> requires access to the physical medium carrying traffic encrypted by  
> said algorithms.
>
>
>
>
>
>> Physical security is a prerequisite to all of the other approaches  
>> to communication security.  Those cases where physical security is  
>> presumed to be non-existant have to rely on a lot of out-of-band  
>> knowledge for any given method to be resistant to attack, and it's  
>> very hard to make use of a connection of that type for regular  
>> operations.
>
> Really? The US Military uses a whole lot of wireless (satellite,  
> ground baed, surface to air) links. Those links can be sniffed (by  
> people with sufficient motivation/funding/gear to do so). They rely  
> on encryption to protect them.
>
>
>
>





More information about the NANOG mailing list