PGP/SSL/TLS really as secure as one thinks?

Leo Bicknell bicknell at ufp.org
Fri Jun 7 15:34:05 UTC 2013


On Jun 7, 2013, at 10:14 AM, Jeroen Massar <jeroen at massar.ch> wrote:

> If you can't trust the entities where your data is flowing through
> because you are unsure if and where they are tapping you, why do you
> trust any of the crypto out there that is allowed to exist? :)
> 
> Think about it, the same organization(s) that you are suspecting of
> having those taps, are the ones who have the top crypto people in the
> world and who have been influencing those standards for decades...

I believe there are two answers to your question, although neither is entirely satisfactory.

The same organization(s) you describe use cryptography themselves, and do influence the standards.  They have a strong interest in keeping their own communication secure.  It would be a huge risk to build in some weakness they could exploit and hope that other state funded entities would not be able to find the hidden flaw that allows decryption.

Having "unbreakable" cryptography is not necessary to affect positive change.  Reading unencrypted communications is O(1).  If cryptography can make reading the communications (by breaking the crypto) harder, ideally at least O(n^2), it would likely prevent it from being economically feasible to do wide scale surveillance.  Basically if they want your individual communications it's still no problem to break the crypto and get it, but simply reading everything going by from everyone becomes economically impossible.

There's an important point to the second item; when scanning a large data set one of the most important details algorithmically is knowing which data _not_ to scan.  When the data is in plain text throwing away uninteresting data is often trivial.  If all data is encrypted, cycles must be spent to decrypt it all just to discover it is uninteresting.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130607/127b810e/attachment.sig>


More information about the NANOG mailing list