Fiber cut - response in seconds?
tme at americafree.tv
Tue Jun 2 19:52:33 UTC 2009
On Jun 2, 2009, at 3:41 PM, Charles Wyble wrote:
> David Barak wrote:
>> Paranoia 101 teaches us that any given encryption approach will
>> eventually fall before a brute-force onslaught of sufficient power
>> and duration.
> Of course. Hence my comment bout the likely hood of success
> depending on how much computing power they have access to. How much
> easier does my job get if I have access to thousands of encrypted e-
> mails vs 1 encrypted e-mail? Once I factor your PKI root private
> key, your toast.
Note that most PKI (such as RSA) may be breakable when and if Quantum
Storing large amounts of PKI encrypted data for that day I am sure
would interest some organizations.
> It was my impression that the various algorithms were designed to
> prevent traffic analysis attacks, or at least vastly reduce there
> effectiveness, and if some magical corner case is discovered it
> should be further mitigated by key rotation right? I'm an operations
> guy, not a math wizard. :)
> I'm not trying to argue that the attacker in this case could
> necessarily detect a flaw in the algorithm; rather, they'll get an
> effectively infinite number of chances to bang against it with no
> consequences. Once it's cracked, the attacker will *still* have the
> physical access which is thus compromised, and then has free access
> to all of the transmissions.
> Sure. However couldn't they do this in a lab environment? Various
> botnets give them access to massive amounts of computing power on an
> ongoing basis. I presume that the folks with sufficient expertise
> and knowledge to do these attacks use exploits / back doors that
> ensure continued access to this computing power, which won't be
> detected/patched by the little tykes doing spamming/phising/data
> Then there is the ability to buy a whole lot of specialized number
> crunching compute gear as well.
> Granted the US govt has there own (classified) encryption algorithms
> and as such that can't be replicated in a lab environment and
> requires access to the physical medium carrying traffic encrypted by
> said algorithms.
>> Physical security is a prerequisite to all of the other approaches
>> to communication security. Those cases where physical security is
>> presumed to be non-existant have to rely on a lot of out-of-band
>> knowledge for any given method to be resistant to attack, and it's
>> very hard to make use of a connection of that type for regular
> Really? The US Military uses a whole lot of wireless (satellite,
> ground baed, surface to air) links. Those links can be sniffed (by
> people with sufficient motivation/funding/gear to do so). They rely
> on encryption to protect them.
More information about the NANOG