[cryptography] [info] The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)

Jon Callas jon at callas.org
Mon Mar 19 10:26:24 EDT 2012

Hash: SHA1

On Mar 18, 2012, at 6:38 PM, Randall Webmail wrote:

> From: "ianG" <iang at iang.org>
>> ... So after a lot of colour, it is not clear if they can break AES. 
>> Yet.  OK.  But that is their plan.  And they think they can do it, 
>> within their foreseeable future.  Maybe soon.  Or maybe they can, and 
>> they've managed to get their own agency to at least believe it's in the 
>> future, not now.  Or maybe they can at 128, but not larger?
> I suppose we've all seen the "proofs" that brute-forcing PGP would take a supercomputer the size of the planet longer than the age of the universe to accomplish.   Was the math faulty in those proofs, or is it true, and the NSA is just empire-building?

They aren't "proofs" in the sense of rigorous mathematics, but they're arguments.

There's nothing wrong with the math, but they have certain assumptions. If they know something that we don't -- for example, presume they've solved the algebraic equation that is AES, then that would lead to a different set of math.

Frankly, I think that Jonathan Thornburg has a better line on it -- it's much more efficient to develop a theory of how to break passphrases. I can much better see how a large computing engine could help with that.

Let me handwave a bit. Suppose using scrapings from social networks, web surfing, etc., you come up with a model of your opponent and can compute in a week the 2^30 most likely passphrases they'd use. You know have a much simpler task now, one that should take anything from minutes to a couple weeks to do.

Also note that Alice is talking to Bob, you can likely get the message by attacking either Alice or Bob.

But really, I wouldn't do the crypto at all. I would just go for traffic analysis. And huge supercomputers would help with that. Good traffic analysis makes crypto irrelevant.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list