nanog mailing list archives
Re: Fiber cut - response in seconds?
From: Marshall Eubanks <tme () americafree tv>
Date: Tue, 2 Jun 2009 15:52:33 -0400
On Jun 2, 2009, at 3:41 PM, Charles Wyble wrote:
David Barak wrote:Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1].Of course. Hence my comment bout the likely hood of success depending on how much computing power they have access to. How much easier does my job get if I have access to thousands of encrypted e- mails vs 1 encrypted e-mail? Once I factor your PKI root private key, your toast.
Note that most PKI (such as RSA) may be breakable when and if Quantum computers
become practical. http://en.wikipedia.org/wiki/Shor's_algorithmStoring large amounts of PKI encrypted data for that day I am sure would interest some organizations.
Regards Marshall
It was my impression that the various algorithms were designed to prevent traffic analysis attacks, or at least vastly reduce there effectiveness, and if some magical corner case is discovered it should be further mitigated by key rotation right? I'm an operations guy, not a math wizard. :)I'm not trying to argue that the attacker in this case could necessarily detect a flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no consequences. Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and then has free access to all of the transmissions.Sure. However couldn't they do this in a lab environment? Various botnets give them access to massive amounts of computing power on an ongoing basis. I presume that the folks with sufficient expertise and knowledge to do these attacks use exploits / back doors that ensure continued access to this computing power, which won't be detected/patched by the little tykes doing spamming/phising/data correlation.Then there is the ability to buy a whole lot of specialized number crunching compute gear as well.Granted the US govt has there own (classified) encryption algorithms and as such that can't be replicated in a lab environment and requires access to the physical medium carrying traffic encrypted by said algorithms.Physical security is a prerequisite to all of the other approaches to communication security. Those cases where physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to be resistant to attack, and it's very hard to make use of a connection of that type for regular operations.Really? The US Military uses a whole lot of wireless (satellite, ground baed, surface to air) links. Those links can be sniffed (by people with sufficient motivation/funding/gear to do so). They rely on encryption to protect them.
Current thread:
- Re: Fiber cut - response in seconds?, (continued)
- Re: Fiber cut - response in seconds? Leo Bicknell (Jun 01)
- Re: Fiber cut - response in seconds? Martin Hannigan (Jun 02)
- Re: Fiber cut - response in seconds? Jared Mauch (Jun 02)
- Re: Fiber cut - response in seconds? Robert Bonomi (Jun 01)
- Re: Fiber cut - response in seconds? Warren Bailey (Jun 01)
- Re: Fiber cut - response in seconds? David Barak (Jun 02)
- Re: Fiber cut - response in seconds? Charles Wyble (Jun 02)
- RE: Fiber cut - response in seconds? Deepak Jain (Jun 02)
- Re: Fiber cut - response in seconds? Charles Wyble (Jun 02)
- Re: Fiber cut - response in seconds? David Barak (Jun 02)
- Re: Fiber cut - response in seconds? Charles Wyble (Jun 02)
- Re: Fiber cut - response in seconds? Marshall Eubanks (Jun 02)
- Re: Fiber cut - response in seconds? Michael Holstein (Jun 02)
- RE: Fiber cut - response in seconds? Deepak Jain (Jun 02)
- Re: Fiber cut - response in seconds? Chris Adams (Jun 02)
- RE: Fiber cut - response in seconds? Deepak Jain (Jun 02)
- Re: Fiber cut - response in seconds? Chris Adams (Jun 02)
- RE: Fiber cut - response in seconds? John van Oppen (Jun 02)
- Re: Fiber cut - response in seconds? Charles Wyble (Jun 02)
- Re: Fiber cut - response in seconds? Ryan Wilkins (Jun 02)