At 10:22 AM -0700 10/17/00, Kerry L. Bonin wrote:
At 10:06 AM 10/17/00 -0500, Fisher Mark wrote:
It is just a whole lot easier to do a black-bag job on a North Korean embassy (for example) than to directly attack their crypto. That is why defense companies do background checks, that is why some areas of military facilities are guarded by soldiers with guns, and that is why the NSA tried to conceal all evidence of their existence for a while. Crypto is just one part of a unified security policy -- sometimes not a very important part at that.
I don't dispute this, my choice of words was "Sure, they devote significant resources to exploiting weaknesses in key management." "Rubber hose" and "black bag" cryptanalysis have a long history of being far more cost effective than brute force.
Your main claim was that ciphers are crackable by the NSA (pace your various comments about "near realtime," "cracking farms," ASICs and silicon-on-sapphire, and your .mil/spook buddies who have confidentially told you so). Are you retracting this claim now? --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.