17 Oct
2000
17 Oct
'00
1:28 p.m.
At 10:06 AM 10/17/00 -0500, Fisher Mark wrote:
It is just a whole lot easier to do a black-bag job on a North Korean embassy (for example) than to directly attack their crypto. That is why defense companies do background checks, that is why some areas of military facilities are guarded by soldiers with guns, and that is why the NSA tried to conceal all evidence of their existence for a while. Crypto is just one part of a unified security policy -- sometimes not a very important part at that.
I don't dispute this, my choice of words was "Sure, they devote significant resources to exploiting weaknesses in key management." "Rubber hose" and "black bag" cryptanalysis have a long history of being far more cost effective than brute force.