CDR: RE: Re: why should it be trusted?
Kerry L. Bonin
kerry at vscape.com
Tue Oct 17 10:22:10 PDT 2000
At 10:06 AM 10/17/00 -0500, Fisher Mark wrote:
>It is just a whole lot easier to do a black-bag job on a North Korean
>embassy (for example) than to directly attack their crypto. That is why
>defense companies do background checks, that is why some areas of military
>facilities are guarded by soldiers with guns, and that is why the NSA tried
>to conceal all evidence of their existence for a while. Crypto is just one
>part of a unified security policy -- sometimes not a very important part at
>that.
I don't dispute this, my choice of words was "Sure, they devote significant
resources to exploiting weaknesses in key management." "Rubber hose" and
"black bag" cryptanalysis have a long history of being far more cost
effective than brute force.
More information about the cypherpunks-legacy
mailing list