On what the NSA does with its tech

[Major Variola (ret)]

At 02:39 PM 8/2/04 -0400, John Kelsey wrote:
>This is silly.  They have black budgets, but not infinite ones.  Given
their budget (whatever it is), they want to buy the most processing bang
for their buck.

Yes.  They can't break a 128 bit key.  That's obvious.  ("if all the
atoms in the
universe were computers..." goes the argument).

What they can do is implement an advanced dictionary search that
includes the kind of mnemonic tricks and regexps that folks typically
use when coming up with "tough" passphrases.   Cracking Italian
anarchist PGP-equipt PDAs in their possession, things like that.

If your keys are random 128, no dice (no pun intended).  But if your
keys
are deterministically derived from something in your head, they can
blaze.

As well as the SIGINT stuff that takes a lot of DSP cycles.  But agreed,

and worth repeating, long keys can't be exhaustively searched, if they
are truly random.

As for WEP, GSM, etc cracking, voice recognition, etc, well, that is
suitcase sized / real time stuff for them, if they want it.  I imagine
that the social network panopticon
--eg who'se ever called whom-- might take some serious exabyte
datacrunching
too, something the bioinformaticists would envy.

I don't think I overestimate the adversary when I suggest that he has
plenty
of uses for fast hardware, and that his hardware can be more than a
decade
faster thanks to cost being less of a concern, even if his transistors
are no
smaller/faster than TMSC's or IBM's.

-----
I had never met a mathematician before. He had a good sense of humor,
but no matter what you said to him, he was unimpressed. -Knuth