On what the NSA does with its tech

John Kelsey kelsey.j at ix.netcom.com
Thu Aug 5 07:39:37 PDT 2004

  From: "Major Variola (ret)" <mv at cdc.gov> 
  Sent: Aug 2, 2004 11:56 PM
  To: "cypherpunks at al-qaeda.net" <cypherpunks at al-qaeda.net>
  Subject: On what the NSA does with its tech

  What they can do is implement an advanced dictionary search that
  includes the kind of mnemonic tricks and regexps that folks typically 
  use when coming up with "tough" passphrases.   Cracking Italian
  anarchist PGP-equipt PDAs in their possession, things like that.

Yep.  This seems like the practical weak link in a lot of uses of cryptography.  It can be made harder in a lot of ways (e.g., upping the iteration count, or doing Abadi's trick of generating a big salt value but not disclosing all of it), but all this ends up with the attacker's extra work linear in the user's extra work.  Of course, if the user chooses good passwords, it's a pretty big linear factor, but it's still linear--I double my iteration count, and the attacker doubles his work, though he's always doing a million times as much work as I am.  

The only really good solution is to use some external device to mediate in password->key generation.  But then you've got to make sure that device is always available, or you're unable to get at your data.  And if that device is an online server somewhere, then password encryptions become partly traceable.  

--John Kelsey

More information about the cypherpunks-legacy mailing list