Hash: SHA1

While we worry about symmetric vs. public key ciphers, we should not
forget the risk of compromise of our long-term keys. How are they

One of the most obvious ways to compromise a cryptographic system is
to get the keys. This is a particular risk in TLS/SSL when PFS is not
used. Consider a large scale site (read: Google, Facebook, etc.) that
uses SSL. The private keys of the relevant certificates needs to be
literally on hundreds if not thousands of systems. Chances are they
are not encrypted on those systems so those systems can auto-restart
without human intervention. Those systems also break
periodically. What happens to the broken pieces, say a broken hard

If one of these private keys is compromised, all pre-recorded traffic
can now be decrypted, as long as PFS was not used (and as we know, it
is rarely used).

Encrypted email is also at great risk because we have no PFS in any of
these systems. Our private keys tend to last a long time (just look at
the age of my private key!).

If I was the NSA, I would be scavenging broken hardware from
“interesting” venues and purchasing computers for sale in interesting
locations. I would be particularly interested in stolen computers, as
they have likely not been wiped.

The bottom line here is that the NSA has upped the game (and probably
did so quite a while ago, but we are just learning about it now). This
means that commercial organizations that truly want to protect their
customers from the NSA, and other national actors whom I am sure are
just as skilled and probably more brazen, need to up their game, by a

- -Jeff

P.S. I am very careful about which devices my private key touches and
what happens to it when I am through with it.
Version: GnuPG v1.4.11 (GNU/Linux)

The cryptography mailing list

Reply via email to