-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 18, 2012, at 6:38 PM, Randall Webmail wrote: > From: "ianG" <[email protected]> > >> ... So after a lot of colour, it is not clear if they can break AES. >> Yet. OK. But that is their plan. And they think they can do it, >> within their foreseeable future. Maybe soon. Or maybe they can, and >> they've managed to get their own agency to at least believe it's in the >> future, not now. Or maybe they can at 128, but not larger? > > I suppose we've all seen the "proofs" that brute-forcing PGP would take a > supercomputer the size of the planet longer than the age of the universe to > accomplish. Was the math faulty in those proofs, or is it true, and the NSA > is just empire-building? They aren't "proofs" in the sense of rigorous mathematics, but they're arguments. There's nothing wrong with the math, but they have certain assumptions. If they know something that we don't -- for example, presume they've solved the algebraic equation that is AES, then that would lead to a different set of math. Frankly, I think that Jonathan Thornburg has a better line on it -- it's much more efficient to develop a theory of how to break passphrases. I can much better see how a large computing engine could help with that. Let me handwave a bit. Suppose using scrapings from social networks, web surfing, etc., you come up with a model of your opponent and can compute in a week the 2^30 most likely passphrases they'd use. You know have a much simpler task now, one that should take anything from minutes to a couple weeks to do. Also note that Alice is talking to Bob, you can likely get the message by attacking either Alice or Bob. But really, I wouldn't do the crypto at all. I would just go for traffic analysis. And huge supercomputers would help with that. Good traffic analysis makes crypto irrelevant. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFPZ0IPsTedWZOD3gYRAu+AAKCFt+37HykwnA2RX4UlkWbH8nAf8gCg3pp1 P5uo+X/fMXp0oIhNtI0ct3s= =0Qv9 -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
