On 05/25/2012 09:50 AM, Steven Bellovin wrote:
Here's Google Translate link to the article (I can't read German).
My money is on a protocol or implementation flaw, or possibly just
hacks to the end system.
http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
This seems to be the basis for the whole article:
"Is the technology used to decipher in a position to encrypted
communications (such as SSH or PGP) to at least partially and / or
evaluate?"
Why would the question include that parenthetical? Surely anyone who
would know what SSH or PGP is would know what the term "encrypted
communications" means. Probably the person who constructed the question
is specifically familiar with those protocols and does not want the
response to weasel out due to over generality.
The response of the federal government is, "Yes, the technology used
is basically able to do so, depending on the type and quality of the
encryption."
But this sounds to me like a very general answer which was probably
prepared ahead of time to reveal the minimal amount of information. For
this reason I don't think it should be interpreted as referring to SSH
or PGP specifically. But the phrase "depending on the type and quality
of the encryption" would seemingly rule out endpoint hacks.
Perhaps someone who knows German can better interpret it.
- Marsh
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
