On Tue, Jun 25, 2013 at 6:01 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: >>How would one fabricate a digital key?
They probably meant something that sounds close. E.g., minted a certificate, or a ticket, or token, or whatever the thing is, by subverting an issuing authority or its processes (possibly via social engineering). It's not like there are many people outside [a very small part of] the tech industry who'd understand what was said or meant (or meant to be said), or even what actually happened. What does it matter if a journalist writes "digital key" when perhaps what they heard was "digital certificate" followed by a brief, overly simplified explanation of PKI concepts? We're not the audience, and the public won't know the difference -- it''s all gibberish unless analogized to off-line concepts. I don't think there's any chance that Snowden broke a public key algorithm in use at the NSA -- there's always an easier path, particularly for a well-placed insider. Insiders are usually the biggest threat to any organization. There isn't much you can do about them except limit the scope of damage they may cause (e.g., by limiting the size of the data collection they may access, by, e.g., not being such a large organization). > He used his root access to get into other people's accounts. Depending on how careless the others are one might not even need root. It can be very easy to escalate privilege when people are careless. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography