Agreed. But, breaking the session key only works for a single message or
a single session. If they want to target a specific individual, breaking
the RSA/DSA keys will give them access to all encrypted messages.
(within the context is that a sent message is encrypted by the
recipient's public key), so to make this bidierctional they need to
break 2 keys, so the job gets more difficult. Breaking the session key
works if they want to look at random messages, but breaking the RSA/DSA
keys woprks better when they have a specific target in mind.
On 08/13/2013 05:40 PM, Richard Pieri wrote:
John Abreau wrote:
Nope, sorry, each individual message has its own unique session key.
Cracking the session key on one particular message tells you nothing
about the session key on subsequent messages.
If I decrypt the message by breaking the session key then yes, I can
only decrypt that one message.
But, if I can do this then I know what the session key is. This means
that I have a 100% known plain-text correspondence with the encrypted
session key. This may make it easier to attack a given RSA or DSA key
pair.
Attacking the RSA or DSA asymmetric keys directly is believed to be
more difficult than attacking the session key. Given that the NSA has
approved both for commercial use, just as they have approved AES for
commercial use, I assume that they are aware of exploitable weaknesses
in both.
--
Jerry Feldman <[email protected]>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
