On 08/14/2013 06:34 AM, Jerry Feldman wrote:
Agreed. But, breaking the session key only works for a single message or a single session. If they want to target a specific individual, breaking the RSA/DSA keys will give them access to all encrypted messages. (within the context is that a sent message is encrypted by the recipient's public key),
Yes, breaking the RSA/DSA key will let them read files or e-mails (effectively a file) encrypted with that public key. But I think that if you are doing SSL with that public key, the key exchange cannot be understood by a passive observer, so passively recording the packets will not let someone later decrypt the exchange.
-kb _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
