On 08/14/2013 07:36 AM, Kent Borg wrote:
On 08/14/2013 06:34 AM, Jerry Feldman wrote:
Agreed. But, breaking the session key only works for a single message
or a single session. If they want to target a specific individual,
breaking the RSA/DSA keys will give them access to all encrypted
messages. (within the context is that a sent message is encrypted by
the recipient's public key),
Yes, breaking the RSA/DSA key will let them read files or e-mails
(effectively a file) encrypted with that public key. But I think that
if you are doing SSL with that public key, the key exchange cannot be
understood by a passive observer, so passively recording the packets
will not let someone later decrypt the exchange.
Basically, there are 3 groups of those who want to hack encryption
1. Governments - they have resources and if they want to get your
information they have tools to do it.
2. criminals who want your information. Unless you are very wealthy,
there is very small chance they will try to break your encryption.
Simple cost benefit.
3. random hackers. There are people out there with skills and some
resources. It is hard to protect against these people because of their
skills. While they don't have acres of supercomputers they have the
skills to build or use low cost clusters.
So, I'm not really worried. If the NSA or FBI wanted to get my
information and read my emails they can do it, and there is very little
that I can do other than remain under the radar.
--
Jerry Feldman <[email protected]>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
