Well Alvaro, if you really insist we discuss this on a public list, then I first must give a shout out to the ECHELON homeys: Howdy!
GPG has yet to broken, as far as is publicly known. However, you admit yourself that the estimates for brute force attack are outdated. Just what do you think the DOD did with all of those old Cold War bunkers around DC? They filled em full of blade stuffed racks running Linux clusters and put em to work in parallel doing brute force decryption. They were gonna upgrade to OpenBSD but they found out Theo de Raadt is a commie. Let's do some math: Let's say it takes 1 computer 1,000,000 years to brute force message A. Then, theoretically, it will take 2 computers half that time: 500,000 years. 3 computers: 333,333 years, ... and so on. Eventually, it comes down to this: 1 billion computers working in parallel will decrypt message A in .365 of a day, about 8 hours. And 10 billion computers will decrypt message A in less than an hour. And 100 billion computers will decrypt the message before you actually ask the computers to do so. Now, I know you are an intelligent individual, but do you really think that the DOD was paying $600 for a hammer since WWII? No. The DOD paid the normal $23 for a contractor supplied hammer, and put the rest into a long term black ops IT project in coordination with the defense contractors and built up the NSA's toy room into an IT infrastructure that would make the Krells's underground labs in "Forbidden Planet" look like the work of brain-damaged infants. Don't even get me started on their time-space travel machines. :) John Hebert -----Original Message----- From: Alvaro Zuniga To: [email protected] Sent: 6/18/03 10:54 AM Subject: Re: GPG does not provide "end to end encryption", but only mail c onte nt encryption was RE: [brlug-general] Cox and smtp pain today. Thanks John: How possible is for one of this messages to be decrypted? I have read that GPG encryption has yet to be broken. Is that an outdated fact? For what I understand about brute force algorithms, in order to break one of this messages, even with a small 8 character passphrase and say a 1024 bit encryption cipher, could take quit a bit of time. I am sure the numbers I have are quite outdated due to the hardware improvement, clustering, etc. since the time I took a lecture on this subject; however, this number should fall at least on the years category, in which case the illicit love affair between x and y would most likely be over, is that not so( not about the affair )? I need to check out some info about those NSA's clusters. The "mile" word really captivated my heart. In terms of the headers of a message. How necessary is to indicate that a particular message is encrypted? I can only suspect that hackers are the only people that benefit from this information. The only use I see is for the programmer to know when to pop up passphrase box or fetch a public key. I would also expect the actual encrypted message to be free of headers because that would identify the fact that it is encrypted or at least some kind of hint. Thanks for the explanation, who knows what I was thinking. Alvaro Zuniga Date: Today 10:28:42 am How possible is for one of this messages to be decrypted? I have read that GPG encryption has yet to be broken. Is that an outdated fact? For what I understand about brute force algorithms, in order to break one of this messages, even with a small 8 character passphrase and say a 1024 bit encryption cipher, could take quit a bit of time. I am sure the numbers I have are quite outdated due to the hardware improvement, clustering, etc. since the time I took a lecture on this subject; however, this number should fall at least on the years category, in which case the illicit love affair between x and y would most likely be over, is that not so( not about the affair )? I need to check out some info about those NSA's clusters. The "mile" word really captivated my heart. In terms of the headers of a message. How necessary is to indicate that a particular message is encrypted? I can only suspect that hackers are the only people that benefit from this information. The only use I see is for the programmer to know when to pop up passphrase box or fetch a public key. I would also expect the actual encrypted message to be free of headers because that would identify the fact that it is encrypted or at least some kind of hint. Thanks for the explanation, who knows what I was thinking. Alvaro Zuniga On Tuesday 17 June 2003 11:06 pm, will hill wrote: > On 2003.06.17 20:23 John Hebert wrote: > > I think he meant that something like Carnivore could easily pick up the > > fact that only one out of ~100 messages were encrypted by parsing the > > message headers, and then somehow note that fact, or start a brute force > > decryption of it on the square miles of the NSA's underground server > > clusters. > > That's about it. Sometimes, the fact that you have something to tell > someone is more important than what you say. A sudden burst of encrypted > messages between JD Edwards and Peoplesoft might spark Lary's interest. > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
