--=-2GmL8Z3epWDL801YO1DR Content-Type: text/plain Content-Transfer-Encoding: quoted-printable
You are talking in code again I think On Wed, 2003-06-18 at 13:00, John Hebert wrote: > Call me sillier, but if I knew that for certain, do you think I would be > discussing it on a public mailing list? >=20 > It was a joke, based on exaggerated extrapolation. Now shut up, watch som= e > TV, and then drive your SUV to Walmart to buy something. >=20 > John Hebert >=20 > -----Original Message----- > From: Brad N Bendily > To: '[email protected] ' > Sent: 6/18/03 12:47 PM > Subject: Re: NSA's decryption clusters vs GPG, et.al. was RE: GPG does no= t > pro vide "end to end encryption", but only mail c onte nt encryption was = RE: > [brlug-general] Cox and smtp pain today. >=20 > call me silly but, do you know this? or is that your best guess? >=20 > Brad B >=20 >=20 >=20 > On Wed, 18 Jun 2003, John Hebert wrote: >=20 > > Well Alvaro, if you really insist we discuss this on a public list, > then I > > first must give a shout out to the ECHELON homeys: Howdy! > >=20 > > GPG has yet to broken, as far as is publicly known. However, you admit > > yourself that the estimates for brute force attack are outdated. > >=20 > > Just what do you think the DOD did with all of those old Cold War > bunkers > > around DC? They filled em full of blade stuffed racks running Linux > clusters > > and put em to work in parallel doing brute force decryption. They were > gonna > > upgrade to OpenBSD but they found out Theo de Raadt is a commie. > >=20 > > Let's do some math: > >=20 > > Let's say it takes 1 computer 1,000,000 years to brute force message > A. > > Then, theoretically, it will take 2 computers half that time: 500,000 > years. > > 3 computers: 333,333 years, ... and so on. > >=20 > > Eventually, it comes down to this: 1 billion computers working in > parallel > > will decrypt message A in .365 of a day, about 8 hours. And 10 billion > > computers will decrypt message A in less than an hour. And 100 billion > > computers will decrypt the message before you actually ask the > computers to > > do so. > >=20 > > Now, I know you are an intelligent individual, but do you really think > that > > the DOD was paying $600 for a hammer since WWII? No. The DOD paid the > normal > > $23 for a contractor supplied hammer, and put the rest into a long > term > > black ops IT project in coordination with the defense contractors and > built > > up the NSA's toy room into an IT infrastructure that would make the > Krells's > > underground labs in "Forbidden Planet" look like the work of > brain-damaged > > infants. > >=20 > > Don't even get me started on their time-space travel machines. > >=20 > > :) > >=20 > > John Hebert > >=20 > > -----Original Message----- > > From: Alvaro Zuniga > > To: [email protected] > > Sent: 6/18/03 10:54 AM > > Subject: Re: GPG does not provide "end to end encryption", but only > mail c > > onte nt encryption was RE: [brlug-general] Cox and smtp pain today. > >=20 > > Thanks John: > >=20 > > How possible is for one of this messages to be decrypted? I have read > > that GPG=20 > > encryption has yet to be broken. Is that an outdated fact? For what I=20 > > understand about brute force algorithms, in order to break one of this >=20 > > messages, even with a small 8 character passphrase and say a 1024 bit=20 > > encryption cipher, could take quit a bit of time. I am sure the > numbers > > I=20 > > have are quite outdated due to the hardware improvement, clustering, > > etc. =20 > > since the time I took a lecture on this subject; however, this number > > should=20 > > fall at least on the years category, in which case the illicit love > > affair=20 > > between x and y would most likely be over, is that not so( not about > the > >=20 > > affair )? I need to check out some info about those NSA's clusters. > The=20 > > "mile" word really captivated my heart.=20 > >=20 > > In terms of the headers of a message. How necessary is to indicate > that > > a=20 > > particular message is encrypted? I can only suspect that hackers are > the > > only=20 > > people that benefit from this information. The only use I see is for > > the=20 > > programmer to know when to pop up passphrase box or fetch a public > key. > > I=20 > > would also expect the actual encrypted message to be free of headers > > because=20 > > that would identify the fact that it is encrypted or at least some > kind > > of=20 > > hint. > >=20 > > Thanks for the explanation, who knows what I was thinking. > >=20 > > Alvaro Zuniga > >=20 > >=20 > > Date:=20 > > Today 10:28:42 am > >=20 > >=20 > > How possible is for one of this messages to be decrypted? I have read > > that GPG=20 > > encryption has yet to be broken. Is that an outdated fact? For what I=20 > > understand about brute force algorithms, in order to break one of this >=20 > > messages, even with a small 8 character passphrase and say a 1024 bit=20 > > encryption cipher, could take quit a bit of time. I am sure the > numbers > > I=20 > > have are quite outdated due to the hardware improvement, clustering, > > etc. =20 > > since the time I took a lecture on this subject; however, this number > > should=20 > > fall at least on the years category, in which case the illicit love > > affair=20 > > between x and y would most likely be over, is that not so( not about > the > >=20 > > affair )? I need to check out some info about those NSA's clusters. > The=20 > > "mile" word really captivated my heart.=20 > >=20 > > In terms of the headers of a message. How necessary is to indicate > that > > a=20 > > particular message is encrypted? I can only suspect that hackers are > the > > only=20 > > people that benefit from this information. The only use I see is for > > the=20 > > programmer to know when to pop up passphrase box or fetch a public > key. > > I=20 > > would also expect the actual encrypted message to be free of headers > > because=20 > > that would identify the fact that it is encrypted or at least some > kind > > of=20 > > hint. > >=20 > > Thanks for the explanation, who knows what I was thinking. > >=20 > > Alvaro Zuniga > >=20 > > On Tuesday 17 June 2003 11:06 pm, will hill wrote: > > > On 2003.06.17 20:23 John Hebert wrote: > > > > I think he meant that something like Carnivore could easily pick > up > > the > > > > fact that only one out of ~100 messages were encrypted by parsing > > the > > > > message headers, and then somehow note that fact, or start a brute > > force > > > > decryption of it on the square miles of the NSA's underground > server > > > > clusters. > > > > > > That's about it. Sometimes, the fact that you have something to > tell > > > someone is more important than what you say. A sudden burst of > > encrypted > > > messages between JD Edwards and Peoplesoft might spark Lary's > > interest. > > > > > > _______________________________________________ > > > General mailing list > > > [email protected] > > > http://brlug.net/mailman/listinfo/general_brlug.net > >=20 > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > >=20 > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > >=20 >=20 >=20 > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net >=20 > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net --=-2GmL8Z3epWDL801YO1DR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA+8K5VadbUG229XJoRAjZ9AJ44ROQ9K79wMhFBNn0ZyPCsc2hJsgCgoW7K sst2N+3eJAMfX+nMWbgDizI= =LbTR -----END PGP SIGNATURE----- --=-2GmL8Z3epWDL801YO1DR--
