Dear John: I suppose from this point of view there is not need to even bother with=20 encryption because brute force eventually prevails. However, a better ciph= er=20 requires that many more computers exponentially; therefore, we could at=20 least make it more difficult for those who really care about our business.
This reminds me of that John Travolta movie swordfish where the computer=20 person gradually quintuple the encryption of an algorithm to hide a bank=20 account. He also kept switching the values every few seconds ensuring that = it=20 would be impossible to decrypt using brute force. Take care, Alvaro Zu=F1iga On Wednesday 18 June 2003 11:29 am, John Hebert wrote: > Well Alvaro, if you really insist we discuss this on a public list, then I > first must give a shout out to the ECHELON homeys: Howdy! > > GPG has yet to broken, as far as is publicly known. However, you admit > yourself that the estimates for brute force attack are outdated. > > Just what do you think the DOD did with all of those old Cold War bunkers > around DC? They filled em full of blade stuffed racks running Linux > clusters and put em to work in parallel doing brute force decryption. They > were gonna upgrade to OpenBSD but they found out Theo de Raadt is a commi= e. > > Let's do some math: > > Let's say it takes 1 computer 1,000,000 years to brute force message A. > Then, theoretically, it will take 2 computers half that time: 500,000 > years. 3 computers: 333,333 years, ... and so on. > > Eventually, it comes down to this: 1 billion computers working in parallel > will decrypt message A in .365 of a day, about 8 hours. And 10 billion > computers will decrypt message A in less than an hour. And 100 billion > computers will decrypt the message before you actually ask the computers = to > do so. > > Now, I know you are an intelligent individual, but do you really think th= at > the DOD was paying $600 for a hammer since WWII? No. The DOD paid the > normal $23 for a contractor supplied hammer, and put the rest into a long > term black ops IT project in coordination with the defense contractors and > built up the NSA's toy room into an IT infrastructure that would make the > Krells's underground labs in "Forbidden Planet" look like the work of > brain-damaged infants. > > Don't even get me started on their time-space travel machines. > > :) > > John Hebert > > -----Original Message----- > From: Alvaro Zuniga > To: [email protected] > Sent: 6/18/03 10:54 AM > Subject: Re: GPG does not provide "end to end encryption", but only mail c > onte nt encryption was RE: [brlug-general] Cox and smtp pain today. > > Thanks John: > > How possible is for one of this messages to be decrypted? I have read > that GPG > encryption has yet to be broken. Is that an outdated fact? For what I > understand about brute force algorithms, in order to break one of this > messages, even with a small 8 character passphrase and say a 1024 bit > encryption cipher, could take quit a bit of time. I am sure the numbers > I > have are quite outdated due to the hardware improvement, clustering, > etc. > since the time I took a lecture on this subject; however, this number > should > fall at least on the years category, in which case the illicit love > affair > between x and y would most likely be over, is that not so( not about the > > affair )? I need to check out some info about those NSA's clusters. The > "mile" word really captivated my heart. > > In terms of the headers of a message. How necessary is to indicate that > a > particular message is encrypted? I can only suspect that hackers are the > only > people that benefit from this information. The only use I see is for > the > programmer to know when to pop up passphrase box or fetch a public key. > I > would also expect the actual encrypted message to be free of headers > because > that would identify the fact that it is encrypted or at least some kind > of > hint. > > Thanks for the explanation, who knows what I was thinking. > > Alvaro Zuniga > > > Date: > Today 10:28:42 am > > > How possible is for one of this messages to be decrypted? I have read > that GPG > encryption has yet to be broken. Is that an outdated fact? For what I > understand about brute force algorithms, in order to break one of this > messages, even with a small 8 character passphrase and say a 1024 bit > encryption cipher, could take quit a bit of time. I am sure the numbers > I > have are quite outdated due to the hardware improvement, clustering, > etc. > since the time I took a lecture on this subject; however, this number > should > fall at least on the years category, in which case the illicit love > affair > between x and y would most likely be over, is that not so( not about the > > affair )? I need to check out some info about those NSA's clusters. The > "mile" word really captivated my heart. > > In terms of the headers of a message. How necessary is to indicate that > a > particular message is encrypted? I can only suspect that hackers are the > only > people that benefit from this information. The only use I see is for > the > programmer to know when to pop up passphrase box or fetch a public key. > I > would also expect the actual encrypted message to be free of headers > because > that would identify the fact that it is encrypted or at least some kind > of > hint. > > Thanks for the explanation, who knows what I was thinking. > > Alvaro Zuniga > > On Tuesday 17 June 2003 11:06 pm, will hill wrote: > > On 2003.06.17 20:23 John Hebert wrote: > > > I think he meant that something like Carnivore could easily pick up > > the > > > > fact that only one out of ~100 messages were encrypted by parsing > > the > > > > message headers, and then somehow note that fact, or start a brute > > force > > > > decryption of it on the square miles of the NSA's underground server > > > clusters. > > > > That's about it. Sometimes, the fact that you have something to tell > > someone is more important than what you say. A sudden burst of > > encrypted > > > messages between JD Edwards and Peoplesoft might spark Lary's > > interest. > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net
