On Sep 12, 2013, at 3:16 PM, "Dickson, Brian" <bdick...@verisign.com> wrote: > Excluding the direct methods of acquisition, let us consider the level of > effort involved in recreating the root key, by brute force.
I think we can assume that they would use some fairly subtle attack to get the key, and would not brute force it, unless they know something we do not. E.g., they might capture it using TEMPEST-style or other EMI-based attacks, or by buying a sufficiency of key holders (which I suspect would be a lot harder at the moment, but might not always be as hard).
