Hi, > anything higher than 256 bit is extremely hard to crack???? Sorry, I have to disagree. There are for the sake of the discussion 2 main methods to crack a secured communication channel. 1) brute force with a cray. This is hard - very hard. 2) alternative approaches, much much easier.
What does an alternative approach look like? I have described several of them a)look for the password on a bit of paper b)disk image, get the private key c)send the local lads around with rubber hoses etc. d)execute a search warrant on the internet telephony provider, and ask them to send an unencoded copy of the conversation to the local police. e)install a microbug in the telephone handset/microphone cable/computer mic/speaker connection etc. To be honest, the security provided by the key length is meaningless. There are so many other ways to listen in to the conversation. Now, tell me please which part of the logic below is faulty: the sum total of a,b,c,d is (in terms of difficulty) much much less than the brute force approach. Conclusion: forget the level of security provided by the key length. The only way to get comms secure is to secure every aspect. You have to secure the PC, you have to remove the middle man, you have to make sure the other end is equally secure, and then, once it is totally secure, does this not provide a red rag advising whoever that you have something to hide? Derek. =========================================== On Fri, 17 Dec 2004, Rowan wrote: > On Fri, 2004-12-17 at 19:32, Volker Kuhlmann wrote: > > > > Or the contemporary slightly more civilised but otherwise identical > > variant of the Brits: > > > > Police to you: give us your encryption keys now or else we'll take you > > straight to the bunker. > > > > Volker > > I do recall reading an article in the Press (I think) several years ago > that said: It is illegal to use any encryption higher that 256 bit in > the U.S. - as I recall the article said that anything higher is > EXTREMELY difficult for the spooks at Langley to crack. In the U.K. you > can use anything you like but you must hand over the key, on demand, to > their 'agencies'. Refusal will get you a custodial holiday and put onto > every security list that they have. > Maybe things have changed but I very much doubt it. > > Rowan > > > -- Derek Smithies Ph.D. This PC runs pine on linux for email IndraNet Technologies Ltd. If you find a virus apparently from me, it has Email: [EMAIL PROTECTED] forged the e-mail headers on someone else's machine ph +64 3 365 6485 Please do not notify me when (apparently) receiving a Web: http://www.indranet-technologies.com/ windows virus from me......
