On Aug 28, 2007 18:29:08, Christopher Sawtell wrote:
> It's now fairly well known that the initial efforts in Afghanistan
> were so successful was largely due to the enemy not fully
> understanding the above sentence. It's also my belief that PGP has,
> to some extent anyway, been broken by the spooks.
"Breaking PGP" is meaningless. Which encryption algorithm are you
suggesting "the spooks" have broken? All of them?
I use GNUPG to create 256-bit AES-encrypted messages when I want
privacy. I would consider it a very bold statement to say that
anyone has broken AES, in that they are able to recover the plaintext
given only the ciphertext, in an amount of time that would be useful to
any human generation.
The only known attacks against AES are side-channel attacks (i.e. not
really attacks against the algorithm, but attacks against
implementations that leak information), and they are theoretical at best.
The largest known successful brute-force was against a 64-bit RC5 key,
using distributed.net
I find it very unlikely that anyone can read my AES256-encrypted data.
Having said that, if organisations like the NSA are doing their job
properly, we wouldn't know if they secretly were able to break AES.
However I find that unlikely because AES with key sizes >= 192 bits is
approved for encryption of "top secret" data by the US government. I
doubt they'd use an algorithm that they knew was breakable for that.
They're not the only clever cryptographers in the world, and they can't
trust that if they know how to break the algorithm, their enemies won't
also find out.
Jasper
