--- On Tue, 6/2/09, Charles Wyble <char...@thewybles.com> wrote: > David Barak wrote: > > Encryption is insufficient - if you let someone have > physical access for a long enough period, they'll eventually > crack anything. > > Really? I don't think so. I imagine it would be much more > dependent on the amount of computing power the attacker has > access to. More encrypted blobs won't help. If that was the > case then the various encryption schemes in wide use today > would be cracked already. Bad guys can setup networks and > blast data through it and have complete access. I don't see > them cracking encryption.
Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1]. I'm not trying to argue that the attacker in this case could necessarily detect a flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no consequences. Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and then has free access to all of the transmissions. Physical security is a prerequisite to all of the other approaches to communication security. Those cases where physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to be resistant to attack, and it's very hard to make use of a connection of that type for regular operations. Pretty much all security eventually boils down to people with firearms saying "don't do that." David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com