On Sun, Mar 18, 2012 at 6:40 PM, Jonathan Thornburg <jth...@astro.indiana.edu> wrote: > On Sun, 18 Mar 2012, Randall Webmail wrote: >> I suppose we've all seen the "proofs" that brute-forcing PGP would >> take a supercomputer the size of the planet longer than the age of >> the universe to accomplish. Was the math faulty in those proofs, >> or is it true, and the NSA is just empire-building? > > Maybe they only plan to brute-force human-provided passphrases used > to generate AES keys?
Personally, I think Wired got it wrong. If I were the NSA, I wouldn't focus (so much) on breaking AES. I'd work on breaking RSA. Think about it. Vast majority of encrypted traffic on the internet is SSL/TLS and breaking RSA gives you immediate access to *all* sessions (AES or otherwise) to a server rather then each session key as in the case with AES. Sure, RSA 2048 is probably a bit much to ask, but how many sites are still using 1024? The one reason I believe this to be more likely is this quote: "Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages." Frankly, it doesn't make sense to me that they need "massive number of those messages for the computers to analyze" for AES unless you believe they're using it improperly. But if we agree that the target is SSL/TLS then there's little advantage to keep all those messages, other then waiting for computers to get fast enough that you can go back and break each session key individually years later. However, RSA keys are pretty static and theoretically having a database of messages all encrypted using the same RSA private key could give you some clues to accelerate breaking the key which would give you instant access to all the AES/RC4/etc session keys used in SSL/TLS. At least that's my $.02 -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography