Jerry Feldman wrote:
recipient's public key), so to make this bidierctional they need to
break 2 keys, so the job gets more difficult. Breaking the session key
The public key is more easily recovered from, say, a public key server.
This requires no effort at all.
It may be easier -- and it will become easier as time passes -- to
factor the prime numbers that comprise the public key and use them to
recreate the private key. The strength of RSA is that it is very, very
computationally expensive to factor large prime numbers.
Kent Borg wrote:
> if you are doing SSL with that public key, the key exchange cannot be
> understood by a passive observer, so passively recording the packets
> will not let someone later decrypt the exchange.
If you have the certificate and you can snoop the session handshake then
you can recover the session key and decrypt the session. The security of
the secret key is paramount to every PK system.
I assert that the NSA have compromised the public CAs just as they have
compromised the service providers. This is computationally very
inexpensive. It simply requires the FISC to fire up Word and print out a
few national security letters. The NSA either have copies of all of the
certificates issued by public CAs or can obtain them upon request.
As you repeatedly point out, the NSA wants to store everything.
"Everything" includes SSL handshakes.
Certificate + handshake = session key => decrypted session in real time.
Any user, any session, any time, any reason. No cryptanalysis needed. No
brute force needed.
--
Rich P.
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
