On 1/23/12 11:34 AM, Hubert Kario wrote: > And there's a very good reson why you shouldn't be a fan of such > comparisions: Unlike physical security, properly implemented > cryptography is unbreakable at this time.
This, of course, handwaves the fact that cryptography more or less *can't* be implemented properly. As long as human beings are in the equation it will be misimplemented. Consider the NSA's VENONA project, which was able to break one-time pads when the KGB had a braino and reused key material. We're not talking about some high school student sharing a Facebook password with someone. This is the KGB, one of the most professional intelligence agencies that's ever existed. KGB agents were highly motivated to practice good tradecraft, because if they didn't they might get shot in the back of the head in the basement of the Lyubyanka. So even with the (substantial) organizational resources of the KGB, with the (significant) communications security training given to KGB field agents, with the (extreme) penalties for transgression, even then somebody was dumb enough to reuse a key pad. The lesson I take from this is that the phrase "properly implemented cryptography" is about as useful as talking about absolute zero. It's useful to show what the limit is, but it can never be reached, and anyone who believes they are immune to this is the lawful prey of those who know otherwise. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users