just saw this article on the hindustantimes website. http://www.hindustantimes.com/news/181_564333,0008.htm
the story mentions the CBI has software to decrypt encrypted email text as well, and the software is created by IIT kanpur and deptt of IT. i assume this probably means PGP or GPG encrypted emails too.
The text of the story says:
[...]
"The Central Bureau of Investigation (CBI) is developing a software capable of “capturing” e-mails. Called “Network Monitoring Tool” (NMT), it will enable investigators to read scrambled data, a tactic often used by criminals and terrorists to hide information.
The NMT software is also capable of sneaking into a suspect’s personal computer and obtaining encryption keys."
[...]
I find both of these two paragraphs contradictory or bullshit PR at the best. If the USP of the software is to sneak into computers and steal encryption keys, then what kind of "sniffing/de-scrambling" are they doing?
And if they are actually de-scrambling data, why do they need to sneak in and steal encryption keys?
In any case, breaking the standard 1024 key gpg/pgp keys is not, IIRC, a trivial task. I dont understand the distinction between x509 based certificates and PGP keys completely, but they are both based of the public-key/private-key concept. If even breaking the 128-bit encryption offered by SSL websites is non-trivial to break, dont you think 1024 bit keys are going to be more difficult to break by orders of magnitude?
- Sandip
-- Sandip Bhattacharya http://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com
_______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
