Re: [LIG] Re: [ilugd] CBI is logged in, checking your email?

[Raj Shekhar]

Rishabh Manocha wrote:
i am pretty sure they r able to crack passwords but i dont know how easily
they will decrypt pgp encrypted messages or ssh connections.


PGP encrypted messages can be cracked. Given that it would require 
something around 10,000,000,000,000 years, we can stop worrying about it 
now. I am quoting from the PGP FAQ 
http://pgp.dtype.org/pgpnet/pgp-faq/faq-03.html#3.1


 Can't you break PGP by trying all of the possible keys?
This is one of the first questions that people ask when they are first 
introduced to cryptography. They do not understand the size of the 
problem. For the IDEA encryption scheme, a 128 bit key is required. Any 
one of the 2^128 possible combinations would be legal as a key, and only 
that one key would successfully decrypt all message blocks. Let's say 
that you had developed a special purpose chip that could try a billion 
keys per second. This is FAR beyond anything that could really be 
developed today. Let's also say that you could afford to throw a billion 
such chips at the problem at the same time. It would still require over 
10,000,000,000,000 years to try all of the possible 128 bit keys. That 
is something like a thousand times the age of the known universe! While 
the speed of computers continues to increase and their cost decrease at 
a very rapid pace, it will probably never get to the point that IDEA 
could be broken by the brute force attack.




--
   / \__
  (@\___Raj Shekhar
  / O   My home : http://geocities.com/lunatech3007/
 /   (_/My blog : http://lunatech.journalspace.com/
/_/   U 


___
ilugd mailing list
[EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd

Re: [LIG] Re: [ilugd] CBI is logged in, checking your email?

[Rishabh Manocha]

--
Rishabh Manocha
http://www.cs.utexas.edu/users/rmanocha
**Your Quote for the day**
Sir, if you were my husband, I would poison your drink.
--Lady Astor to Winston Churchill
Madam, if you were my wife, I would drink it.
--His reply
**

On Sun, 8 Feb 2004, Suresh Ramasubramanian wrote:

 LinuxLingam wrote:
 
  The NMT has been made functional since October last year, though work
  is on to improve the software. The CBI has officially used it in four
  to five cases related to organised crime and terrorism.

 Two or three things ...

 1. A lot of email is sent in the clear - plain text.  Stick a packet
 sniffer of some sort in there and set it to sniff all connections coming
 from whichever IP the monitored party is logged in to.  Quite simple.
something like ethereal which is a very good packet sniffer...all kinds at
that...wireless,LAN and dial up...they could also use tcpdump to test some
connections.


 2. sneak into a computer?  Maybe use a keylogger - download it onto
 the guy's machine ... god knows, most users are dumb enough to click on
 anything they get and install it.  Then even his key passphrase is
 compromised.  Of course, the government does have this completely
 unenforced, and unenforceable rule, that users of strong cryptography
 must deposit a copy of their keypair in escrow ...
something like sebek which is a keylogger acting over a honeyd.this module
is compiled into the kernel(i know about the linux version) and does not
show up in the listins of the installed or loaded
modules(www.honeynet.org).


 3. And maybe, as the government already gets one of the guy's passwords
 (the one he uses at his ISP) without too much trouble, they have a very
 good starting point when they start to try guess his other passwords.

i am pretty sure they r able to crack passwords but i dont know how easily
they will decrypt pgp encrypted messages or ssh connections.

Rishabh
   srs

 ___
 ilugd mailing list
 [EMAIL PROTECTED]
 http://frodo.hserus.net/mailman/listinfo/ilugd


___
ilugd mailing list
[EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd