Ryan Malayter ryan at
Fri Nov 4 22:23:42 CET 2005

On 11/4/05, Jean-David Beyer <jdbeyer at> wrote:
> I guess it depends on how your paranoia works, and about whom you choose to
> be paranoid. Does the NSA recommend ECC for government use so that another
> government agency (e.g., the NSA) can read, if necessary or desired by the
> parties that control that government agency? If so, I would assume they know
> how to crack ECC. In that case I would not want to use ECC.
> Or do they know how to crack everything else and have not yet cracked ECC?
> In that case, I would want to use ECC.
> Paranoia is a wonderful thing, but it can trap you in dilemmas like this.

I don't like being a wet blanket, but as Bruce Schneier likes to point
out, a smart attacker (the NSA certainly qualifies) will not expend
resources trying to crack your crypto at all. No matter what crypto
you use, so long as the crypto is reasonably strong and not trivial to
break. There are far weaker points in the system (specifically:
pass-phrases, endpoint hardware, operating systems, client
applications, and your personal resistance to torture or other forms
of coercion).

We all love crypto here, and it is fun to compare algorithms and
protocols and what-not. Dream up attack scenarios. And crytpo does
indeed make us safer from a lot of attacks, such as those where
adversaries only have the means to intercept or forge communications.
As such, crypto is a good countermeasure against the average Joe
bad-guy out there on the Internet.

But to think that this algorithm vs. that algorithm is going to stop a
very smart or well-funded attacker is folly. The crypto isn't the weak
point in the system. Which is why the uproar over vulnerabilities in
SHA-1 are (currently) silly, as far as I'm concerned. Yes, we should
think about replacing SHA-1 fairly soon. But no need to panic jsut
yet. It's still far easier to compromise a electronic system using
other nefarious means. Doing 2^63 hash operations to find collisions
isn't a cost-effective attack, even for the NSA. Unless the end result
is extraordinarily valuable (like, say, being able to forge orders to
another nation's military assets.)

If you're *really* paranoid, you should think about ways to not have
enemies like the NSA at all. Or at the very least, find the best ways
to fly beneath their radar completely. The same goes for just about
any other government entity in any nation. Because crypto won't
protect you from the NSA, the DGSE, or even a reasonably sized
organized crime syndicate.

All problems can be solved by diplomacy, but violence and treachery
are equally effective, and more fun.

More information about the Gnupg-users mailing list