Creating a key bearing no user ID
Robert J. Hansen
rjh at sixdemonbag.org
Mon Jan 23 18:18:35 CET 2012
On 1/23/12 11:34 AM, Hubert Kario wrote:
> And there's a very good reson why you shouldn't be a fan of such
> comparisions: Unlike physical security, properly implemented
> cryptography is unbreakable at this time.
This, of course, handwaves the fact that cryptography more or less
*can't* be implemented properly. As long as human beings are in the
equation it will be misimplemented. Consider the NSA's VENONA project,
which was able to break one-time pads when the KGB had a braino and
reused key material.
We're not talking about some high school student sharing a Facebook
password with someone. This is the KGB, one of the most professional
intelligence agencies that's ever existed. KGB agents were highly
motivated to practice good tradecraft, because if they didn't they might
get shot in the back of the head in the basement of the Lyubyanka. So
even with the (substantial) organizational resources of the KGB, with
the (significant) communications security training given to KGB field
agents, with the (extreme) penalties for transgression, even then
somebody was dumb enough to reuse a key pad.
The lesson I take from this is that the phrase "properly implemented
cryptography" is about as useful as talking about absolute zero. It's
useful to show what the limit is, but it can never be reached, and
anyone who believes they are immune to this is the lawful prey of those
who know otherwise.
More information about the Gnupg-users