encryption algorithm

Robert J. Hansen rjh at sixdemonbag.org
Wed Dec 18 04:33:35 CET 2013


On 12/17/2013 9:41 PM, Matt D wrote:
> OK, I see.  So . . . if brute force is impossible, then what sort of
> an attack is possible?

Too many to list.  Depends largely on your attacker's budget and the
constraints of their operation.  For instance, if I don't care if you
know I've compromised your traffic, I'll tie you to a chair and start
swinging a pipe wrench at your kneecaps.  Cheap and effective.

Or I can target your machine for compromise.  If I can trick you into
visiting a particular URL I might be able to plant a remote-root on your
desktop and gain control over it.  At that point it's easy to run a
keylogger to intercept your passphrase, and easy to copy your private
key off your desktop.

Or I can hire a $5,000-a-night hooker.  I'm pretty sure that inside of a
week you'd be willing to tell your new charming companion pretty much
anything.  The KGB employed this against United States cipher clerks
with amazing success.

Or... etc.  The list goes on and on and on.  In fact, there are so many
ways to gain access to your traffic that I think obsessing over whether
the default should be 2048-bits or 3072-bits is ... it's like arguing
over whether your security fence should be 100 feet high or 120 feet
high.  Either way you need to pay more attention to the guy who's
digging a tunnel underneath it.




More information about the Gnupg-users mailing list