Guest Posted May 23, 2002 Report Share Posted May 23, 2002 >> Even encrypted files systems that are now available on the easiest to use to desktop unix systems (Mandrake 8.2 and SuSE 8.0) will be cracked by any brute force effort backed up by a subpoena. << That's always easier said than done. Like the guy on HBO this morning who said after glancing at a hex dump: "That database is encrypted, it'll take me a day to crack it." Fact is that strong cryptograpy source code is available all over the net and brute force cracking that is beyond the means of any simple police force. A crypto guy (Dan Bernstein) recently suggested that a computer could be built to crack 1024 bit RSA keys in a day for 1.000.000.000 $US. I think it's highly unlikely that you run any real risks unless you leave your keys hanging around. Regards, Xenna PS: Unless you mean by brute force that they beat the locations of your keys out of you ;-) Link to comment Share on other sites More sharing options...
adikgede Posted May 23, 2002 Report Share Posted May 23, 2002 Are you referring to his announcement that 1024 is compromised: http://cert.uni-stuttgart.de/archive/isn/2002/03/msg00163.html That was six months ago do you think the price is still several hundred million to a billion today. Remember thats the cost of the computer not a days operation. The price comes down alot when you have more time to do it or you make a beowulf cluster out of all the CPUs that the GSA throws away each year. Brute force could also mean other methods of persuasion, like contempt of court or a good beating in interogation. The important bits of the article mentioned above: ... Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn. These costs would be significantly lowered with the use of a chip fab. As the panel pointed out: "It is a matter of public record that the National Security Agency [NSA] as well as the Chinese, Russian, French and many other intelligence agencies all operate their own fabs." And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each. "Would the NSA have built a device at less than half the cost of one of its satellites to be able to decipher the interception data obtained via many such satellites? The NSA would have to be derelict of duty to not have done so," he said. The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper. None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this. What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet". Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.