[nycbug-talk] Hot Story: German Gov. intelligence agencies decrypt PGP, SSH
George Rosamond
george at ceetonetechnology.com
Sun Jun 16 20:09:50 EDT 2013
Isaac (.ike) Levy:
> Hi All,
>
> To throw a little chicken little into what is otherwise a beautiful
> weekend,
>
> A google translation says: "The federal government declared that its
> secret services were basically able to decrypt PGP and Secure Shell,
> at least partially."
>
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
>
> -- Apparently, GnuPG list and others merely have links to this
> article, I haven't found anything more except links to this vague
> original article.
>
> Thoughts? Is tomorrow morning's commute to work going to look like
> that new Brad Pitt movie, *or*, are we looking at a dopey expose of
> well-known widespread worst-practices in cryptographic
> misunderstandings?
I don't know if there's more to this, but this may be the important part:
<quote>
The response of the federal government is: "Yes, the technology used is
generally in a position, depending on the type and quality of the
encryption."
</quote>
What? Key length? Encryption type? Password strength?
My feeling has always been that an adversary with sufficient resources
and high enough stakes can break anything.
If you're Jane Q Nobody crossing a border, and they image your drive and
there's cipher text that's hard to crack, I doubt they devote the
resources. But if you're a priority target, I'm sure they would and
ultimately could.
Passwd strength is usually the weak link though, not the encryption itself.
g
More information about the talk
mailing list