[nycbug-talk] Hot Story: German Gov. intelligence agencies decrypt PGP, SSH

George Rosamond george at ceetonetechnology.com
Sun Jun 16 20:09:50 EDT 2013

Isaac (.ike) Levy:
> Hi All,
> To throw a little chicken little into what is otherwise a beautiful
> weekend,
> A google translation says: "The federal government declared that its
> secret services were basically able to decrypt PGP and Secure Shell,
> at least partially."
> http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html
>  -- Apparently, GnuPG list and others merely have links to this
> article, I haven't found anything more except links to this vague
> original article.
> Thoughts?  Is tomorrow morning's commute to work going to look like
> that new Brad Pitt movie, *or*, are we looking at a dopey expose of
> well-known widespread worst-practices in cryptographic
> misunderstandings?

I don't know if there's more to this, but this may be the important part:

The response of the federal government is: "Yes, the technology used is
generally in a position, depending on the type and quality of the

What?  Key length?  Encryption type?  Password strength?

My feeling has always been that an adversary with sufficient resources
and high enough stakes can break anything.

If you're Jane Q Nobody crossing a border, and they image your drive and
there's cipher text that's hard to crack, I doubt they devote the
resources.  But if you're a priority target, I'm sure they would and
ultimately could.

Passwd strength is usually the weak link though, not the encryption itself.


More information about the talk mailing list