<div dir="ltr">Have you rotated your keys and update the bits this year?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jun 16, 2013 at 8:09 PM, George Rosamond <span dir="ltr"><<a href="mailto:george@ceetonetechnology.com" target="_blank">george@ceetonetechnology.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Isaac (.ike) Levy:<br>
<div class="im">> Hi All,<br>
><br>
> To throw a little chicken little into what is otherwise a beautiful<br>
> weekend,<br>
><br>
> A google translation says: "The federal government declared that its<br>
> secret services were basically able to decrypt PGP and Secure Shell,<br>
> at least partially."<br>
><br>
> <a href="http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html" target="_blank">http://translate.google.com/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-entschluesseln-1205-92031.html</a><br>
><br>
> -- Apparently, GnuPG list and others merely have links to this<br>
> article, I haven't found anything more except links to this vague<br>
> original article.<br>
><br>
> Thoughts? Is tomorrow morning's commute to work going to look like<br>
> that new Brad Pitt movie, *or*, are we looking at a dopey expose of<br>
> well-known widespread worst-practices in cryptographic<br>
> misunderstandings?<br>
<br>
</div>I don't know if there's more to this, but this may be the important part:<br>
<br>
<quote><br>
The response of the federal government is: "Yes, the technology used is<br>
generally in a position, depending on the type and quality of the<br>
encryption."<br>
</quote><br>
<br>
What? Key length? Encryption type? Password strength?<br>
<br>
My feeling has always been that an adversary with sufficient resources<br>
and high enough stakes can break anything.<br>
<br>
If you're Jane Q Nobody crossing a border, and they image your drive and<br>
there's cipher text that's hard to crack, I doubt they devote the<br>
resources. But if you're a priority target, I'm sure they would and<br>
ultimately could.<br>
<br>
Passwd strength is usually the weak link though, not the encryption itself.<br>
<div class="HOEnZb"><div class="h5"><br>
g<br>
<br>
_______________________________________________<br>
talk mailing list<br>
<a href="mailto:talk@lists.nycbug.org">talk@lists.nycbug.org</a><br>
<a href="http://lists.nycbug.org/mailman/listinfo/talk" target="_blank">http://lists.nycbug.org/mailman/listinfo/talk</a><br>
</div></div></blockquote></div><br></div>