--- On Tue, 6/2/09, Charles Wyble <charles@thewybles.com> wrote:
Encryption is insufficient - if you let someone have
David Barak wrote: physical access for a long enough period, they'll eventually crack anything.
Really? I don't think so. I imagine it would be much more dependent on the amount of computing power the attacker has access to. More encrypted blobs won't help. If that was the case then the various encryption schemes in wide use today would be cracked already. Bad guys can setup networks and blast data through it and have complete access. I don't see them cracking encryption.
Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1]. I'm not trying to argue that the attacker in this case could necessarily detect a flaw in the algorithm; rather, they'll get an effectively infinite number of chances to bang against it with no consequences. Once it's cracked, the attacker will *still* have the physical access which is thus compromised, and then has free access to all of the transmissions. Physical security is a prerequisite to all of the other approaches to communication security. Those cases where physical security is presumed to be non-existant have to rely on a lot of out-of-band knowledge for any given method to be resistant to attack, and it's very hard to make use of a connection of that type for regular operations. Pretty much all security eventually boils down to people with firearms saying "don't do that." David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com