First: this is a fascinating discussion. Thank you. Second: On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote:
There will be indeed be _plenty_ of ways that a low bit rate channel can do everything the right adversary needs.
A few bits for second is plenty of data rate for sending control commands/rule changes to a router backdoor mechanism, stealing passwords, or leaking cryptographic keys required to decrypt the VPN data stream intercepted from elsewhere on the network, leaking counters, snmp communities, or interface descriptions, or criteria-selected forwarded data samples, etc....
I was actually thinking much slower: a few bits per *day*. Maybe slower yet. (So what if it takes a month to transmit a single 15-character password?) For people who think in terms of instant gratification, or perhaps, in next-quarter terms, or perhaps, in next-year terms, that might be unacceptabe. But for people who think in terms of next-decade or beyond, it might suffice. And if the goal is not "get the password for router 12345" but "get as many as possible", then a scattered, random, slow approach might yield the best results -- *because* it's scattered, random, and slow. ---rsk