Minister promises that Part III is coming
Owen Lewis
ukcrypto at chiark.greenend.org.uk
Mon, 15 May 2006 13:02:28 -0000
> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ian G Batten
> Sent: 15 May 2006 11:57
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: Minister promises that Part III is coming
>
>
>
> On 15 May 2006, at 12:48, Owen Lewis wrote:
> > Because the exploitations that caused the
> > said child molester to be banged up may be the same or similar to
> > those
> > applied against some terrorist group or even against some nuclear-
> > armed and
> > failed or rogue state.
>
> I've always taken comfort from that. There's always a know-it-all
> who says, unanswerably, ``of course, GCHQ can brute force 3DES|AES256|
> OTP in a day''. My logic has been that even if we accept for a
> moment that they can --- which I don't --- they're hardly going to
> reveal their hand for anything I'm likely to be involved in. So
> even if it turned out that AES256 had a flaw that rendered it
> tractable, the purposes to which that's going to be put don't include
> decrypting my ssh sessions.
There's an important additional argument too that addresses fear of wanton
and mass abuse and that is the limitations of capacity.
For simple illustration, let's assume that there's a black box into which an
intercepted cipher text can be fed and which will produce plain text output
with a delay 30 secs for crunching a cipher text of unknown key. This means
that the box has a maximum throughput of under 3000 intercepts per day. OK,
so one could have a battery of boxes but how many would one need to crunch
the complete ssh sessions of the UK? And how effective a return of capital
investment would that be likely to produce? For myself, I can't see it.
Then there is the manpower tail. Collectors; linguists; analysts; reporters;
operational directors; strategic planners; users. Not to mention HR
departments, training schools, pension administrators; health and safety
workers etc. ad nauseam. How many intercepts a day before they've got more
employees than there are possible targets? When all is said and done, this
is a non-revenue earning public service body.
Owen