scary certificate for www.update.microsoft.com
zenadsl6186 at zen.co.uk
Mon Jun 18 23:27:38 BST 2012
Ian Batten wrote:
> On 18 Jun 2012, at 20:16, Peter Fairbrother wrote:
>> Ben Liddicott wrote:
>>> RSA is not in suite B either.
>> A big trail of big suppositions follows. There may be nothing in
>> Suppose GCQH have made a small theoretical improvement in factoring
>> or breaking RSA, and NSA has built the hardware to do it - maybe
>> enough for 200 1kbit keys per year.
>> As many sites update their keys twice a year, suppose that NSA has
>> the private keys to 1000 certificates at any time. Say 50 of these
>> are used for spy stuff, and 500 are the keys are used to - unlock
>> the 50 biggest https sites.
> Presumably that's 100, 50, 50 not 1000, 50, 500.
Da. I couldn't decide which set to use, it's all just guesswork. Eg 1000
gives you (them) some VPNs. and 100 probably doesn't.
>> Now NSA can collect internet traffic because the President lets
>> them, and GCHQ want access to raw internet traffic - after all,
>> it's no good having the keys if you can't access the traffic, it's
>> not usually sent by broadcast radio any more.
> But how would this work in practice? Google roll their certificate
OK I'm dumb, but I don't know what that means.
-- peter F
Unless you can MITM the key immediately (ie, break RSA on
> demand) then you have to somehow make sure that traffic you collect
> is readable using a later factorisation. You need to hope that the
> website whose certificate you intend to factor doesn't supprt PFS.
> Oh dear: http://www.imperialviolet.org/2011/11/22/forwardsecret.html
>> What better way to collect traffic than a comms bill like the
>> proposed one?
> But the moment there is the slightest suggestion that your hypothesis
> is true, PFS is there to thwart it. Spending £1.8bn on something to
> which there's a trivial counter-measure might rebound on the people
> asking for the budget.
More information about the ukcrypto