BBCR4 on Crypto-wars today at 13:30

Ian Batten igb at batten.eu.org
Thu Mar 20 15:50:44 GMT 2014


On 18 Mar 2014, at 10:32, Clive D.W. Feather <clive at davros.org> wrote:

> Ian Batten said:
>> I suspect it doesn't matter, because there are no (for practical purposes) safes which cannot be opened given large, but achievable, resources if you have physical access to the safe.   Very secure storage facilities (the safe in Area 51 where they keep the alien autopsy report) don't rely on super-sekrit safes that governments can't break into, they rely on defence in depth with fences, dogs, laws, CCTV and men with guns.   The problem safe-crackers have is not in opening the safe, but in opening the safe without being detected before they finish the job.  
> 
> Which is why, apparently, safes are rated for value versus time - how much
> resources are required to open the safe within that time.

And the more secure safes are according to that formulation, the expensive they are, both in capital and operational terms.  The point about crypto which makes analogies with safes unhelpful is the extreme disparity of cost between the attacker and the defender.  A thirty quid Raspberry Pi will run AES256-CBC at about 7MB/sec, and subject to the keys being well chosen (a big "subject") there are no brute force attacks that don't involve the conversion of solar systems into computers.  I'm guessing that a thirty quid safe from Amazon opens when shown a thirty bob hammer.

ian


More information about the ukcrypto mailing list