[Discuss] KeePassX

Kent Borg kentborg at borg.org
Tue Aug 13 14:19:58 EDT 2013 

On 08/13/2013 01:29 PM, Richard Pieri wrote:
> If I did my math right, a facility like that can brute-force any 
> 80-bit key in about 32 hours. 

I'll accept your math, and it makes my point. You describe a facility 
that can only brute-force a couple hundred 80-bit keys a year.  Which 
means brute-forcing 80-bit keys is not something routine and cheap for 
the NSA, not when they think they need a plaintext copy of *everything*.

Sure, 32-hours is cheap when the spies are cracking into the Soviets or 
Red Chinese, but NSA sees more than two targets now, they think everyone 
on the planet is their target, at which point 32-hours is crushingly 
horrible.

> Keys smaller than about 68 bits (28 seconds) would probably take 
> longer to spin up the jobs than run the actual searches.

Even 28-seconds is crushing when your intention is to read everything.  
There are only 1.1 million of those 28-second windows in a year.

And don't forget the "trillion guesses a second" Snowden is quoted as 
advising, you might be giving the NSA too much credit.  Snowden has been 
described as paranoid and careful. Getting a public key for the reporter 
wasn't good enough for him, it was only good enough to describe 
something more secure that was maybe good enough for him. He might know 
what he is talking about.

Don't get me wrong: if you want to keep the NSA from decrypting your 
data, and if there is any reason to believe they might be seriously 
interested in you, be *extremely* careful, and use good encryption and 
use long passphrases with lots of real entropy in them, and protect 
them.  And worry about your endpoint security.  And don't make any 
mistakes.  And be lucky, too, for good measure.  I think we agree on 
that stuff.

But if enough millions of people start using a nice sloppy mishmash of 
halfway decent weak encryption on a daily basis, the NSA will have to 
choose what it cares about, and no, "everything" won't be an option any 
longer.

> Protip: every cipher has weaknesses.
>
> Protip 2: assume the NSA knows these weaknesses.

Protip 3: Weaknesses can be exploited, at a cost.

Something that NSA can afford one of, or a thousand of, is not something 
the NSA can afford in infinite quantities.  Bending their cost-curve 
matters.


-kb

More information about the Discuss mailing list