[Discuss] KeePassX
Jerry Feldman
gaf at blu.org
Wed Aug 14 06:34:48 EDT 2013
Agreed. But, breaking the session key only works for a single message or
a single session. If they want to target a specific individual, breaking
the RSA/DSA keys will give them access to all encrypted messages.
(within the context is that a sent message is encrypted by the
recipient's public key), so to make this bidierctional they need to
break 2 keys, so the job gets more difficult. Breaking the session key
works if they want to look at random messages, but breaking the RSA/DSA
keys woprks better when they have a specific target in mind.
On 08/13/2013 05:40 PM, Richard Pieri wrote:
> John Abreau wrote:
>> Nope, sorry, each individual message has its own unique session key.
>> Cracking the session key on one particular message tells you nothing
>> about the session key on subsequent messages.
>
> If I decrypt the message by breaking the session key then yes, I can
> only decrypt that one message.
>
> But, if I can do this then I know what the session key is. This means
> that I have a 100% known plain-text correspondence with the encrypted
> session key. This may make it easier to attack a given RSA or DSA key
> pair.
>
> Attacking the RSA or DSA asymmetric keys directly is believed to be
> more difficult than attacking the session key. Given that the NSA has
> approved both for commercial use, just as they have approved AES for
> commercial use, I assume that they are aware of exploitable weaknesses
> in both.
>
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
More information about the Discuss
mailing list