Re: [tlug] Good Overview Of What Is Still Secure?

["Stephen J. Turnbull" <stephen@example.com>]

fgs@example.com writes:

 > 2) There is a big difference between their theoretical capabilities, 
 > under "lab conditions" so to speak and their "real world success 
 > stories".

Well, actually there's three cases: theoretical possibilities based on
detected regularities discussed in the math journals, there's the
published successful attacks on specific examples by academics ("lab
conditions"), and then there's what security agencies with
billion-dollar budgets for crypto can do.  (I think "billion" is
perhaps a slight exaggeration, but it's less than two orders of
magnitude since Prism already costs 20 million dollars annually.)

You should also remember that we know a lot about scaling up software;
it's quite a different matter from scaling up a petroleum cracker.  A
successful attack by a team with a million-dollar budget can be
replicated at low cost thereafter.  I think we should assume that the
"production capabilities" are quite high.

Also, while the cryptanalysis teams would like to be able to read
everybody's mail in clear, you should remember that from our point of
view crypto is just one prong of a very wide-ranging signals
intelligence effort.  "Locks only keep out honest people; at most they
slow down the criminals enough to make them try another victim."