The NSA is hinting hard that it has cracked the fiber optic barrier and finds encryption 'no more than speed bump'. As usual, might be true (esp. the parts about tracking phones and tapping undersea fiber), but bring truckload of salt to the party.
A Personal Blog
by Michael Froomkin
Laurie Silvers & Mitchell Rubenstein Distinguished Professor of Law
University of Miami School of Law
My Publications | e-mail
All opinions on this blog are those of the author(s) and not their employer(s) unelss otherwise specified.
Who Reads Discourse.net?
Readers describe themselves.
Please join in.Reader Map
Recent Comments
- Janet on Proof of Life
- ErnestHeate on Comment Policy
- Just me on We’ve Got to Stop Meeting Like This
- Jane Moscowitz on We’ve Got to Stop Meeting Like This
- Grim on Maya Pines Froomkin 1928-2024
Subscribe to Blog via Email
Join 52 other subscribers
As I read the article, it seems to be saying that the NSA has figured out how to grab data from fiber optic transmissions, but I’m not sure it clearly states that they have figured out how to decode public-key encryption using some other means than brute force; it mentions encryption as a signal that a given message is “interesting” (that is, itthose exchanging the messages have something to hide).
My understanding is that there is still no proof that a person’s private key cannot be derived from the public key, yet there is no known algorithm that can do this (besides brute force, which is effectively forestalled by increasing key length). Perhaps other more knowledgeable readers can comment, but I personally believe this problem to be both formidable and, for the foreseeable future, intractable. Indeed, if it were publicly revealed that a private key could be easily determined from an examination of the public key, it would throw the entire infrastructure of electronic commerce (not to mention international finance) into absolute chaos…
You-all should visit The Pink Bunny of Battle (http://pfaff.tcc.virginia.edu).
The article actually says that when they’ve identified someone who’s sending encrypted mail, and identified him as a target of interest, they can generally find ways to get the data which don’t involve breaking the encryption directly (perhaps along the lines of the remote screen-reading from Cryptonomicon… at any rate, let your imagination run riot).