GSM eavesdropping
Jerry Leichter
leichter at lrw.com
Tue Aug 3 22:08:45 EDT 2010
On Aug 2, 2010, at 4:19 PM, Paul Wouters wrote:
>> ...Of course, TLS hasn't been successful in the sense that we care
>> about
>> most. TLS has had no impact on how users authenticate (we still send
>> usernames and passwords) to servers, and the way TLS authenticates
>> servers to users turns out to be very weak (because of the plethora
>> of
>> CAs, and because transitive trust isn't all that strong).
>
> Let's first focus on foiling the grand scale of things by protecting
> against passive attacks of large scale monitoring. Then let's worry
> about protecting against active targetted attacks....
It's worth pointing out that you're here making a value judgement -
and, in effect, a political argument. Large scale monitoring is
mainly, if not entirely, something governments do. It's unlikely to
be cost-effective for the commercial attackers we see today. Active,
targeted attacks, on the other hand, seem to be the purview of many
sophisticated attackers today - both governmental and non-governmental.
Cryptographic theory can help you decide which of these classes of
attackers you should be more concerned about.
BTW, economics is everywhere. Suppose you had a cryptographic
technique that was quick and easy to apply, but also cheap to break -
say, $1 per message. Pretty useless, right? But now imagine that
every message is encrypted using this poor technique. No individual
message, once known through external signals to have value greater
than $1, is safe - but the aggregate of billions of messages being
transfered every day is safe against any plausible attacker.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list