[Cryptography] Secure erasure
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Sep 12 02:53:29 EDT 2016
Stephen Farrell <stephen.farrell at cs.tcd.ie> writes:
>On 11/09/16 10:50, Peter Gutmann wrote:
>> Which leads to a further corollary that anything more than maybe single DES
>> when your opponent is anything other than a nation-state is probably a waste
>> of time because there's always an easier way in.
>
>Really? That seems awfully inaccurate to me. Single DES does not require a
>nation state and passive attacks are far less risky than active. I think
>you've let rhetoric overly affect your words there, and in a way that could
>cause harm.
I didn't say "use weak crypto", I said that using anything stronger than about
single DES isn't necessary because it's no longer the weakest point. Barring
corner cases, can you give me an example of a widely-deployed system involving
crypto where single DES is the weakest point, in other words where attackers
are using DES-cracking to get in? It's not SCADA, both because SCADA isn't
protecting anything worth applying a DES-breaker to and because there's
always, always a much easier way in. It's not protecting bank accounts/credit
cards (TLS) because you can buy those in bulk from any carder forum for next
to nothing (heck, carders give away free samples to prove their wares are
good). It's not Unix logons/server access (SSH) because you can buy
compromised machines for equally little.
So for which generally-used, widely-deployed system (where the opponent isn't
a nation-state) is DES the weakest point of attack?
Peter.
More information about the cryptography
mailing list