GSM eavesdropping

Jerry Leichter leichter at
Tue Aug 3 22:08:45 EDT 2010

On Aug 2, 2010, at 4:19 PM, Paul Wouters wrote:
>> ...Of course, TLS hasn't been successful in the sense that we care  
>> about
>> most.  TLS has had no impact on how users authenticate (we still send
>> usernames and passwords) to servers, and the way TLS authenticates
>> servers to users turns out to be very weak (because of the plethora  
>> of
>> CAs, and because transitive trust isn't all that strong).
> Let's first focus on foiling the grand scale of things by protecting
> against passive attacks of large scale monitoring. Then let's worry
> about protecting against active targetted attacks....
It's worth pointing out that you're here making a value judgement -  
and, in effect, a political argument.  Large scale monitoring is  
mainly, if not entirely, something governments do.  It's unlikely to  
be cost-effective for the commercial attackers we see today.  Active,  
targeted attacks, on the other hand, seem to be the purview of many  
sophisticated attackers today - both governmental and non-governmental.

Cryptographic theory can help you decide which of these classes of  
attackers you should be more concerned about.

BTW, economics is everywhere.  Suppose you had a cryptographic  
technique that was quick and easy to apply, but also cheap to break -  
say, $1 per message.  Pretty useless, right?  But now imagine that  
every message is encrypted using this poor technique.  No individual  
message, once known through external signals to have value greater  
than $1, is safe - but  the aggregate of billions of messages being  
transfered every day is safe against any plausible attacker.
                                                         -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list