[Cryptography] What ever happened to end-to-end email encryption?

Ray Dillinger bear at sonic.net
Sun Sep 5 15:22:12 EDT 2021

On 8/22/21 5:09 AM, Viktor Dukhovni wrote:
> The attacks in the paper are interesting, but not a significant threat
> in practice, since they are sophisticated on-path attacks, and it is far
> easier to send links to booby-trapped web sites, attach malware
> executables, ...
> My estimate of the number of users exploited via such attacks is exactly
> zero.

Mine isn't, quite.  Extraordinarily high value persons of interest can
motivate major governments to make the investments in hardware,
infrastructure, personnel, and expertise needed to make such attacks
actually work.

I would guess though that extreme methods like this might be made twice
or three times a year against very specifically chosen targets.  Bad
actors the world over are known to favor passive techiques of mass
harvesting enormous quantities of whatever material they can get for low


More information about the cryptography mailing list