[svlug] Firewalls?

John Conover conover at rahul.net
Wed Jan 24 02:15:42 PST 2007


Rick Moen writes:
> Quoting John Conover (conover at rahul.net):
> 
> > For a while.
> 
> IM ON UR SERVER, STEELIN ALL UR CIPHR WARZ.
> 
> (Hey, everyone knows double rot13 rules, anyway.)
>

Rick and I are kind'a kidding around, but Bruce Schneier's comments on
cracking/crypto being an issue that is more related to an economics
problem than technical methodologies is well worth looking into. See:

    http://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html

for particulars, (and related comments on the site.)

It should also be pointed out that user related issues are far more
vulnerable to cracking than the technical methodologies used for their
encrypted connections.

In point of fact, for example, all high level governmental/military
cracks that have occurred, (as far as we know, enigma/purple/etc.,)
were cracked due to sloppy "operational" practices, (specifically, a
clear text version of a non-confidential message being sent to back up
an encrypted version sent over an SOP encrypted channel-allowing the
keys being used to be deciphered by automated combinatoric processes
and then used to decrypt other messages, or variant thereof.)

But Bruce's comments are worthy of consideration-what you have to lose
determines how how sophisticated your encryption tech, (or security
schema,) has to be.

         John

-- 

John Conover, conover at rahul.net, http://www.johncon.com/




More information about the svlug mailing list