Marco d'Itri <m...@linux.it> writes: > If anybody disagrees then please describe a credible threat model in > which: > - an entity would want to have access to the key of a DD, and > - would find brute forcing a 1024 bit key more practical than > stealing it or coercing a developer to disclose it.
Brute-forcing the key just requires compute cycles. There is essentially no chance of discovery and no risky activity at all until you start actually using the key. You can basically choose exactly how or when you want to use it, or use it only passively to decrypt data (although we don't really use our keys much for encryption, mostly). Stealing the key or coercing a developer is *far* riskier and runs a far higher chance of discovery, because both necessarily involve doing things out in the world that are visible and noticable and that would be of potential interest to the news media, etc. The reason why people tend to focus on passive risks like brute-force factoring is that they're only difficult in terms of necessary compute power (or breakthrough mathematics). They pose essentially zero operational difficulty and essentially zero risk; all the data that you need to make the attempt is completely public, and attempting it is not at all suspicious. There's no risk of getting caught. That makes the attack far more feasible. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87sir7lxae....@windlord.stanford.edu
