tedrick@ernie.berkeley.edu (Tom Tedrick) (04/28/86)
> Assuming the information about breaking new Libyan codes within weeks > is correct, does that imply that the NSA is > stellar at the job it does, or that the Libyans use weak > crypto-systems? The Libyans use weak crypto-systems. > Is it realistically possible today for a small country or a large > company to independently secure its communications from organizations > such as NSA or the Soviet equivalent? Yes.
desj@brahms.BERKELEY.EDU (David desJardins) (04/28/86)
In article <13462@ucbvax.BERKELEY.EDU> tedrick@ernie.berkeley.edu.UUCP (Tom Tedrick) writes: >> Assuming the information about breaking new Libyan codes within weeks >> is correct, does that imply that the NSA is >> stellar at the job it does, or that the Libyans use weak >> crypto-systems? > >The Libyans use weak crypto-systems. I disagree. They may or may not, but this is not the point. The reason we can break their codes within weeks is most likely because their key security is poor, not because they use a weak system. >> Is it realistically possible today for a small country or a large >> company to independently secure its communications from organizations >> such as NSA or the Soviet equivalent? > >Yes. Again, I disagree, with some reservations. For small, extremely important messages, one-time pads will do just fine. And from a theoretical point of view Tom is certainly correct. But I think he (like many academic crypto- graphy types) underestimates the practical problems of key security for large volumes of routine transmissions. -- David desJardins
tedrick@ernie.berkeley.edu (Tom Tedrick) (04/28/86)
>>> Assuming the information about breaking new Libyan codes within weeks >>> is correct, does that imply that the NSA is >>> stellar at the job it does, or that the Libyans use weak >>> crypto-systems? >>The Libyans use weak crypto-systems. > I disagree. They may or may not, but this is not the point. The reason >we can break their codes within weeks is most likely because their key >security is poor, not because they use a weak system. Oh the hell with it. I give up. Go on dreaming. The NSA thanks you. (Just for the record, I disagree, in case anyone has doubts. If anyone wants to believe David, be my guest.) >>> Is it realistically possible today for a small country or a large >>> company to independently secure its communications from organizations >>> such as NSA or the Soviet equivalent? >>Yes. > Again, I disagree, with some reservations. For small, extremely important >messages, one-time pads will do just fine. And from a theoretical point of >view Tom is certainly correct. Correct. >But I think he (like many academic crypto- >graphy types) underestimates the practical problems of key security for large >volumes of routine transmissions. Incorrect.
mkr@mmm.UUCP (MKR) (04/30/86)
>> Assuming the information about breaking new Libyan codes within weeks >> is correct, does that imply that the NSA is >> stellar at the job it does, or that the Libyans use weak >> crypto-systems? > >The Libyans use weak crypto-systems. > Weak crypto-systems? Why, I seen one of their papers one time, and I couldn't make hide nor hair of it - it was all just a buncha funny squiggles. I think it must be one of the best crypto-systems around. I'd love to see an Arabic ASCII table. (In case you couldn't tell .... :-) ) --MKR "There's nothing wrong with shooting, as long as the right people get shot." -"Dirty" Harry Callahan
djb@riccb.UUCP (Dave J. Burris ) (05/09/86)
> > Is it realistically possible today for a small country or a large > > company to independently secure its communications from organizations > > such as NSA or the Soviet equivalent? > Yes, but with qualifications. The amount of security in basically inversely proportional to the importance the NSA places on knowing the information. NSA has limited resources and must limit its monitoring to people/organizations it considers a risk to the security of the US government. What constitutes a risk is up for grabs and is basically driven by politics. -- Dave Burris ..!ihnp4!ihopa!riccb!djb Rockwell Switching Systems, Downers Grove, Il.
simsong@mit-amt.MIT.EDU (Simson L. Garfinkel) (05/10/86)
In article <679@riccb.UUCP> djb@riccb.UUCP (Dave J. Burris ) writes: >NSA has limited resources and must limit its monitoring to people/organizations >it considers a risk to the security of the US government. What constitutes >a risk is up for grabs and is basically driven by politics. True, but I was once told that the NSA monitors and perhaps records 10% of all over seas telephone calls from the United States. Can anybody verify or confirm this?