[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Brute Force and Smart Force




| Adam Shostack writes:
| > 	Perhaps we should refocus our efforts on attacking PGP, to see
| > if there are holes there?  (I'm not suggesting there are, but it
| > would be nice to see some code written to extend Crack to phrases,
| > do some more code review, etc.)
| 
| Probably a worthwhile enterprise. Unfortunately, Netscape and the like
| are low hanging fruit -- its much simpler to find holes in things, er,
| of that, er, ah, quality -- and one probably rightfully gets more
| press for breaking them.

What I don't understand is why the law-enforcement is so concerned 
about bruting things. It is probably quite easy to tap the keyboard,
smart force, exchange the binary with the real thing etc for them?

(Unless they want to read it all from a nice tipped-back armchair in
a certain location? :-))

What I'm saying is that this kind of attack should work quite easily
in the one-by-one cases, but not on a large scale, malicious data,
trojan horses, outright bugging. So why all this Clipper (son-of-X)
fuss? 

Ok, not for all data, especially not for the "untouched, rarely used"
ones. But is this any different from hiding your diary in a very safe
place anyway?

/Christian