Quote:
Originally Posted by saden1
It's about the algorithm used and the key size. Even at 1024-bit key size RSA encryption is trash when it comes to encrypting data. No one in their right mind would use it nowadays because it's susceptible to chosen-plaintext attacks and there are better encryption schemes out there. What you really want is AES ( Rijndael) which the NSA approved for encrypting classified documents or Twofish which is even better. |
Quote:
Originally Posted by saden1
No, I'm just paranoid mofo...I do use Skype so my liberties are pretty safe. I'm just pissed because this whole FISA thing is a f'ing sham. Might as well hope for security becasue terrorists on Skype can "win." |
Pretty safe is correct, I guess. Skype uses RSA for AES key negotiation. If you can in fact use a chosen plaintext attack on RSA, then by using AES for the actual data stream is kind of pointless (other than the performance gained), I would think. Once you get the agreed upon key, you can then trivially decrypt all communications between the two parties.
But that all rides on a successfully executed chosen text attack. I've never seen RSA broken in that fashion, and if it has been successfully done, I'd love to see some performance stats.
All of this is neither here nor there, though. You can have the strongest encryption in the world, but in the end humans are the ones using it. Generally speaking, humans are terrible at securing their security. That is why you do not need brute force, chosen text, distributed brute force, mathematical cracks, etc to break encryption. Bluntly, people are stupid and lazy.