Re: HTTP/2 and Pervasive Monitoring

In message <>
, Martin Thomson writes:
>On 20 August 2014 11:36, Poul-Henning Kamp <> wrote:
>> Last I looked AES had 128 bit and larger keys, so that would be 2^127 ?
>No, 2^64.

You are not looking for a birthday attack.  You are looking at pile
of billions of HTTP connections and you have to decrypt *all* of them.

>> To stop PM, we don't need unbreakable crypto, we just need crypto
>> which is sufficiently expensive to break.
>That's all we ever have.  We just draw the line in different places.
>My point is that the line is close enough to what is state of the art
>to not bother with anything less.

And my point is that plenty of people have told us that state of the
art is uneconomical to them, so you'll never get emergency services,
news and porn on that bandwagon.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 20 August 2014 20:30:06 UTC