Even if it were possible that it were true, what would it gain the NSA? If we are talking about two-way encrypted sessions (rather than encrypted e-mail), then, if the encryption is worth using, the session key is updated every few minutes, using a signed Diffie-Hellman or some other secured exchange mechanism. Two-way communication between known parties would not be suceptible to this method of attack. Even the NSA can't break IDEA, or blowfish, or even RC4-128 in an afternoon. They would need a few weeks at least, and the data should be old by then. Also, how would they pass data through an encrypted tunnel that is unique between the two communicating parties? ICMan If a great number of security gurus question the security of PPTP, that by definition makes PPTP an untrusted encryption protocol. > ----- Original Message ----- > From: Weld Pond [SMTP:weldat_private] <snip> > This is correct. All that spam you get for "get rich quick" scams is > actually data the NSA floods mailboxes and USENET with so that they > have known plaintext passing through encrypted tunnels. You forgot the smiley. Surely you jest. There exists: - a funded covert (cyberwar) project to compromise some encryption/security products for intelligence purposes (clipper contingency plan), - an overt FBI plan to compromise encryption/security products for 'law enforcement' purposes (by Lois Freeh), - a project to place sniffers on all Internet backbones (via Janet Reno), - and a plan to put 'Mind control' elements of Psychological Warfare on Internet sites & postings (Congress, Porter Gross-R Fla.), but SPAM from the NSA? Nah! Too far fetched even for me. Bill Stout ______________________________________________________________________ Proud member of Hillarys' right wing conspiracy.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:14 PDT