[Discuss] KeePassX

[gaf at blu.org (Jerry Feldman)]

On 08/14/2013 07:36 AM, Kent Borg wrote:
> On 08/14/2013 06:34 AM, Jerry Feldman wrote:
>> Agreed. But, breaking the session key only works for a single message 
>> or a single session. If they want to target a specific individual, 
>> breaking the RSA/DSA keys will give them access to all encrypted 
>> messages. (within the context is that a sent message is encrypted by 
>> the recipient's public key), 
>
> Yes, breaking the RSA/DSA key will let them read files or e-mails 
> (effectively a file) encrypted with that public key.  But I think that 
> if you are doing SSL with that public key, the key exchange cannot be 
> understood by a passive observer, so passively recording the packets 
> will not let someone later decrypt the exchange.
Basically, there are 3 groups of those who want to hack encryption
1. Governments - they have resources and if they want to get your 
information they have tools to do it.
2. criminals who want your information. Unless you are very wealthy, 
there is very small chance they will try to break your encryption. 
Simple cost benefit.
3. random hackers. There are people out there with skills and some 
resources. It is hard to protect against these people because of their 
skills. While they don't have acres of supercomputers they have the 
skills to build or use low cost clusters.

So, I'm not really worried. If the NSA or FBI wanted to get my 
information and read my emails they can do it, and there is very little 
that I can do other than remain under the radar.

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90