[Noisebridge-discuss] Attn: Lockpicking and Attn: Interested on Public Key Encryption

[Seth David Schoen]

Glen Jarvis writes:

> This concept worked very well (it seemed to work in all cases thus
> far). It's something physical that people can relate to. Yes, the safe
> can be drilled into and the message stolen. and, yes, the concrete
> could be destroyed and the safe stolen. But, those things are pretty
> hard to do and can take a while -- I may be home before they get by
> with it. Those same concepts are true for Public Key encryption.

Hi Glen,

I find this part of the analogy difficult.  A physical attack on a safe
might take on the order of a day, while a brute force attack on a
2048-bit RSA key in the anticipated way will take longer than a human
lifetime.

Also, if you come home you can notice whether someone is attacking or
has attempted to attack your safe.  But the attack on your RSA key is
not something that you can notice.  For example, I just tried to factor
your PGP key's RSA modulus for an hour.  (Of course, I didn't succeed!)
I bet you didn't notice any scratches or dents in the private key as
a result. :-)

I'm glad your analogy has been helpful to your students.  There's a
slightly more complicated one out there involving boxes to which
multiple locks can be attached, or perhaps involving locked boxes
with a slot through which letters can be dropped.

https://en.wikipedia.org/wiki/Public-key_cryptography#A_postal_analogy

I'm not sure if these analogies are actually more helpful, although
they might be physically realizable. :-)

-- 
Seth David Schoen <schoen at loyalty.org>      |  No haiku patents
     http://www.loyalty.org/~schoen/        |  means I've no incentive to
  FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150  |        -- Don Marti