| Some very doubtful assertions here. > FBI cracked 512-bit disk encryption in a recent case Very hard to believe that they brute-forced 512-bit AES. More likely they guessed, or otherwise located, the key, or found some implementation flaw in the software/device. > don't even need to work that hard. They can just grab the keys in transit. If and only if they have the private key. Which, I concede, they may well be able to get. > Third, with a MITM attack, you can just drop in a box that makes SSL connections on both ends transparently No you can not, not without installing a cert on every single user's machine. This would have been noticed if it was going on. I admit that now I think about it, putting taps on DC data connections and simply requiring sites or the DC to provide any and all private keys would be substantially less invasive/visible than actually putting taps into the building, and with basically the same effectiveness (except for the PFS thing). |