| ▲ | bccdee 2 days ago |
| NOBUS is only NOBUS until a spy gets their hands on the escrow master key (or until Donald Trump shares it at a dinner party on a lark, for that matter). If RSA's signing keys can be compromised¹, anything can be compromised. [1]: "The Full Story of the Stunning RSA Hack Can Finally Be Told," https://www.wired.com/story/the-full-story-of-the-stunning-r... |
|
| ▲ | tptacek 2 days ago | parent [-] |
| I don't understand the latter assertion. What's so special about RSA getting compromised? |
| |
| ▲ | bccdee a day ago | parent [-] | | They're a world-class security organization. If a nation-state actor can get access to their most important keys the hard way, then a nation-state actor has a decent shot at compromising any private key on the planet, if they're willing to put enough money into it. | | |
| ▲ | tptacek 17 hours ago | parent [-] | | They were just an enterprise software company. People have weird ideas of what RSA was. They bought the name RSA. | | |
| ▲ | bccdee 14 hours ago | parent [-] | | They're a large, trusted enterprise software company specializing in security. I'm very comfortable using them as a heuristic for the most secure that a regularly-used private key can possibly be. | | |
| ▲ | tptacek 13 hours ago | parent [-] | | I think you need to adjust your priors on the capabilities of enterprise security companies. I don't think you will find many practitioners that would rank RSA Security in "the most secure that a regularly-used private key can be". |
|
|
|
|
