[erlang-questions] How safe is it to leave an open SSL port on the public internet?

[zxq9]

On 2017年09月01日 金曜日 14:57:04 Loïc Hoguin wrote:
> On 08/30/2017 08:03 PM, code wiget wrote:
> > Also, Fred, I re-read your post and wanted to either start a quick 
> > discussion/warn you about elliptic curves. According to the NSA: "the 
> > growth of elliptic curve use has bumped up against the fact of continued 
> > progress in the research on quantum computing, which has made it clear 
> > that *elliptic curve cryptography is not the long term solution many 
> > once hoped it would be.**”*
> > *
> > *
> > The NSA has deprecated ECC, whether or not that means that some foreign 
> > actor has a crack or if they are that worried about quantum computing is 
> > to be seen, but for now it seems like we should be moving away from ECC.
> 
> Surely the NSA's bigger concern is that they can't crack it today, 
> rather than it being too weak in the future.

The NSA's biggest concern is that once they realize they have a lead on cracking something there is an instant (and very well founded) fear reaction that someone else must have already achieved this, but never announced it. That is the #1 priority of the NSA in every fiber of its being.

Secondarily, they have to keep trying to crack things, but for practical operational purposes HUMINT trumps SIGINT in almost every way, every day, and they aren't blind to this. Cracks are only a small part of the NSA's game; the vast majority of what they collect is given to them willfully, one way or another.

-Craig