Security Basics mailing list archives
Re: Hack PGP
From: Dan Margolis <dmargoli+secbasics () af0 net>
Date: Thu, 20 Jan 2005 00:39:26 -0500
On Tue, Jan 18, 2005 at 09:55:40PM +0000, Nazareno Vicente Feito wrote:
would not trust berkeley center, cause the same thing they're doing with seti@home they can do with pgp keys, but anyway, paranoia aside, the thing with pgp keys it's that there's a rumour (I've heard this back in 2000/2001) that the M.I.T guys did have a reverse algorithm tool, quite difficult since the keys are randomly generated by events on the host computer, but that rumour spreaded and some people stoped trusting pgp and started thinking on gpg, which is pretty similar but not the same, besides the algorithm restrictions that imposes on non American Computers about the amount of bit encryptions, Europe it's quite different about this regulations.
As far as I know, the same algorithms used in GPG are available in PGP (DSA, RSA, and el Gamal). So the question you are presenting is; is the PGP implementation secure (do we trust PGP)? Granted, there may be some higher level of trust in GPG, since it's open source, but I haven't looked at it--have you? As for there being methods of breaking RSA (or similar), I sorta doubt it. For instance, in 1973, a British mathematician working for one of the British Military Intelligence services developed something akin to RSA, and the British kept it top-secret (who wouldn't want to?). But only 5 years later, R, S, and A came up with their own system and released it publicly. With all the potential fame, fortune, and glory to be gained from publicly breaking RSA, I find it hard to imagin that someone would have done so and kept it secret--and that nobody else would also have done so. Finally, regarding seti@home, there is a similar project for this very purpose, distributed.net. However, there's a really huge difference between breaking DES and breaking a standard-length RSA key. -- Dan
Current thread:
- Hack PGP Daniel Persson (Jan 17)
- Re: Hack PGP James Eaton-Lee (Jan 18)
- Re: Hack PGP Andreas Putzo (Jan 18)
- Re: Hack PGP Daniel Persson (Jan 18)
- Re: Hack PGP Keith Morgan (Jan 19)
- Re: Hack PGP Daniel Persson (Jan 18)
- <Possible follow-ups>
- Re: Hack PGP Saint Anthony (Jan 19)
- RE: Hack PGP Conlan Adams (Jan 19)
- Hack PGP Valentin Höbel (Jan 19)
- Re: Hack PGP Nazareno Vicente Feito (Jan 19)
- RE: Hack PGP Pablo Hauser (Jan 20)
- Re: Hack PGP Dan Margolis (Jan 20)
- Re: Hack PGP David J. Bianco (Jan 24)
- Hack PGP Valentin Höbel (Jan 19)
- Re: Hack PGP Christopher Anders (Jan 19)