1993-01-27 - weak point of PGP implementation

Header Data

From: The Phantom <phantom@u.washington.edu>
To: cypherpunks@toad.com
Message Hash: 98568303523c0ddaee9c27c71e6fe631068395d025e99270e1ee070aa0bf1722
Message ID: <Pine.3.05.9301261648.A20494-b100000@stein2.u.washington.edu>
Reply To: N/A
UTC Datetime: 1993-01-27 00:24:02 UTC
Raw Date: Tue, 26 Jan 93 16:24:02 PST

Raw message

From: The Phantom <phantom@u.washington.edu>
Date: Tue, 26 Jan 93 16:24:02 PST
To: cypherpunks@toad.com
Subject: weak point of PGP implementation
Message-ID: <Pine.3.05.9301261648.A20494-b100000@stein2.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain



tcmay says:

----
With strong crypto, e.g., with 300 decimal digit moduli, the "costs"
of decryption by brute force could easily exceed the GNP/GDP of the
U.S.
...
bagged" the house, perhaps a simple pass phrase was used in lieu of
memorizing 300 digits, and so on.
----

I've been wondering about this. It seems as though the weak point of PGP
is one of three possible things:

	1) RSA key length (a key length of 10 digits might be a good
target, but noone using pgp uses anything so absurdly small, so this can
be all but ruled out barring any huge jumps in factoring .. 

	2) 'conventional cryptography' used for encoding the secring.pgp
files, etc. What crypto, exactly, is used? How strong is it? If the NSA
knocked on the door and demanded your computer, would it try to crack your
key, or would it go directly for the secring.pgp file?

	3) length/triviality of pass phrase. This is, I would think, the
weakest point mentioned yet. How long does the pass phrase have to be
until this point becomes as secure as the weaker of the above two? If all
bits of your passphrase were random, how long would an exhaustive search
take? 

matt


Matt Thomlinson
University of Washington, Seattle, Washington.
Internet: phantom@u.washington.edu      	    phone: (206) 528-5732
PGP 2.0 key availaible via email or finger phantom@hardy.u.washington.edu






Thread