1993-11-07 - Re: (fwd) ViaCrypt PGP ships today

Header Data

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
To: cypherpunks@toad.com
Message Hash: 7cad206991e443065eedb8f3bb9d7cfca9971367d208c11dd8e21e356c1771db
Message ID: <Qgr6VSm00awKE5EUZK@andrew.cmu.edu>
Reply To: <199311062117.AA05991@access.digex.net>
UTC Datetime: 1993-11-07 03:18:05 UTC
Raw Date: Sat, 6 Nov 93 19:18:05 PST

Raw message

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Sat, 6 Nov 93 19:18:05 PST
To: cypherpunks@toad.com
Subject: Re: (fwd) ViaCrypt PGP ships today
In-Reply-To: <199311062117.AA05991@access.digex.net>
Message-ID: <Qgr6VSm00awKE5EUZK@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain

> For some reason it occured to me that were CiaCrypt (oops, slip... sorry)
> to want to provide an unsecure product to the general cryptography
> public, the best way to do it would be to attack the security of the
> secret key password.
> To me, the fact that Phil Z. has vouched for the program is enough
> for the moment.
> If the key password were attacked, output would not be affected.

I don't see how this would be of much help tho.  Putting a weakness in
the secret key password wouldn't help them much since they don't have
your secret key.  Furthermore, they couldn't easily change it without
making it incompatible with previous keys.  If I wanted to subtly weaken
PGP, I'd do it by weakening the randomness of the IDEA cipher key,
making it significantly easier to guess, by choosing a "random" key
based on something known, such as the legnth of the message or the date
it was encrypted, which would provide seemingly random encryption, but
actually make it easy to break if you knew the pattern.  I'm not saying
that anyone did that, but that's where I would start if I wanted to
sabotage it...