1993-01-27 - Re: weak point of PGP implementation

Header Data

From: uri@watson.ibm.com
To: cypherpunks@toad.com (cypherpunks)
Message Hash: 67875e2906d8d13ba1434f694475def94d11678ed6417b74d8f960f7c99bcd63
Message ID: <9301270438.AA15194@buoy.watson.ibm.com>
Reply To: <9301270327.AA17865@soda.berkeley.edu>
UTC Datetime: 1993-01-27 04:39:33 UTC
Raw Date: Tue, 26 Jan 93 20:39:33 PST

Raw message

From: uri@watson.ibm.com
Date: Tue, 26 Jan 93 20:39:33 PST
To: cypherpunks@toad.com (cypherpunks)
Subject: Re: weak point of PGP implementation
In-Reply-To: <9301270327.AA17865@soda.berkeley.edu>
Message-ID: <9301270438.AA15194@buoy.watson.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Hughes says:
> Matt mentions three potential weaknesses in PGP: RSA key length, the
> IDEA cypher, the pass phrase.

Probably the first two even a paranoid person won't call "weaknesses".
The pass-phrase - th docs should give some guidelines, as to how one
must choose his pass-phrase (if it's already there - apologies :-).

> Let me add:

And now you're talking! (:-)

> 4. The random number generator used to make session keys.  If this is
> weak, then an opponent might be able to guess them feasibly.  This attack
> does not require breaking the underlying cryptography.
>
> 5. Weak random numbers for RSA key generation.  If the numbers in the
> random number pool are not as random as they should be, then one might
> simply simulate the prime generation algorithm and compile a table of
> potential PGP primes.

It looks  like that [former] Soviet professor found and pointed out
exactly those weaknesses: poor RSA keys (making factoring about two
orders of magnitude easier) and poor something else (I couldn't
understand what he meant, sorry :-). Quite possible he hit
session keys (as likely as not)...
--
Regards,
Uri         uri@watson.ibm.com      scifi!angmar!uri 	N2RIU
-----------
<Disclamer>


From cypherpunks-request  Tue Jan 26 21:28:06 1993




Thread