Message Hash: 115025c5a0ed6095cdb849dd762a27b12c1c244de61212aa2d470f599e4e085b
Message ID: <199308272046.AA04048@xtropia>
Reply To: N/A
UTC Datetime: 1993-08-27 21:15:59 UTC
Raw Date: Fri, 27 Aug 93 14:15:59 PDT
From: email@example.com Date: Fri, 27 Aug 93 14:15:59 PDT To: firstname.lastname@example.org Subject: Plausible Spookiness Message-ID: <199308272046.AA04048@xtropia> MIME-Version: 1.0 Content-Type: text/plain > Whoever "Raymond Paquin" is, he's no spook. Spooks just don't do > things like that - tell a little bit, then clam up. They are > trained by instinct never to leak. I got a sad little chuckle out of that one. Leaving aside the paradoxical "trained by instinct" line, I can assure you that your claim here is simply naive. Perhaps you watch too much TV. For every Ivy League CIA careerist station chief with a vested interest and thorough indoctrination, there are several thousand nobodies who more or less blundered into the racket in minor capacities. These are underpaid, ignored, fucked-with, jacked around, abused, denied, manipulated, lied to, insulted, cut loose, yanked back and otherwise generally driven nuts until they quit, at which time they discover they are too burned out to do anything in the real world - say, hold down some shitty job ("There seems to be a rather large hole in your resume, Mr. Smith...") or maintain personal relationships. What these people will or won't do is beyond reliable conjecture. Did you guess I speak from personal experience and observation? What Paquin is or isn't, I can't say. I haven't believed or trusted anyone since late 1970 or so anyway, but I would not be surprised if Paquin actually was doing pretty much what he said, namely working at some university doing crypto math on some government grant with big strings. This is completely plausible. > If there is any flaw in PGP, there are only a few places where it > could be. The basic mechanics of the program (RSA, IDEA, etc) > obviously work... If you mean that they are NSA-proof, or that only brute force attacks would affect decryption, I would suggest that we know no such thing, and it is extremely unlikely that we ever will. The NSA has _astounding_ resources, unequalled by anything in the private sector, dedicated to no other purpose than compromising world-class cyphers. Their successes are not public knowledge, to say the least. No one here should blithely dismiss claims of PGP weaknesses when the opposition has literally billions of dollars earmarked to find such flaws. It bears noting that the concealment of major successes in decryption are every bit as important as the decryption itself, a fact often overlooked. I would like to see "Paquin's" case against PGP as well as a competent analysis of his claims. Unfortunately, I cannot produce either. > A subtle flaw would have to be somewhere like: prime number > generation, random RSA key generation, or random session key > generation. If the primes weren't actually prime, that would make the > RSA keys breakable. But you could take the primes (pgp -kg -l and you > will see them in hex) and feed them into a primality tester to verify > that. I have seen numerous conjectures about PGP primes, but am not competent to judge them. > The most likely place for a bug would be in the randomness. This has been another subject of discussion, though I know of no firm conclusions being reached.