From: an31144@anon.penet.fi
To: cypherpunks@toad.com
Message Hash: afc9a75444c15bba13bf9acffb692657c4277b9426fd89ac7c0459ebeac4cfbd
Message ID: <199308261827.AA25477@xtropia>
Reply To: N/A
UTC Datetime: 1993-08-26 19:53:01 UTC
Raw Date: Thu, 26 Aug 93 12:53:01 PDT
From: an31144@anon.penet.fi
Date: Thu, 26 Aug 93 12:53:01 PDT
To: cypherpunks@toad.com
Subject: Further PGP Security Doubts
Message-ID: <199308261827.AA25477@xtropia>
MIME-Version: 1.0
Content-Type: text/plain
> 4) It's not too hard to build a test-suite for PGP to ensure it's
> implementation of IDEA is correct, and it's possible to check
> it's key generation/session key generation things. Of course
> key management isn't too big a deal either... Thus I don't
> think it requires too great an effort to trust ViaCrypt.
> And if not - buy their copy to stay legal and use the
> Source to be safe (:-).
I would be pleased to see some truly exhaustive efforts made to test
PGP's actual security.
I have been seeing yet more criticisms of PGP, this time from some
character calling himself "Raymond Paquin." He claims to be a
professor of mathematics who has been working at an unnamed university
exclusively on cryptographics for the past twelve years. He implies
that he is working for some government in a classified capacity and is
thus unable to either publish or discuss the matter openly.
He claims that PGP is fatally flawed, though the flaw is in niether
RSA or IDEA, but rather somewhere within the PGP part of the program.
Copping the "I can say no more! I have said too much already!"
melodrama, no more detailed information is forthcoming.
Now, this tease seems to reek of a hoax, but Zimmermann himself claimed
no high degree of security for the program. To my knowledge, no serious
or well-funded unclassified attempts have been made to crack PGP. I
fear that we are putting our faith in snake oil, as Zimmermann puts it.
I am not a mathematician, but merely a former spear-carrier in the Cold
War with some fairly well-developed residual instincts about this sort
of thing, including a conviction that all security measures - physical,
electronic or cryptographic - can be compromised by a determined
opponent with extensive resources. Once compromised, attacks thereafter
may often be trivially accomplished.
Return to August 1993
Return to “an31144@anon.penet.fi”
1993-08-26 (Thu, 26 Aug 93 12:53:01 PDT) - Further PGP Security Doubts - an31144@anon.penet.fi