From: cman@caffeine.io.com (Douglas Barnes)
To: mech@eff.org (Stanton McCandlish)
Message Hash: e434ecd9b1cbc943cbf238cc0a6795369a7790a22c1cb3d2bd00b4d4d1ed4e93
Message ID: <199311230005.SAA09945@caffeine.caffeine.io.com>
Reply To: <199311222336.SAA22403@eff.org>
UTC Datetime: 1993-11-23 00:22:42 UTC
Raw Date: Mon, 22 Nov 93 16:22:42 PST
From: cman@caffeine.io.com (Douglas Barnes)
Date: Mon, 22 Nov 93 16:22:42 PST
To: mech@eff.org (Stanton McCandlish)
Subject: Re: Can NSA crack PGP?
In-Reply-To: <199311222336.SAA22403@eff.org>
Message-ID: <199311230005.SAA09945@caffeine.caffeine.io.com>
MIME-Version: 1.0
Content-Type: text/plain
>
> In a FidoNet debate, it's been charged that PGP is unsafe, and that NSA
> can crack it. The persons holding this viewpoint espouse the idea that
> the NSA can crack anything, pretty much, and that anything they could not
> crack would not be available to the general public, but would have been
> supressed.
The basic problem here is not whether the NSA has or hasn't cracked PGP.
Certainly it's safe today from the prying eyes of even a really determined
FIDO sysop, even if he keeps up with all his mathematical journals and has
access to commercially available supercomputer power. This should be sufficient
reason for its use... :-)
In all of the literature I have read, it is acknowledged that one
of the two possible things is true:
1) Factoring might not be as hard as we think it is; Bruce Schneier, for
instance, cautions readers to keep informed about mathematical
developments in factoring. It has not been disproved that factoring
is a hard problem, but neither has it been proved.
2) The NSA may have equipment that, using massively parallel techniques,
can factor small RSA keys by brute force. However, if factoring is as
hard as we think it is, very large keys are probably not within the
scope of the NSAs ability, unless they have access to a different
universe where physical laws behave differently.
[...]
>>
> SO, let's take this opportunity at online education, and spread the news
> that under current technology, PGP is in fact a secure cryptosystem.
>
Security is always a relative thing, Stanton, and if the transport layer
becomes sufficiently problematic, a really determined opponent will seek
other weaknesses (a spike mike in your house, a tap in your computer,
having burly gentlemen with names like "Butch" grab you and hold you
upside down over a large body of rapidly moving water).
IMHO, the real point of encrypting is to make it difficult for the NSA
and their ilk to casually surf the nets for stuff, and stymie more humble
opponents (whether they are sysops, employers, competitors, hackers, or
France).
Doug
--
---------------- /\
Douglas Barnes cman@illuminati.io.com / \
Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \
Illuminati Online metaverse.io.com 7777 /______\
Return to November 1993
Return to “Stanton McCandlish <mech@eff.org>”