1993-11-23 - Re: Can NSA crack PGP?

Header Data

From: cman@caffeine.io.com (Douglas Barnes)
To: mech@eff.org (Stanton McCandlish)
Message Hash: e434ecd9b1cbc943cbf238cc0a6795369a7790a22c1cb3d2bd00b4d4d1ed4e93
Message ID: <199311230005.SAA09945@caffeine.caffeine.io.com>
Reply To: <199311222336.SAA22403@eff.org>
UTC Datetime: 1993-11-23 00:22:42 UTC
Raw Date: Mon, 22 Nov 93 16:22:42 PST

Raw message

From: cman@caffeine.io.com (Douglas Barnes)
Date: Mon, 22 Nov 93 16:22:42 PST
To: mech@eff.org (Stanton McCandlish)
Subject: Re: Can NSA crack PGP?
In-Reply-To: <199311222336.SAA22403@eff.org>
Message-ID: <199311230005.SAA09945@caffeine.caffeine.io.com>
MIME-Version: 1.0
Content-Type: text/plain

> In a FidoNet debate, it's been charged that PGP is unsafe, and that NSA
> can crack it.  The persons holding this viewpoint espouse the idea that
> the NSA can crack anything, pretty much, and that anything they could not
> crack would not be available to the general public, but would have been
> supressed.

The basic problem here is not whether the NSA has or hasn't cracked PGP.
Certainly it's safe today from the prying eyes of even a really determined 
FIDO sysop, even if he keeps up with all his mathematical journals and has 
access to commercially available supercomputer power. This should be sufficient
reason for its use... :-)

In all of the literature I have read, it is acknowledged that one
of the two possible things is true:

1) Factoring might not be as hard as we think it is; Bruce Schneier, for
   instance, cautions readers to keep informed about mathematical 
   developments in factoring. It has not been disproved that factoring
   is a hard problem, but neither has it been proved.

2) The NSA may have equipment that, using massively parallel techniques,
   can factor small RSA keys by brute force. However, if factoring is as
   hard as we think it is, very large keys are probably not within the
   scope of the NSAs ability, unless they have access to a different 
   universe where physical laws behave differently.

> SO, let's take this opportunity at online education, and spread the news
> that under current technology, PGP is in fact a secure cryptosystem.

Security is always a relative thing, Stanton, and if the transport layer
becomes sufficiently problematic, a really determined opponent will seek
other weaknesses (a spike mike in your house, a tap in your computer,
having burly gentlemen with names like "Butch" grab you and hold you 
upside down over a large body of rapidly moving water).

IMHO, the real point of encrypting is to make it difficult for the NSA 
and their ilk to casually surf the nets for stuff, and stymie more humble
opponents (whether they are sysops, employers, competitors, hackers, or 


----------------                                             /\ 
Douglas Barnes            cman@illuminati.io.com            /  \ 
Chief Wizard         (512) 447-8950 (d), 447-7866 (v)      / () \
Illuminati Online          metaverse.io.com 7777          /______\