1994-07-04 - Re: Question for PGP Gurus
Header Data
From: Derek Atkins <warlord@MIT.EDU>
To: tcmay@netcom.com (Timothy C. May)
Message Hash: b9f96d76ea90259fbca49c1e3f515bfb2cbb1d48a9e8eaedb23d5828ed979070
Message ID: <9407042153.AA28890@toxicwaste.media.mit.edu>
Reply To: <199407041851.LAA17276@netcom5.netcom.com>
UTC Datetime: 1994-07-04 21:49:10 UTC
Raw Date: Mon, 4 Jul 94 14:49:10 PDT
Raw message
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 4 Jul 94 14:49:10 PDT
To: tcmay@netcom.com (Timothy C. May)
Subject: Re: Question for PGP Gurus
In-Reply-To: <199407041851.LAA17276@netcom5.netcom.com>
Message-ID: <9407042153.AA28890@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
> Someone has told me that pre-MIT versions of PGP may have compromised
> security because "the session key is hashed solely from the
> plaintext."
>
> Is this true? What's the significance? Is there any weakness?
This is not true. The session key is based upon random input (key
timings from the passphrase, and other sources of random input) as
well as the randseed.bin file, which was generated by random
keypresses at key generation. (It may also include other sources of
randomness as well; I do not recall).
This is only for the random session keys. If you use conventional
crypto mode (pgp -c), then the IDEA key is based solely on the hash of
the passphrase, and I believe the IV is not random (maybe it should be
a random IV?)
Hope this helps, Tim.
-derek
Thread
Return to July 1994
- Return to “Derek Atkins <warlord@MIT.EDU>”
- Return to “roy@sendai.cybrspc.mn.org (Roy M. Silvernail)”
Return to “tcmay@netcom.com (Timothy C. May)”
- 1994-07-04 (Mon, 4 Jul 94 11:47:53 PDT) - Question for PGP Gurus - tcmay@netcom.com (Timothy C. May)
- 1994-07-04 (Mon, 4 Jul 94 14:49:10 PDT) - Re: Question for PGP Gurus - Derek Atkins <warlord@MIT.EDU>
- 1994-07-04 (Mon, 4 Jul 94 15:58:11 PDT) - Re: Question for PGP Gurus - roy@sendai.cybrspc.mn.org (Roy M. Silvernail)