From: "Peter Trei" <trei>
Date: Thu, 3 Aug 95 13:26:21 PDT
To: cypherpunks@toad.com
Subject: Re: a hole in PGP
Message-ID: <9508032026.AA16303@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Sunder writes:

> Agreed.  If PGP has a hole it in it's not in the sources, nor in the 
> executables.  Any hole would be a breaking of the RSA or IDEA cyphers by 
> the TLA's who wouldn't talk about it, or the availablity of enough super 
> fast hardware to brute force it.

> It wouldn't be that PGP, it's sources, or algorithms have holes.  It 
> would be that there is a way to factor RSA that as of yet we don't know 
> about.  And hell, that's as likely as meeting Elvis at your local 7-11. ;-)

One little mental game I sometimes play (when I'm bored with 
deciding what to do when I win the lottery :-) is:

What would you do if you could crack RSA?

Let's suppose you've stumbled upon a very fast factoring algorithm - you 
can crack all of the RSA challenges on your home PC in minutes. What 
do you do next?

Possibilities:

* Post the algorithm to the net [anonymously?].
* Post the solutions to the challenges [anonymously?].
* Apply for a patent.
* Sit on it.
* Write an article for Cryptologia, get the Draper medal.
* Try to cut a deal with RSA
* Try to cut a deal with NSA
* Try to cut a deal with KGB/Sadam/etc.
* Try to keep it a trade secret, but profit from it.

* Escrow a OTP encoded description of the algorithm, and the OTP, with 
  different (unknown to each other) lawyers, with orders to 
  post them to sci.crypt if you vanish or die mysteriously.

It's sort of fun to speculate...

Peter

PS:I'm still waiting for the SSL challenge to start.






Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
trei@process.com