From: Alex Strasheim <cp@proust.suba.com>
To: pitz@onetouch.com
Message Hash: 4bf70d16176a4bc4fd1659cc431353e6fb6be661f50ec21f953bf11c54f423f4
Message ID: <199601170205.UAA00460@proust.suba.com>
Reply To: <9601162346.AA22192@toad.com>
UTC Datetime: 1996-01-17 02:33:01 UTC
Raw Date: Wed, 17 Jan 1996 10:33:01 +0800
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 17 Jan 1996 10:33:01 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?
In-Reply-To: <9601162346.AA22192@toad.com>
Message-ID: <199601170205.UAA00460@proust.suba.com>
MIME-Version: 1.0
Content-Type: text
> In speaking with an associate, he mentioned in passing that PGP had
> been broken a few weeks ago in San Diego by the DoD using a Cray.
> All questioning about said subject was ended immediately as he felt
> that he might have said too much how it was. Was PGP "broken"?
There's a store here in Chicago that sells surveillance equipment. I had
driven by it for years and never gone in, and a few weeks ago I finally
gave in to curiosity and checked it out.
One of the things they were selling was a $100 floppy disk labeled
"public key encryption". Is that like PGP? "No, this is much better.
PGP can be broken, this uses DES." (DES isn't a public key algorithm, of
course, and it's no longer considered secure.)
There have been hundreds of reports like yours throughout PGP's short
history. They're always second hand, and there's never any information
about the specifics of the attack. It's hard to take such reports
seriously.
What do you mean when you speak of "breaking PGP"? Decrypting a single
message? Forging a single signature? Producing a private key from a
public one? Figuring out a way to make one of those other problems easier
by exploiting a weakness in PGP's implementation? A new attack on RSA,
IDEA, or MD5? Coming up with a technique for factoring big numbers?
I'd be willing to bet that most people -- literally, more than half -- who
use PGP have made the mistake of picking a weak passphrase. If I'm right
about that, it would mean that an awful lot of people who think they have
security don't. If you pick a weak passphrase, your key could fall to a
dictionary attack. But that's a problem with the user, not PGP.
It's most likely that the person who told you that PGP had been broken was
mistaken. If there's anything at all to the story, chances are
overwhelming that he was referring to a successful dictionary attack
against a single key. A lot of people seem to feel a little uneasy about
MD5, which PGP uses to make signatures; perhaps some super spook has put
a dent in that.
Anything is possible. It's only "Pretty Good" privacy.
But you can rest assured that if credible evidence that PGP has been
compromised ever emerges, you won't have to go digging around for it. It
will be all over the net and the traditional media.
Return to January 1996
Return to ““Perry E. Metzger” <perry@piermont.com>”