From: “Mark M.” <markm@voicenet.com>
To: cypherpunks@toad.com
Message Hash: 69cab113993033cc66133fc43af7f7a702858d31e9dc1a47d9c31ea084114799
Message ID: <Pine.LNX.3.95.961201013725.2291A-100000@gak.voicenet.com>
Reply To: <Pine.SUN.3.95.961201061050.6961C-100000@netcom23>
UTC Datetime: 1996-12-01 06:47:09 UTC
Raw Date: Sat, 30 Nov 1996 22:47:09 -0800 (PST)
From: "Mark M." <markm@voicenet.com>
Date: Sat, 30 Nov 1996 22:47:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Announcement: Very Good Privacy
In-Reply-To: <Pine.SUN.3.95.961201061050.6961C-100000@netcom23>
Message-ID: <Pine.LNX.3.95.961201013725.2291A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 1 Dec 1996, jonathon wrote:
> > > I'm not sure how an encryption product that uses encryption
> > > algorithms weaker than Pretty Good Privacy can be described
> > Both programs use IDEA. How is this weaker?
>
> IDEA & RC4 were the only algorithms listed that AC2
> doesn't list
> as having a security flaw. And that isn't even true, if
> one considers "weak keys" to be a security flaw, for IDEA.
My point was that both programs use IDEA, so you couldn't characterize on as
weaker than the other one. Weak algorithms are an option, but that doesn't
make the program any weaker.
Nearly every algorithm has some weak keys. One out of every 2^96 IDEA keys
are weak. If this is considered a security flaw, then every algorithm with
a keyspace of less than 96 bits is a "security flaw" because someone could
pick the correct key on the first try. Besides, it's easy to prevent weak keys
from being chosen, even though it obviously isn't necessary.
> Some of the others are breakable on the fly, by a human.
>
> > RC4 has stood up to cryptanalysis. It's secure as long as the same key
> > isn't used twice.
>
> "Not used twice" is the operative phrase.
That doesn't mean it shouldn't be an option. I encrypt my files with different
passphrases, so RC4 wouldn't be a problem in a case like that.
Mark
- --
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQEVAwUBMqEqQyzIPc7jvyFpAQHTIQf+LtUIH50HH7FKUGq4i9RgM3yDwXLkL1eV
zQJeO862DGGLF/mYy/vs7UH1NQsTu3XR2pT9tWnurboSJgS8qekUfslGo6wb+gyT
u4RoYV7a+h8A2JTUPQKLbJt6uYVw1jLCFfHlo6xkFP9TGedsVWwdB0hE+gX2EJHl
ckMcFKpdNWkYAcdwhKRdXz/737JDlFvNi4s0DyZ5AgP/bcEVqeb7IpBJPEDlu0Jf
GiwJvxtJ7SAcuvkDSUghKVeS8/uL3S6IRY4Gl+t5SYpO2Pf8bGUW3hl60w7dWQa/
WABQ4iDltFYPzBKoskW4vvaOc4bP7FfqVNgmeQyhKdXBd8nXh60tog==
=T2Lb
-----END PGP SIGNATURE-----
Return to December 1996
Return to ““Mark Rosen” <mrosen@peganet.com>”