"PGP Encryption Proves Powerful"

Bill Stewart bill.stewart at pobox.com
Sun Jun 1 01:22:39 EDT 2003 

At 11:38 AM 05/30/2003 -0700, John Young wrote:
>If the FBI cannot crack PGP that does not mean other
>agencies with greater prowess cannot. It is unlikely that
>the capability to crack PGP would be publicly revealed
>for that would close an invaluable source of information.
>.....
>Still, it is impressive that PRZ valiantly argues that PGP is
>algorithmically impregnable. That should satisfy its users as
>well as its crackers.

And Phil was quoted as saying
 > "Does PGP have a back door? The answer is no, it does not,"
 > he said. "If the device is running PGP it will not be possible
 > to break it with cryptanalysis alone."

But in fact that's incorrect.  PGP doesn't have back doors,
but it has two major weaknesses, which are weak user-chosen passphrases,
combined with a secret key file format that makes it easy to
verify whether a key has been guessed correctly,
and human-rememberable passphrases, combined with
rubber-hose cryptanalysis and a captured agent.

If you're doing good operational security, and the
Red Brigades probably are, your passphrases have good enough entropy
that they're hard to crack, but if they got sloppy,
and someone wants to feed all the information that's known about them
to pgpcrack, it's possible that they'll find something.
It's less likely than VENONA succeeding, because the importance
of good passphrases was known, and unlike one-time pads there's
no operational need to occasionally get sloppy under time pressure.

I'm not aware of a PGP port to the Psion, but at least the
Psion 3/3a/3c generation were 8086-like processors,
and there was a C compiler ported to them,
so perhaps somebody ported one of the earlier PGPs.
(There was an old HP palmtop that ran genuine MS-DOS,
unlike the Psion's more interesting operating system,
and you could probably run PGP on that directly.)


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list