Home page logo
/

basics logo Security Basics mailing list archives

Re: Hack PGP
From: Dan Margolis <dmargoli+secbasics () af0 net>
Date: Thu, 20 Jan 2005 00:39:26 -0500

On Tue, Jan 18, 2005 at 09:55:40PM +0000, Nazareno Vicente Feito wrote:
would not trust berkeley center, cause the same thing they're doing with 
seti () home they can do with pgp keys, but anyway, paranoia aside, the thing 
with pgp keys it's that there's a rumour (I've heard this back in 2000/2001) 
that the M.I.T guys did have a reverse algorithm tool, quite difficult since 
the keys are randomly generated by events on the host computer, but that 
rumour spreaded and some people stoped trusting pgp and started thinking on 
gpg, which is pretty similar but not the same, besides the algorithm 
restrictions that imposes on non American Computers about the amount of bit 
encryptions, Europe it's quite different about this regulations.

As far as I know, the same algorithms used in GPG are available in PGP
(DSA, RSA, and el Gamal). So the question you are presenting is; is the
PGP implementation secure (do we trust PGP)? Granted, there may be some
higher level of trust in GPG, since it's open source, but I haven't
looked at it--have you?

As for there being methods of breaking RSA (or similar), I sorta doubt
it. For instance, in 1973, a British mathematician working for one of
the British Military Intelligence services developed something akin to
RSA, and the British kept it top-secret (who wouldn't want to?). But
only 5 years later, R, S, and A came up with their own system and
released it publicly. With all the potential fame, fortune, and glory to
be gained from publicly breaking RSA, I find it hard to imagin that
someone would have done so and kept it secret--and that nobody else
would also have done so. 

Finally, regarding seti () home, there is a similar project for this very
purpose, distributed.net. However, there's a really huge difference
between breaking DES and breaking a standard-length RSA key. 

-- 
Dan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]