mailing list archives
Re: Hack PGP
From: Dan Margolis <dmargoli+secbasics () af0 net>
Date: Thu, 20 Jan 2005 00:39:26 -0500
On Tue, Jan 18, 2005 at 09:55:40PM +0000, Nazareno Vicente Feito wrote:
would not trust berkeley center, cause the same thing they're doing with
seti () home they can do with pgp keys, but anyway, paranoia aside, the thing
with pgp keys it's that there's a rumour (I've heard this back in 2000/2001)
that the M.I.T guys did have a reverse algorithm tool, quite difficult since
the keys are randomly generated by events on the host computer, but that
rumour spreaded and some people stoped trusting pgp and started thinking on
gpg, which is pretty similar but not the same, besides the algorithm
restrictions that imposes on non American Computers about the amount of bit
encryptions, Europe it's quite different about this regulations.
As far as I know, the same algorithms used in GPG are available in PGP
(DSA, RSA, and el Gamal). So the question you are presenting is; is the
PGP implementation secure (do we trust PGP)? Granted, there may be some
higher level of trust in GPG, since it's open source, but I haven't
looked at it--have you?
As for there being methods of breaking RSA (or similar), I sorta doubt
it. For instance, in 1973, a British mathematician working for one of
the British Military Intelligence services developed something akin to
RSA, and the British kept it top-secret (who wouldn't want to?). But
only 5 years later, R, S, and A came up with their own system and
released it publicly. With all the potential fame, fortune, and glory to
be gained from publicly breaking RSA, I find it hard to imagin that
someone would have done so and kept it secret--and that nobody else
would also have done so.
Finally, regarding seti () home, there is a similar project for this very
purpose, distributed.net. However, there's a really huge difference
between breaking DES and breaking a standard-length RSA key.