[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ViaCrypt PGP
Congratulations and good luck. I have a Mac and will not be buying
you PC version. I might well buy a Mac version especially at the $99
introductory price. I hope you send me e-mail when you have a Mac
version.
I am impressed with PGP and would be willing to pay for a "legal"
version. I have no important secrets but may still buy the program as
a matter of principle.
I have a couple of (free) ideas you may be interested in.
(Consider this a customer request if there are any lawyers about.)
As I understand PGP, it generates random numbers by timing keystrokes
for at least two purposes, first to avoid known plain text and second
to choose large primes for the RSA key. If there were an option to
generate those random numbers by a published mapping from input
text then the following benefits would accrue:
The paranoid could compare the output of your program with others written
to the same spec to gain assurance that programs operated to spec. This
is especially critical in key generation. I would propose that the spec
would be to choose the prime from among an arithmetic sequence A+Bn
where A and B are derived from the input text.
The paranoid would know that the cipher text contained no covert or subliminal
information.
Both of these benefits would accrue without having to read the code for either
of the systems compared. It would need to assume no collusion to achieve this
assurance.
Some paranoids would see the threat of exposure as sufficientreason to
trust the program.
Another advantage is that I could run your PC version on my Mac using SoftPC.
I understand that PGP does not get random keystroke timing under SoftPC.
Yet another advantage would be to those who wish to keep their private key
in their head. This would require remembering and correctly typing about
1000 characters at each computer sesion. An optional text checksum would thus
be strategic and not compromise security.
I understand that the quality of keyed data may be poor. Shannon estimated
that such data could provide about one bit of information per character.
It might be difficult to provide a sufficient warning to users unfamilliar
with information theory on the dangers of known or guessed sayings as input
text. Unlike some cryptographic applications weekness in the random
numbers does not induce sudeen failure. The effort in breaking a public
key declines slowly with declining quality in the random numbers.
Keystroke timing may well be the best default however.