[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question for PGP Gurus



> Someone has told me that pre-MIT versions of PGP may have compromised
> security because "the session key is hashed solely from the
> plaintext."
> 
> Is this true? What's the significance? Is there any weakness?

This is not true.  The session key is based upon random input (key
timings from the passphrase, and other sources of random input) as
well as the randseed.bin file, which was generated by random
keypresses at key generation.  (It may also include other sources of
randomness as well; I do not recall).

This is only for the random session keys.  If you use conventional
crypto mode (pgp -c), then the IDEA key is based solely on the hash of
the passphrase, and I believe the IV is not random (maybe it should be
a random IV?)

Hope this helps, Tim.

-derek