[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pgp broken?

To: [email protected]
Subject: Re: pgp broken?
From: Derek Atkins <[email protected]>
Date: Tue, 16 Jan 1996 19:16:36 EST
Cc: [email protected]
In-Reply-To: Your message of "Tue, 16 Jan 1996 15:45:44." <[email protected]>
Sender: [email protected]

Although there is always the possibility that PGP could be broken, it
is highly unlikely that the program as a whole has been broken.  I
would think that it would be much easier to attempt to guess someone's
passphrase than to brute-force the crypto in the program.

Also, if it is the DoD that is purporting this supposed break, I doubt
the public will ever hear about it.  It would be interesting to know
"how" PGP was supposedly broken.  Was a cryptographic routine broken,
or was it a user interface break?  I.e., was a signature forged or a
message decrypted?  Or was an old message replayed as a new one?

Also, it could be that a small PGP key has been broken.  A 384-bit PGP
key has already been broken by a factoring attack.  That is neither
surprising nor alarming to say the least.  Without more information it
really is impossible to analyze what happened.

-derek

References:
- pgp broken?
  - From: "greg pitz" <[email protected]>

Prev by Date: Re: A weakness in PGP signatures, and a suggested solution
Next by Date: Re: A Modest Proposal: Fattening up the Proles
Prev by thread: Re: pgp broken?
Next by thread: Re: pgp broken?
Index(es):
- Date
- Thread