[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: [email protected]*Subject*: Weakness of the PGP scheme ?*From*: [email protected]*Date*: 4 Dec 92 15:22:03 GMT+1*Organization*: Rogaland University Centre*Priority*: normal

To my knowledge there is done very little cryptographical anlysis on the PGP protocol, and just recently I saw I possible weak point in the PGP scheme. The underlying security of the PGP scheme is based on two different systems, the RSA asymetric cipher and the IDEA cipher. For standard encryption the plaintext is encrypted with a IDEA using a "random" key, then the key is communicated using RSA. Then we have two direct ways of analysing a message, we might have a run a plaintext attack on the ciphertext trying out all possible IDEA keys which will tak a lot of effort, or we might break the RSA key to get the IDEA key. But I propose an easier attack; Using a Encrypted Ciphertext together with the public key used for encryption, It would be possible to run a trial encrypting all possible IDEA keys using the RSA public key and compare it with the encrypted IDEA key, if a match is found then you have the IDEA key for this one message. Using an RSA chip that is capable of performing exponetsiations VERY fast I dont think that this would be unfeasable. The most important factor in this attack is the length of the IDEA key. But another concern is the generation of the IDEA key, is it possible knowing the value of the RANDSEED to know all the subsequent IDEA keys?, or would knowing the last IDEA key drastically reduce the time needed to search for a subsequent one? So far I haven't studied PGP enough to answer all these questions.

**Follow-Ups**:**Weakness of the PGP scheme ?***From:*[email protected] (Perry E. Metzger)

- Prev by Date:
**Chosen cryptotext and RSA** - Next by Date:
**Weakness of the PGP scheme ?** - Prev by thread:
**Chosen cryptotext and RSA** - Next by thread:
**Weakness of the PGP scheme ?** - Index(es):