[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

weak point of PGP implementation

To: [email protected]
Subject: weak point of PGP implementation
From: The Phantom <[email protected]>
Date: Tue, 26 Jan 1993 16:15:48 -0800 (PST)
Sender: [email protected]


tcmay says:

----
With strong crypto, e.g., with 300 decimal digit moduli, the "costs"
of decryption by brute force could easily exceed the GNP/GDP of the
U.S.
...
bagged" the house, perhaps a simple pass phrase was used in lieu of
memorizing 300 digits, and so on.
----

I've been wondering about this. It seems as though the weak point of PGP
is one of three possible things:

	1) RSA key length (a key length of 10 digits might be a good
target, but noone using pgp uses anything so absurdly small, so this can
be all but ruled out barring any huge jumps in factoring .. 

	2) 'conventional cryptography' used for encoding the secring.pgp
files, etc. What crypto, exactly, is used? How strong is it? If the NSA
knocked on the door and demanded your computer, would it try to crack your
key, or would it go directly for the secring.pgp file?

	3) length/triviality of pass phrase. This is, I would think, the
weakest point mentioned yet. How long does the pass phrase have to be
until this point becomes as secure as the weaker of the above two? If all
bits of your passphrase were random, how long would an exhaustive search
take? 

matt


Matt Thomlinson
University of Washington, Seattle, Washington.
Internet: [email protected]      	    phone: (206) 528-5732
PGP 2.0 key availaible via email or finger [email protected]

Follow-Ups:
- weak point of PGP implementation
  - From: Eric Hughes <[email protected]>

Prev by Date: Re: Computerized OTP (a clarification)
Next by Date: Remailer Changes
Prev by thread: withdraw
Next by thread: weak point of PGP implementation
Index(es):
- Date
- Thread