[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weak point of PGP implementation



Eric Hughes says:
> Matt mentions three potential weaknesses in PGP: RSA key length, the
> IDEA cypher, the pass phrase.

Probably the first two even a paranoid person won't call "weaknesses".
The pass-phrase - th docs should give some guidelines, as to how one
must choose his pass-phrase (if it's already there - apologies :-).

> Let me add:

And now you're talking! (:-)

> 4. The random number generator used to make session keys.  If this is
> weak, then an opponent might be able to guess them feasibly.  This attack
> does not require breaking the underlying cryptography.
>
> 5. Weak random numbers for RSA key generation.  If the numbers in the
> random number pool are not as random as they should be, then one might
> simply simulate the prime generation algorithm and compile a table of
> potential PGP primes.

It looks  like that [former] Soviet professor found and pointed out
exactly those weaknesses: poor RSA keys (making factoring about two
orders of magnitude easier) and poor something else (I couldn't
understand what he meant, sorry :-). Quite possible he hit
session keys (as likely as not)...
--
Regards,
Uri         [email protected]      scifi!angmar!uri 	N2RIU
-----------
<Disclamer>


From cypherpunks-request  Tue Jan 26 21:28:06 1993