[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pgp broken?



Although there is always the possibility that PGP could be broken, it
is highly unlikely that the program as a whole has been broken.  I
would think that it would be much easier to attempt to guess someone's
passphrase than to brute-force the crypto in the program.

Also, if it is the DoD that is purporting this supposed break, I doubt
the public will ever hear about it.  It would be interesting to know
"how" PGP was supposedly broken.  Was a cryptographic routine broken,
or was it a user interface break?  I.e., was a signature forged or a
message decrypted?  Or was an old message replayed as a new one?

Also, it could be that a small PGP key has been broken.  A 384-bit PGP
key has already been broken by a factoring attack.  That is neither
surprising nor alarming to say the least.  Without more information it
really is impossible to analyze what happened.

-derek