[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announcement: Very Good Privacy
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 1 Dec 1996, jonathon wrote:
> > > I'm not sure how an encryption product that uses encryption
> > > algorithms weaker than Pretty Good Privacy can be described
> > Both programs use IDEA. How is this weaker?
>
> IDEA & RC4 were the only algorithms listed that AC2
> doesn't list
> as having a security flaw. And that isn't even true, if
> one considers "weak keys" to be a security flaw, for IDEA.
My point was that both programs use IDEA, so you couldn't characterize on as
weaker than the other one. Weak algorithms are an option, but that doesn't
make the program any weaker.
Nearly every algorithm has some weak keys. One out of every 2^96 IDEA keys
are weak. If this is considered a security flaw, then every algorithm with
a keyspace of less than 96 bits is a "security flaw" because someone could
pick the correct key on the first try. Besides, it's easy to prevent weak keys
from being chosen, even though it obviously isn't necessary.
> Some of the others are breakable on the fly, by a human.
>
> > RC4 has stood up to cryptanalysis. It's secure as long as the same key
> > isn't used twice.
>
> "Not used twice" is the operative phrase.
That doesn't mean it shouldn't be an option. I encrypt my files with different
passphrases, so RC4 wouldn't be a problem in a case like that.
Mark
- --
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQEVAwUBMqEqQyzIPc7jvyFpAQHTIQf+LtUIH50HH7FKUGq4i9RgM3yDwXLkL1eV
zQJeO862DGGLF/mYy/vs7UH1NQsTu3XR2pT9tWnurboSJgS8qekUfslGo6wb+gyT
u4RoYV7a+h8A2JTUPQKLbJt6uYVw1jLCFfHlo6xkFP9TGedsVWwdB0hE+gX2EJHl
ckMcFKpdNWkYAcdwhKRdXz/737JDlFvNi4s0DyZ5AgP/bcEVqeb7IpBJPEDlu0Jf
GiwJvxtJ7SAcuvkDSUghKVeS8/uL3S6IRY4Gl+t5SYpO2Pf8bGUW3hl60w7dWQa/
WABQ4iDltFYPzBKoskW4vvaOc4bP7FfqVNgmeQyhKdXBd8nXh60tog==
=T2Lb
-----END PGP SIGNATURE-----