[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Silvernail Concedes / Hides In Shame
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 14 Mar 1997, TruthMonger wrote:
> If this is the case, Roy, I apologize.
> I didn't notice that you had changed the reply-to address on your
> response to bypass the anonymity of your reply, so it appeared in
> my headers in the same format as those replies I receive through
> the list.
>
> I sometimes forget that there are those who do not wish the
> contents of their private email to reflect on their public image.
> I wouldn't lose too much sleep over it, however, since many
> people on the list hate to have their bubbles burst and probably
> killfiled me after my first post.
>
> I'm still waiting for someone to reply to the actual issues I
> raised in my post, as opposed dealing with imaginary daemons that
> they tacked on to the thread.
I will attempt to address the issues you addressed in your post, although I
don't have the original. You claimed that rsaref was spook-developed and could
have a backdoor in it. Also, you said that charges were dropped against PRZ
after PGP was redistributed with rsaref. I'm not sure whether charges were
actually filed against PRZ for patent infringement, but he included rsaref in
later versions to avoid legal problems. This has nothing to do with PRZ being
charged with illegally exporting PGP. These charges were dropped right before
the statue of limitations ran out, not after Phil built PGP with rsaref.
The security of rsaref can be verified pretty easily. Just create a few test
vectors with another rsa implementation such as SSLeay, the rsa perl script,
or Phil's original rsa code. If the output matches, then there is not a
backdoor in rsa (unless the same backdoor exists in every implementation of
rsa and/or every C compiler). It could be that there is a way easier than
factoring to break rsa, but in this case, every version of PGP is insecure, not
just >=2.5 (or there might be a way to factor numbers in polynomial time).
The most likely place that there would be a backdoor would be either in the
key-generation algorithm or in the PRNG. I'm not sure if much of the
key-generation code was changed between PGP 2.3 and 2.5. There was a bug in
the PRNG that supposedly made it weaker.
Finally, if you're really concerned about rsaref, use the international
version which does not use rsaref (it's also a lot faster). I know there's
one version that was developed independantly of the other versions from the
2.3 code. There could be weaknesses in MD5 and IDEA, but MD5 was always used
so if there is a weakness in MD5, then every version of PGP has this weakness.
IDEA was not developed by the USG or anyone that was likely to be influenced
by the USG. It was also introduced in 2.0, so if there was a weakness in IDEA,
this would mean that every version of PGP >=2.0 would be insecure.
Although I haven't personally scrutinized the PGP source code, I would say that
there is _very_ little chance that there is a backdoor in it. It might be
insecure, but if this was true, then most crypto programs would also be
breakable.
Mark
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQEVAwUBMynAhizIPc7jvyFpAQEOawf/WxsQ03rHsAFi6dlCm78ByFmuEWD7aU5Q
UcbMPwLAYcrFUmeNNepgMclQyANyVRMMe14BvXevEV36Y+1KBzohvr9eEjbnu7wp
qqp1U1wE2M6eVNI0/xsp6IMeLGHeKQIcXS5Tf0pS3wqUvKbLPnmzDbruuXqrW75l
Y0cWD+5bA+72LKRDK/Nk3v65pvwm3UFT2Kh3dpd+UA13lyb4W3JEEmUMmbI79Hqp
Ueik1rYjYpWpp9YFLLVfOXug6pQiW/FXhnBgQsxuqnw5Hs/73QM4dyRpmL+QRLe5
X4cgtgwAe1ZgZDEVoyHHJLyCtAyJn5w3qQ8GcSqlwD8bM5b6fjsPfA==
=0iGi
-----END PGP SIGNATURE-----