Jim Gillogly (jim@mentat.com)
Thu, 9 Apr 98 12:53:12 PDT
The Sheriff sez:
> I'm familliar with the basic logistic weaknesses behind PGP (security
> of secret keys and passphrases and the like), but I'm interested
> in what weaknesses (if any) the PGP algorythm has.
There are no unclassified breaks published for any of the algorithms
used in PGP versions past 1.0, which used the apparently bogus
Bass-o-Matic symmetric encryption algorithm. The best published
attacks on RSA, ElGamal, DSS, IDEA, 3DES, CAST, MD5, and SHA1 are the
obvious ones, which are computationally infeasible for the key sizes
used in PGP. Timing attacks are possible depending on the version, but
require extraordinary access to the victim's machine. Four of us
factored an RSA modulus used in a live PGP key and read some of the
associated traffic; that was for a key size shorter than those
currently used in PGP. External attacks are also possible: Van Eck
radiation and Ethernet sniffing, for example, as with any
cryptosystem.
There's a "PGP Attack FAQ" floating around the Web which goes into
some of this stuff further. A search engine ought to turn it up.
Jim Gillogly
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:56 ADT