Re: Hack PGP
From: Dan Margolis (dmargoli+secbasics_at_af0.net)
Date: Thu, 20 Jan 2005 00:39:26 -0500 To: Nazareno Vicente Feito <firstname.lastname@example.org>
On Tue, Jan 18, 2005 at 09:55:40PM +0000, Nazareno Vicente Feito wrote:
> would not trust berkeley center, cause the same thing they're doing with
> seti@home they can do with pgp keys, but anyway, paranoia aside, the thing
> with pgp keys it's that there's a rumour (I've heard this back in 2000/2001)
> that the M.I.T guys did have a reverse algorithm tool, quite difficult since
> the keys are randomly generated by events on the host computer, but that
> rumour spreaded and some people stoped trusting pgp and started thinking on
> gpg, which is pretty similar but not the same, besides the algorithm
> restrictions that imposes on non American Computers about the amount of bit
> encryptions, Europe it's quite different about this regulations.
As far as I know, the same algorithms used in GPG are available in PGP
(DSA, RSA, and el Gamal). So the question you are presenting is; is the
PGP implementation secure (do we trust PGP)? Granted, there may be some
higher level of trust in GPG, since it's open source, but I haven't
looked at it--have you?
As for there being methods of breaking RSA (or similar), I sorta doubt
it. For instance, in 1973, a British mathematician working for one of
the British Military Intelligence services developed something akin to
RSA, and the British kept it top-secret (who wouldn't want to?). But
only 5 years later, R, S, and A came up with their own system and
released it publicly. With all the potential fame, fortune, and glory to
be gained from publicly breaking RSA, I find it hard to imagin that
someone would have done so and kept it secret--and that nobody else
would also have done so.
Finally, regarding seti@home, there is a similar project for this very
purpose, distributed.net. However, there's a really huge difference
between breaking DES and breaking a standard-length RSA key.