Re: Hack PGP

• Previous message: Frank Hamersley: "RE: Remote Desktop vs VPN on Windows 2003"
• In reply to: Nazareno Vicente Feito: "Re: Hack PGP"
• Reply: David J. Bianco: "Re: Hack PGP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Jan 2005 00:39:26 -0500
To: Nazareno Vicente Feito <nvfeito@advancedsl.com.ar>

On Tue, Jan 18, 2005 at 09:55:40PM +0000, Nazareno Vicente Feito wrote:
> would not trust berkeley center, cause the same thing they're doing with
> seti@home they can do with pgp keys, but anyway, paranoia aside, the thing
> with pgp keys it's that there's a rumour (I've heard this back in 2000/2001)
> that the M.I.T guys did have a reverse algorithm tool, quite difficult since
> the keys are randomly generated by events on the host computer, but that
> rumour spreaded and some people stoped trusting pgp and started thinking on
> gpg, which is pretty similar but not the same, besides the algorithm
> restrictions that imposes on non American Computers about the amount of bit
> encryptions, Europe it's quite different about this regulations.

As far as I know, the same algorithms used in GPG are available in PGP
(DSA, RSA, and el Gamal). So the question you are presenting is; is the
PGP implementation secure (do we trust PGP)? Granted, there may be some
higher level of trust in GPG, since it's open source, but I haven't
looked at it--have you?

As for there being methods of breaking RSA (or similar), I sorta doubt
it. For instance, in 1973, a British mathematician working for one of
the British Military Intelligence services developed something akin to
RSA, and the British kept it top-secret (who wouldn't want to?). But
only 5 years later, R, S, and A came up with their own system and
released it publicly. With all the potential fame, fortune, and glory to
be gained from publicly breaking RSA, I find it hard to imagin that
someone would have done so and kept it secret--and that nobody else
would also have done so.

Finally, regarding seti@home, there is a similar project for this very
purpose, distributed.net. However, there's a really huge difference
between breaking DES and breaking a standard-length RSA key.

-- 
Dan

• Previous message: Frank Hamersley: "RE: Remote Desktop vs VPN on Windows 2003"
• In reply to: Nazareno Vicente Feito: "Re: Hack PGP"
• Reply: David J. Bianco: "Re: Hack PGP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]