Re: PGP Secure? Nope!

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 02/27/03 

From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 27 Feb 2003 01:25:57 GMT

Hans Fleischmann <hansi@stack.n_l> writes:

]I think PGP-security is OK for me at the moment. Although I believe that
]the NSA has huge computing power and does have the best cryptologists in
]the world, I still do not think they can crack a regular PGP-signed
]message within a reasonable time, say a year, assuming that they are not
]given any backdoor (i.e. weak passphrase). Moreover I do not think the
]information I send around is interesting enough or even seems
]interesting enough for them to try to crack it.
]I believe the NSA can not systematically crack all PGP-encrypted
]messages they recieve, not even from a single email-adres and at the
]moment I believe the NSA can't crack reasonably executed PGP-encryption
]at all.

]Hans Fleischmann

]FYI: PGP dropped the 3DES-algorithm a long time ago and is now using
]Diffie-Hellman for synchronous encryption.

??? PGP never used 3DES (It may be an option now.) It started with a
home grown insecure algorithm developed by Zimmerman, then went to Idea
(which is patented) and now gives you a choice between a number. This is
for the symmetric algorithm. For the public key it has always used RSA.
Recently it has also given the option of DH.

]> | Anyone really believe that PGP offer encryption without backdoors for US
]> | government???

Well, read the source code. If you can find the backdoor, you will be
famous.

]> | Anyone really believe that the CIA e-mail scanners ( Eshelon ) really
]> comes
]> | to short when trying to access a PGP encrypted mail or file?

See above

]> |
]> | Here is an alternative:
]> | http://technology.glueckkanja.com
]> |
]> http://www.focus-europe.com/Tech_White_Paper_Migrating_from_NAI_PGP_to_Crypt
]> | oEx.pdf

Wow. Go from using an algorithm which is well tested to some homegrown
system. Why not use your own special decoder ring instead.

]> |
]> | An additional tool for encrypting disks:
]> | www.bestrcrypt.com
]> |
]> | An additional tool for encrypting SFX packages:
]> | http://www.klsofttools.com/pkey.php
]> |
]> | Non of these is tools are "made in USA" - a good proof for security!

And why would that be? No other government in the world is interested in
reasing encrypted communications?

Relevant Pages

  • Re: Microsoft Let NSA Spooks Enhance Windows 7
    ... The spooks at the NSA are, of course, notorious for their role monitoring ... the Senate Judiciary's Subcommittee on Terrorism and Homeland Security: ... These IT companies all want to do business with the government, ... should think, however, that doing all your encrypting on a computer ...
    (alt.privacy)
  • Re: PGP Secure? Nope!
    ... To make an assumption that the NSA has the capability to crack the most ... Everyone knew DES was cracked in about three minutes a few ... It was even crack by amateurs in a EFF contest. ... mathematics come from universities and research institutes. ...
    (alt.computer.security)
  • Re: PGP Secure? Nope!
    ... True the NSA probably have no interest in our discussions. ... NSA are not interested but if they wanted to they could crack pgp in real ... > Diffie-Hellman for synchronous encryption. ...
    (alt.computer.security)
  • Re: PGP Secure? Nope!
    ... I still do not think they can crack a regular PGP-signed ... >]I believe the NSA can not systematically crack all PGP-encrypted ... >]moment I believe the NSA can't crack reasonably executed PGP-encryption ... make CAST the default for some reason. ...
    (alt.computer.security)
  • Re: PGP Secure? Nope!
    ... I still do not think they can crack a regular PGP-signed ... I believe the NSA can not systematically crack all PGP-encrypted ... PGP dropped the 3DES-algorithm a long time ago and is now using ... Diffie-Hellman for synchronous encryption. ...
    (alt.computer.security)