Re: PGP Software - Is it safe?

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 05/03/04

• Next message: FromTheRafters: "Re: How secure is your Windows Computer?"
• Previous message: Ian Kenefick: "Re: How secure is your Windows Computer?"
• In reply to: Dave: "Re: PGP Software - Is it safe?"
• Next in thread: Secure Lockdown: "Re: PGP Software - Is it safe?"
• Reply: Secure Lockdown: "Re: PGP Software - Is it safe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 3 May 2004 17:19:21 +0000 (UTC)

nospam@kcsystems.com (Dave) writes:

]There are a number of alternatives to PGP - such as Crypteze - that
]use the built-in encryption capabilities (RSA, etc.) of Windows and
]Outlook/Outlook Express. For just secure e-mail you could of course
]acquire a digital ID from any of various providers such as Verisign.

]In general, the encryption capablities offered by Windows can be
]regarded as being very safe.

What evidence do you have for this? It is impossible to test the
security of an encryption system just by looking at the input and
output. Unless the encryption is completely and totally stupid, the
output will look random. You MUST look at the source code for the
encryption routines, and must look to see how they are handled.

A number of years ago a paper was published showing how the factors in
RSA could be encoded in the public key, so that anyone in the know could
decrypt any message trivially easily, but this info was completely
invisible to those not in the know. Ie, not only the encryption system
but also ( or especially) the key generation algorithm need to be public
( Recall also the Netscape disaster, where their ultra secure keys were
shown to have only something like 15 bits of randomness due to
incompetence in the generation of the random numbers).

I would not trust the MS encryption for anything but hiding your cookie
recipie from your mother-in-law.

---

• Next message: FromTheRafters: "Re: How secure is your Windows Computer?"
• Previous message: Ian Kenefick: "Re: How secure is your Windows Computer?"
• In reply to: Dave: "Re: PGP Software - Is it safe?"
• Next in thread: Secure Lockdown: "Re: PGP Software - Is it safe?"
• Reply: Secure Lockdown: "Re: PGP Software - Is it safe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Verification ... > The processor doesn't have a chance of doing any kind of public private key ... > encryption ... > using an RSA public key allowing the device to tell it's session key (if you ... (sci.crypt) Re: Sharing Encrypted Data ... > where D stands for decryption and E stands for encryption. ... You can use RSA directly or any ... You could then give your public key ... decryption functions are identical, differing only by the key they use. ... (sci.crypt.research) RSA public-key system with smaller keys ... pseudorandom generator used in a classical RSA key generator. ... This extends to any public key cryptosystem, ... replace K by the encryption of K with key L ... (sci.crypt) Re: user does not have acces privileges ... to reinstall the windows to do that. ... ownership is the reason of the inaccessibility. ... I'm not an expert but I find out, it is not the encryption but ... "Zorro" wrote: ... (microsoft.public.windowsxp.accessibility) Re: rsa implementation question ... as there is no notion of blocks in public key ... |> cryptography, there's only the notion of doing an operation ... including RSA. ... and encryption, based on the "Exact Security" and "OAEP" papers ... (comp.lang.python)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2004-05