Re: PGP Software - Is it safe?
From: Secure Lockdown (secure_lockdown_at_remove.yahoo.com)
Date: Tue, 04 May 2004 02:15:38 GMT
firstname.lastname@example.org (Bill Unruh) wrote in news:c75uup$5ce$1
> What evidence do you have for this?
uber crypto papers.
> It is impossible to test the
> security of an encryption system just by looking at the input and
> output. Unless the encryption is completely and totally stupid, the
> output will look random.
> You MUST look at the source code for the
> encryption routines, and must look to see how they are handled.
> A number of years ago a paper was published showing how the factors in
> RSA could be encoded in the public key, so that anyone in the know could
> decrypt any message trivially easily, but this info was completely
> invisible to those not in the know. Ie, not only the encryption system
> but also ( or especially) the key generation algorithm need to be public
> ( Recall also the Netscape disaster, where their ultra secure keys were
> shown to have only something like 15 bits of randomness due to
> incompetence in the generation of the random numbers).
> I would not trust the MS encryption for anything but hiding your cookie
> recipie from your mother-in-law.
MS just got into bed with RSA. i think the next few generaions of MS OS and
NOS will be more security focused. perhaps the programmers are still going
to release stuff that has not been properly and thorouly tested (based on
standards that should be in place considering they are the major OS out
there), but i believe there is going to be more focus on security.
-- Secure Lockdown CISSP, MCSE, Security+, Linux+