Re: PGP Software - Is it safe?

From: Dave (nospam_at_kcsystems.com)
Date: 05/04/04


Date: 4 May 2004 04:42:04 -0700

Secure Lockdown <secure_lockdown@remove.yahoo.com> wrote in message news:<Xns94DEE27CA199Esecurelockdown2123@66.185.95.104>...
> unruh@string.physics.ubc.ca (Bill Unruh) wrote in news:c75uup$5ce$1
> @string.physics.ubc.ca:
>
> >
> > What evidence do you have for this?
>
> uber crypto papers.
>
> > It is impossible to test the
> > security of an encryption system just by looking at the input and
> > output. Unless the encryption is completely and totally stupid, the
> > output will look random.
>
> collisions
>
>
> > You MUST look at the source code for the
> > encryption routines, and must look to see how they are handled.
> >
> > A number of years ago a paper was published showing how the factors in
> > RSA could be encoded in the public key, so that anyone in the know could
> > decrypt any message trivially easily, but this info was completely
> > invisible to those not in the know. Ie, not only the encryption system
> > but also ( or especially) the key generation algorithm need to be public
> > ( Recall also the Netscape disaster, where their ultra secure keys were
> > shown to have only something like 15 bits of randomness due to
> > incompetence in the generation of the random numbers).
> >
> > I would not trust the MS encryption for anything but hiding your cookie
> > recipie from your mother-in-law.
>
> MS just got into bed with RSA. i think the next few generaions of MS OS and
> NOS will be more security focused. perhaps the programmers are still going
> to release stuff that has not been properly and thorouly tested (based on
> standards that should be in place considering they are the major OS out
> there), but i believe there is going to be more focus on security.

Given the prevalence of Microsoft/RSA encryption (EFS, SSL, S/MIME,
etc.) and the lack of exploits, I believe it is fair to say that it is
quite safe.

If there is a weakness in the MS/RSA encryption, it lies in the
general lack of security of Windows and that of human factors -
assuming the use of relatively strong algorithms and keys (128 bit
RC2, 3-DES, minimum 1024 bit keys).

However, there are measures you can take to further protect your keys,
and thus your data, such as enabling "high" protection so as to
password-protect your private key.



Relevant Pages

  • CryptoSurvey -- Results ..
    ... Many same or similar behavioral barriers for the ... effective utilization of many security solutions still exist limiting ... applications of encryption technologies currently in commercial ... Many people do not care about cryptography and/or security products ...
    (sci.crypt)
  • CryptoSurvey -- Results ..
    ... Many same or similar behavioral barriers for the ... effective utilization of many security solutions still exist limiting ... applications of encryption technologies currently in commercial ... Many people do not care about cryptography and/or security products ...
    (sci.crypt)
  • Re: OT - Kuwait
    ... > One place where I agree with you is that the scope of government intrusion ... > into the private matters of Americans is much greater than most Americans ... >>> strict security procedures to prevent unauthorized release of the keys. ... >> Feds Want to Control Encryption ...
    (alt.sports.football.pro.ne-patriots)
  • Re: OT - Kuwait
    ... Making the case for encryption standards that would allow the Feds to ... One place where I agree with you is that the scope of government intrusion ... into the private matters of Americans is much greater than most Americans ... >> strict security procedures to prevent unauthorized release of the keys. ...
    (alt.sports.football.pro.ne-patriots)
  • Re: National Security Backdoor in telnetd - all versions.
    ... >>against the Secret Service for their violations of civil rights. ... encryption techniques to protect critical resources. ... plants have absolutely horrid security resulting from these stupidities. ... Of course I doubt you have an NDA with the government - so ...
    (comp.os.linux.security)