Re: PGP Software - Is it safe?
From: Dave (nospam_at_kcsystems.com)
Date: 05/04/04
- Next message: FromTheRafters: "Re: Can a DLL be a virus?"
- Previous message: zz: "Re: Would a firewall prevent Sasser worm?"
- In reply to: Secure Lockdown: "Re: PGP Software - Is it safe?"
- Next in thread: Secure Lockdown: "Re: PGP Software - Is it safe?"
- Reply: Secure Lockdown: "Re: PGP Software - Is it safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 May 2004 04:42:04 -0700
Secure Lockdown <secure_lockdown@remove.yahoo.com> wrote in message news:<Xns94DEE27CA199Esecurelockdown2123@66.185.95.104>...
> unruh@string.physics.ubc.ca (Bill Unruh) wrote in news:c75uup$5ce$1
> @string.physics.ubc.ca:
>
> >
> > What evidence do you have for this?
>
> uber crypto papers.
>
> > It is impossible to test the
> > security of an encryption system just by looking at the input and
> > output. Unless the encryption is completely and totally stupid, the
> > output will look random.
>
> collisions
>
>
> > You MUST look at the source code for the
> > encryption routines, and must look to see how they are handled.
> >
> > A number of years ago a paper was published showing how the factors in
> > RSA could be encoded in the public key, so that anyone in the know could
> > decrypt any message trivially easily, but this info was completely
> > invisible to those not in the know. Ie, not only the encryption system
> > but also ( or especially) the key generation algorithm need to be public
> > ( Recall also the Netscape disaster, where their ultra secure keys were
> > shown to have only something like 15 bits of randomness due to
> > incompetence in the generation of the random numbers).
> >
> > I would not trust the MS encryption for anything but hiding your cookie
> > recipie from your mother-in-law.
>
> MS just got into bed with RSA. i think the next few generaions of MS OS and
> NOS will be more security focused. perhaps the programmers are still going
> to release stuff that has not been properly and thorouly tested (based on
> standards that should be in place considering they are the major OS out
> there), but i believe there is going to be more focus on security.
Given the prevalence of Microsoft/RSA encryption (EFS, SSL, S/MIME,
etc.) and the lack of exploits, I believe it is fair to say that it is
quite safe.
If there is a weakness in the MS/RSA encryption, it lies in the
general lack of security of Windows and that of human factors -
assuming the use of relatively strong algorithms and keys (128 bit
RC2, 3-DES, minimum 1024 bit keys).
However, there are measures you can take to further protect your keys,
and thus your data, such as enabling "high" protection so as to
password-protect your private key.
- Next message: FromTheRafters: "Re: Can a DLL be a virus?"
- Previous message: zz: "Re: Would a firewall prevent Sasser worm?"
- In reply to: Secure Lockdown: "Re: PGP Software - Is it safe?"
- Next in thread: Secure Lockdown: "Re: PGP Software - Is it safe?"
- Reply: Secure Lockdown: "Re: PGP Software - Is it safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
