Re: PGP 2.6.3ia and the passing of time?

George Orwell <nobody@xxxxxxxxxxxx> writes:

I'm really reticent about trying to use this person's
1024-bit public-key.

Paul Rubin wrote:

Why, what do you think might happen?





Thank-you for your reply Paul.


The "person" is actually a corporation , and the corporation
is requiring users to send sensitive data to it via the
Internet (ie. , not via protected internal networks or via
VPN's , SSH , SSL , etc).


This corporation is a high-profile target. If any
of the data is intercepted and decrypted , it could result in
damage to the corporation's reputation (prestige) and
brand-image and possibly cause more direct financial-losses.


The public-key that is to be used is almost ten-years old ,
having been generated in 1997 , and is posted on the
corporation's website (http). The corporation will not
be providing any software or modules for users.


As I mentioned I am reticent , I would not wish to be
in any way responsible for the sending of encrypted data
that might perhaps be intercepted and decrypted easily or
obtained easily in some related way.


I would not think it safe to send data that has been
encrypted in such a way with a key that is close to
ten-years old.


I would not think it safe to trust individual users with the
task of acquiring , installing , testing , and ultimately
using additional software or modules in an attempt to make
their encryption programs in some way compatible with the
corporation's PGP 2.6.3ia.


Would it be wise for what is a high-profile target ,
for a corporation that would be attractive to crackers for
a number of reasons , to be using PGP 2.6.3ia and a
public-key that is nearly 10-years old?


Best Regards.

.

Relevant Pages

  • Re: one way permutation?
    ... It's still modular encryption, but it's only ... For that, you DO need public-key techniques, such as ... Look on my page about "Passwords and ... kind -> owner ...
    (sci.crypt)
  • Re: EFS and DRA. Admin unable to decrypt
    ... >So the certificate is used to identify the user & the ... EFS encryption key, the system will generate one for him. ... file using *his* private key, because his public key was incorporated ... into the public-key encryption of the FEK. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: When will we see the new DVD format?
    ... This would still work if public-key encryption hadn't been invented and ... If the answer the player needs from the Internet is a key for the disc, ... was used for encryption of the disc key. ...
    (alt.video.dvd)
  • Re: Crypto Mini-FAQ
    ... Q: What is identity-based encryption? ... It is a variant of public-key cryptograpphy, ... However, when the recipient opens the first message, ... EaSecure Corporation will not be liable to ...
    (sci.crypt)
  • Re: Basic question: Public-key encryption
    ... It's something very similar to public-key encryption, ... and what a digital signature does probably _is_ pretty much what you ... The reason it's called "signing" is that the way it essentially works ...
    (sci.crypt)