From: rarachel@prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 24 Apr 1994 14:23:19 -0400 (EDT)
[...] so I certainly do not put it beyond their agenda, (D.Denning on AOL mentioned that she didn't know if the IDEA cypher that PGP uses was broken >YET< but she would comment no further. :-) Spreading inuendoes
In Crypto 93 is described a class of 2^55 (if I remember correctly) IDEA keys for which IDEA offers scant security. Your chances of getting one of these is only 2^55/2^128 == 1 in 2^73 if you choose your IDEA keys with a uniform distribution from the IDEA keyspace. (The authors also propose a simple patch -- XOR each key part just before use with 0DAE. Does any one know of plans to implement this in PGP, or of reports that this scheme doesn't solve the problem, or introduces other problems?) So, DD wasn't lying, or even necesarily being tricky. Other cyphers have fallen before, and some cracks _are_ visible in IDEA already. Also, after reading Crypto '92 and '93 for a while, I am more and more impresed and suprised with the work that NSA put into creating DES from Lucifer. Impressed that it was so good, and suprised that the work was so honest (as far as anyone will report to date anyway.). j' -- O I am Jay Prime Positive jpp@markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp@markv.com', or via email to pgp-public-keys@io.com Your feedback is welcome directly or via my symbol JPP on hex@sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition@cpsr.org