Eric Hughes says:
Matt mentions three potential weaknesses in PGP: RSA key length, the IDEA cypher, the pass phrase.
Probably the first two even a paranoid person won't call "weaknesses". The pass-phrase - th docs should give some guidelines, as to how one must choose his pass-phrase (if it's already there - apologies :-).
Let me add:
And now you're talking! (:-)
4. The random number generator used to make session keys. If this is weak, then an opponent might be able to guess them feasibly. This attack does not require breaking the underlying cryptography.
5. Weak random numbers for RSA key generation. If the numbers in the random number pool are not as random as they should be, then one might simply simulate the prime generation algorithm and compile a table of potential PGP primes.
It looks like that [former] Soviet professor found and pointed out exactly those weaknesses: poor RSA keys (making factoring about two orders of magnitude easier) and poor something else (I couldn't understand what he meant, sorry :-). Quite possible he hit session keys (as likely as not)... -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>
From cypherpunks-request Tue Jan 26 21:28:06 1993