-----BEGIN PGP SIGNED MESSAGE----- A few days ago, Victor Borisov posted here the following allegations or rumors about "weaknesses" in PGP. >He made same program (LanCrypto). That why, I hear only bad >words from he. :) You can read about this program in >cypherpunks. >From other KGB-men, I hear, that prophesor >Sidelnicov (the well known cryptoanalisist from Russia) saw, >that PGP has some weak places: > - random number is`t "good" random number. > - md5 has hole (but here man lapse into salence:( ). > - PGP for DOS don`t have any anti-overloking tools. > >BTW: LanCrypto play on last weakness: thay wrote litle >resident DOS program. This program crack PGP and than pgp >sign (and check) only part of message. LanCrypto public >this resalt in buziness newspaper and show program on the >big computer-show. I think this is rough market, but it >work well (as all, that KGB made:))!!! Since then, I have checked with other members of the PGP development team and here is a summary of what they (and I) say: The random number handling in PGP was beefed up in the 2.2 release. We don't know if there were any real weaknesses before that, but the improvements were added anyway. We suspect that if there were any problems, they are gone now. The guy who complained about it, Dr. Sidelnikov, never cooperated with requests for details on what he found wrong with PGP. In fact, he was pointedly uncooperative when contacted with questions asking him for details. If MD5 has a hole, we'd like to know about it. It would be publishable in any crypto journal. At Eurocrypt93, someone did find some slight weakness in MD5, but in realistic situations, this would not be a significant weakness. Future versions of PGP may use the SHA hash algorithm, instead of MD5. MD5 should be kept around for backwards compatibility. MD5 is still a good hash function, and the weaknesses found were not applicable to any real-world uses of it. An old version of PGP did not detect if material was appended to a signed message. This was a bug that was fixed, around version 2.2, or maybe 2.1, I'm not sure which. We're not quite sure what "anti-overlooking" tools are, but based on Boris' example, we guess it would be code added 1) to insure that the code is unmodified and 2) make analysis of the code (e.g. with debugging tools & disassemblers) difficult. Since PGP is distributed with source code, it's obviously open to analysis and modification by anyone even moderately skilled in programming. "Overlooking" attacks are easily countered by 1) making sure you have a "clean" PGP.EXE by checking it against the detached signature packed with it. 2)Running PGP with a freshly booted MSDOS from a factory diskette. This is especially true if you run into "suspicious" actions when running PGP in your normal configuration. (Like you get back a copy of something you signed which seems to have text added you don't remember). -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNeRXt4nNf3ah8DHAQE+0QP/csLY4hw6AHGTdkoZu2koETv2q/ohnVl8 yGDwR65VVeuuiSANHjSmhUbA2w7DcbOaIxamzi1PSY6OHosB1ve4d2hOHKzdMrv1 m38x0iQLPZdGuuX0mCxRqvIJ47W8xKj49CxXIB+Khrva0nn+pAmQF6+IYonPGSAE 7uRREQnIzCU= =7ogP -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca