Whoever "Raymond Paquin" is, he's no spook. Spooks just don't do things like that - tell a little bit, then clam up. They are trained by instinct never to leak.
I got a sad little chuckle out of that one. Leaving aside the paradoxical "trained by instinct" line, I can assure you that your claim here is simply naive. Perhaps you watch too much TV. For every Ivy League CIA careerist station chief with a vested interest and thorough indoctrination, there are several thousand nobodies who more or less blundered into the racket in minor capacities. These are underpaid, ignored, fucked-with, jacked around, abused, denied, manipulated, lied to, insulted, cut loose, yanked back and otherwise generally driven nuts until they quit, at which time they discover they are too burned out to do anything in the real world - say, hold down some shitty job ("There seems to be a rather large hole in your resume, Mr. Smith...") or maintain personal relationships. What these people will or won't do is beyond reliable conjecture. Did you guess I speak from personal experience and observation? What Paquin is or isn't, I can't say. I haven't believed or trusted anyone since late 1970 or so anyway, but I would not be surprised if Paquin actually was doing pretty much what he said, namely working at some university doing crypto math on some government grant with big strings. This is completely plausible.
If there is any flaw in PGP, there are only a few places where it could be. The basic mechanics of the program (RSA, IDEA, etc) obviously work...
If you mean that they are NSA-proof, or that only brute force attacks would affect decryption, I would suggest that we know no such thing, and it is extremely unlikely that we ever will. The NSA has _astounding_ resources, unequalled by anything in the private sector, dedicated to no other purpose than compromising world-class cyphers. Their successes are not public knowledge, to say the least. No one here should blithely dismiss claims of PGP weaknesses when the opposition has literally billions of dollars earmarked to find such flaws. It bears noting that the concealment of major successes in decryption are every bit as important as the decryption itself, a fact often overlooked. I would like to see "Paquin's" case against PGP as well as a competent analysis of his claims. Unfortunately, I cannot produce either.
A subtle flaw would have to be somewhere like: prime number generation, random RSA key generation, or random session key generation. If the primes weren't actually prime, that would make the RSA keys breakable. But you could take the primes (pgp -kg -l and you will see them in hex) and feed them into a primality tester to verify that.
I have seen numerous conjectures about PGP primes, but am not competent to judge them.
The most likely place for a bug would be in the randomness.
This has been another subject of discussion, though I know of no firm conclusions being reached.
If you mean that they are NSA-proof, or that only brute force attacks would affect decryption, I would suggest that we know no such thing, and it is extremely unlikely that we ever will. The NSA has _astounding_ resources, unequalled by anything in the private sector, dedicated to no other purpose than compromising world-class cyphers. Their successes are not public knowledge, to say the least. No one here should blithely dismiss claims of PGP weaknesses when the opposition has literally billions of dollars earmarked to find such flaws.
It bears noting that the concealment of major successes in decryption are every bit as important as the decryption itself, a fact often overlooked.
I would like to see "Paquin's" case against PGP as well as a competent analysis of his claims. Unfortunately, I cannot produce either.
I'm rather surprised that the most significant piece of evidence in favor of the "NSA has cracked PGP" theory is that no one's put a bullet through Phil Zimmerman's head. Not to be macabre or anything, but if PGP was a real threat, don't you think that the NSA would act rather quickly to suppress it if they couldn't read stuff encrypted with it? And if you think that they don't monitor stuff coming in and going out via ftp to various parts of the world, I think you're being naive. If you think that they wouldn't act quickly, with violence if need be, to protect "national security", you're being even more naive. The umbrella of "national security" can (and has) encompass a wide variety of sins, excesses, oversights, etc. Hell, the NSA probably enjoys every time someone writes about how "stupid" the NSA really is - after all, it might convince someone to let down their guard. I think that, personally, the public-key stuff's gotta have some sort of a hole in it that nobody's thought of yet outside of spook central. -- Ed Carp, N7EKG erc@apple.com 510/659-9560 anon-0001@khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"
participants (2)
-
an31144@anon.penet.fi -
khijol!erc@apple.com