Re: Pretty Good Piracy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/5/97 6:37 PM, Anonymous (nobody@REPLAY.COM) passed this wisdom:
Ryan Anderson wrote:
Okay - the only difference between this and a normal version of PGP is that it always encrypts to a certain key-id, in addition to all others.
That's the only weakness you'll see in it.
It's the only weakness that's needed to compromise all the keys.
It seems to me that it should not necessarily compromise all keys, though it does in effect provide for a goodly number of 'known plaintext' objects. Could some of our hardcore crypto experts comment on IDEA's susceptability to known plaintext which then provides 'plaintext' to the DH/DSS or RSA keys and what is their susceptability to 'known plaintext' It occured to me while proofreading the above that in effect a digitally signed cleartext document provides 'known plaintext' every time its used, since the SHA-1/MD-5 can be computed the hash is a 'known plaintext' on the DH/DSS and RSA keys ... is this one of the reasons for the two key types in PGP5 ??? -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNDgmJcdZgC62U/gIEQIvgwCg/kybc9ons3ji3cbi9jtSnQ3kptkAn3IC 90pwzjjpt2qqhpjn8VRlrOGR =IIkE -----END PGP SIGNATURE----- Brian B. Riley --> http://www.macconnect.com/~brianbr For PGP Keys <mailto:brianbr@together.net?subject=Get%20PGP%20Key> "Never ask what sort of computer a guy drives. If he's a Mac user, he'll tell you. If not, why embarrass him?" - Tom Clancy
On Sun, 5 Oct 97 19:51:06 -0400 "Brian B. Riley" <brianbr@together.net> wrote regarding "Re: Pretty Good Piracy": <snip> : It occured to me while proofreading the above that in effect a :digitally signed cleartext document provides 'known plaintext' every :time its used, since the SHA-1/MD-5 can be computed the hash is a :'known plaintext' on the DH/DSS and RSA keys ... is this one of the :reasons for the two key types in PGP5 ??? <snip> The reason for having two key types for PGP5 is that DH is only capable of key distribution, not signing. and DSS is only capable of signing. Hence, you require one key to sign, and one to distribute the session key. ;____________________________________________________________________ ; ; aldius@mindless.com ;____________________________________________________________________ ;
Aldius <aldius@mindless.com> writes:
The reason for having two key types for PGP5 is that DH is only capable of key distribution, not signing.
DH is an interactive key negotiation protocol. El Gamal is the key exchange algorithm used in PGP5. For some reason PGP Inc insists on calling El Gamal "DH". El Gamal is a variant of DH; so it is related. But El Gamal is not DH, and it is bad terminology to call it DH. The only reason I can think that they insist on calling El Gamal "DH" at every opportunity is that they perhaps think that the name DH (Diffie-Hellman) is more widely known, and want to give people warm fuzzies "oh I've heard of that algorithm".
and DSS is only capable of signing. Hence, you require one key to sign, and one to distribute the session key.
right. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (3)
-
Adam Back -
Aldius -
Brian B. Riley