Re: (fwd) ViaCrypt PGP ships today
For some reason it occured to me that were CiaCrypt (oops, slip... sorry) to want to provide an unsecure product to the general cryptography public, the best way to do it would be to attack the security of the secret key password. To me, the fact that Phil Z. has vouched for the program is enough for the moment. If the key password were attacked, output would not be affected. I'm sure this is no revelation to most of you. As for the rest, See how smart I am? :) -uni- (Dark)
For some reason it occured to me that were CiaCrypt (oops, slip... sorry) to want to provide an unsecure product to the general cryptography public, the best way to do it would be to attack the security of the secret key password. To me, the fact that Phil Z. has vouched for the program is enough for the moment. If the key password were attacked, output would not be affected.
I don't see how this would be of much help tho. Putting a weakness in the secret key password wouldn't help them much since they don't have your secret key. Furthermore, they couldn't easily change it without making it incompatible with previous keys. If I wanted to subtly weaken PGP, I'd do it by weakening the randomness of the IDEA cipher key, making it significantly easier to guess, by choosing a "random" key based on something known, such as the legnth of the message or the date it was encrypted, which would provide seemingly random encryption, but actually make it easy to break if you knew the pattern. I'm not saying that anyone did that, but that's where I would start if I wanted to sabotage it...
participants (2)
-
Dark -
Matthew J Ghio