Anybody familiar with the internals of PGP care to comment on this item that just showed up on sci.crypt? It's amazing to think that the famous "kremvax" joke was only a decade ago. Now the Russians are openly reviewing our cryptosystems for us. May you live in interesting times. Phil
-> The conclusions: -> It is recommended to use encryption with 1024 bit key length. -> The using of electronic signature is not recommended and -> requires the additional study. -> The block encryption algorithm has temporary stability. -> The hashing function should be reduce in conformity with ISO -> recommendations. -> The using of PGP program in actual version is undesired. -> The MSU mathematical cryptography -> problems Laboratory Manager -> Academician -> Dr. Sidelnikov V.M. these are serious claims. What do the authors of the software have to say about them? Others? -- Edward A. Bertsch (eab@msc.edu) Minnesota Supercomputer Center, Inc. Operations/User Services 1200 Washington Avenue South (612) 626-1888 work Minneapolis, Minnesota 55415 (612) 645-0168 voice mail
From: eab@msc.edu (Edward Bertsch) Date: Sat, 9 Jan 93 7:48:46 CST these are serious claims. What do the authors of the software have to say about them? Others? "Dr. Sidelnikov" has presented some very serious claims, indeed, but has not produced one shred of evidence to back them up. Some of his claims, to wit his assertion that PGP's hashing function is breakable, he could have very simply demonstrated, without using a lot of clumsy english. (All he would have needed to do is to produce, two strings, X and Y, where X != Y and MD5(X) == MD5(Y) --- or better yet, given message digest Z which someone else picks, such as the test values in RFC-1321, produce a string X such that MD5(Z) == X. Some of his other claims, such as his complaint that PGP doesn't contain any self-checking code to protect against "killer viruses", on the surface seem to indicate a very shallow analysis of the problem. Something else to consider is that the source of his posting is somewhat suspect. The person who posted it got it from a friend, who got it from some other net where supposedly Dr. Sidelnikov posted it. At the moment, its source sounds like an awful lot of urban legend stories which many of us have heard before. An equivalent statement to his posting might be: "I heard from a friend who heard from an Eminent MIT Professor: Don't use XXX, since it uses DES which could be broken." While I might have a lot of respect for MIT and its professors, I would want to see a demonstration of this fact before I would take that kind of report very seriously. The same standards should be held to Dr. Sidelnikov. - Ted P.S. Note that I am not completely ruling out Dr. Sidelnikov's claims; but we should keep in mind that up to this point, we have not one shred of evidence that he is (a) who he claims to be, or (b) his statements are true. I would expect that most academics, when publishing something of this magnitude, would include some sort of evidence to back their claims up. P.P.S. Also note that if his claim about MD5 is true, then we are in a lot more trouble than just PGP being insecure. There are an awful lot of other protocols that use MD5, including Privacy Enhanced Email (PEM).
participants (3)
-
eab@msc.edu -
karn@qualcomm.com -
tytso@ATHENA.MIT.EDU