Further PGP Security Doubts
4) It's not too hard to build a test-suite for PGP to ensure it's implementation of IDEA is correct, and it's possible to check it's key generation/session key generation things. Of course key management isn't too big a deal either... Thus I don't think it requires too great an effort to trust ViaCrypt. And if not - buy their copy to stay legal and use the Source to be safe (:-).
I would be pleased to see some truly exhaustive efforts made to test PGP's actual security. I have been seeing yet more criticisms of PGP, this time from some character calling himself "Raymond Paquin." He claims to be a professor of mathematics who has been working at an unnamed university exclusively on cryptographics for the past twelve years. He implies that he is working for some government in a classified capacity and is thus unable to either publish or discuss the matter openly. He claims that PGP is fatally flawed, though the flaw is in niether RSA or IDEA, but rather somewhere within the PGP part of the program. Copping the "I can say no more! I have said too much already!" melodrama, no more detailed information is forthcoming. Now, this tease seems to reek of a hoax, but Zimmermann himself claimed no high degree of security for the program. To my knowledge, no serious or well-funded unclassified attempts have been made to crack PGP. I fear that we are putting our faith in snake oil, as Zimmermann puts it. I am not a mathematician, but merely a former spear-carrier in the Cold War with some fairly well-developed residual instincts about this sort of thing, including a conviction that all security measures - physical, electronic or cryptographic - can be compromised by a determined opponent with extensive resources. Once compromised, attacks thereafter may often be trivially accomplished.
participants (1)
-
an31144@anon.penet.fi