weak point of PGP implementation
uri at watson.ibm.com
uri at watson.ibm.com
Tue Jan 26 20:39:33 PST 1993
Eric Hughes says:
> Matt mentions three potential weaknesses in PGP: RSA key length, the
> IDEA cypher, the pass phrase.
Probably the first two even a paranoid person won't call "weaknesses".
The pass-phrase - th docs should give some guidelines, as to how one
must choose his pass-phrase (if it's already there - apologies :-).
> Let me add:
And now you're talking! (:-)
> 4. The random number generator used to make session keys. If this is
> weak, then an opponent might be able to guess them feasibly. This attack
> does not require breaking the underlying cryptography.
>
> 5. Weak random numbers for RSA key generation. If the numbers in the
> random number pool are not as random as they should be, then one might
> simply simulate the prime generation algorithm and compile a table of
> potential PGP primes.
It looks like that [former] Soviet professor found and pointed out
exactly those weaknesses: poor RSA keys (making factoring about two
orders of magnitude easier) and poor something else (I couldn't
understand what he meant, sorry :-). Quite possible he hit
session keys (as likely as not)...
--
Regards,
Uri uri at watson.ibm.com scifi!angmar!uri N2RIU
-----------
<Disclamer>
>From cypherpunks-request Tue Jan 26 21:28:06 1993
More information about the cypherpunks-legacy
mailing list