Hipped on PGP

Robert Hettinga rah at shipwright.com
Sat Aug 9 08:32:55 PDT 1997

--- begin forwarded text

Date: 9 Aug 1997 02:13:36 -0000
From: iang at systemics.com
To: e$@thumper.vmeng.com
Subject: Hipped on PGP
Sender: <e$@vmeng.com>
Precedence: Bulk
List-Software: LetterRip 2.0 by Fog City Software, Inc.
List-Unsubscribe: <mailto:requests at vmeng.com?subject=unsubscribe%20e$>
List-Subscribe: <mailto:requests at vmeng.com?subject=subscribe%20e$>

HIP finishes late in the day.  It's 0100 - that's one in the morning
for the temporally challenged - and the smart card workshop has just
broken up.

Actually it was the second pass.  The first pass was 'sold out' at 150
people, this second started at 2300 this evening.  Again, 150 people
turned up and sat through presentations of hardware and data formats
and attacks on the financially finest plastic in Europe.

I have no snippets or revelations, I am not one of the dedicated.  Mondex
remains un-hacked, ChipKnip is secure.  Frankly I'm not interested, I find
the world of smart cards deadly boring.  Perhaps it is the hardware, or
maybe because attacks on smart cards have little chance of realising any
gain or meltdown.

I can on the other hand report that Saturn is safe tonight, as our in-HIP
astrodome is busilly monitoring progress.  What better way to wind down
than to head up to north campground and check out the latest telescopic
tracking software.  Speaking of celestial control, the weather is perfect.
That's by California standards, not European.

Dave del Torto was lucky to be joining us for his talk on PGP user security.
After buzzing the bells of the trainee bag scanner with 15kg of portables
and random cables, he was incarcerated in an investigative cell for a couple
of hours.  Many hours after seeing his flight head east, a state department
goon turns up.

"When are you coming back?" asks the goon, knowing full well the
day.  Dave says "the 16th" blithely unaware that his passport expires on the
day before.  Goon leaves, returns, hands over passport.   Only problem was,
passport was cancelled...  No explanation.  No advice, no help.

How Dave wings it over to HIP and saves the free world has to wait until,
well, another's email.  What disturbs is the gradual, unstoppable closing
of borders in our erstwhile free western neigbour.  Just like the American
predomination, or should I say, embarrasment of topic on the never-ending
crypto saga.

If freedom is to contract a cancer, a malignant tumour, then Dave's talk
on PGP user security is as a promise of the miracle cure, and not the
State Department chemotheropy that cures the disease by killing the patient.

Dave was followed by a presentation by Gary Howland on weaknesses in PGP.
These theoretical problems leave one with niggling doubts as to the accepted
reputation, our holy gail of privacy and security.  There is no need for
panic - many of the attacks are both highly specific, have been recognised
for some time, and have been explicitly fixed in the latest release, PGP 5.0.

But there is pause for thought.  Howland and myself and many other have
built financial cryptographic systems that relied on the mantra of PGP
impregnability.  The attacks he described work best in programmed systems
like ours and those of our more respectable competitors.

For example, imagine building a system that authorised counterparties on
the strength of the PGP id or the fingerprint.

Now we discover that Mallory can make a new key with the same fingerprint.
Whilst not wishing to state that this is the end of the world, clearly we
have to re-evaluate the entire architecture that was built up upon PGP.
We believed in the PGP reputation as much as others, and these attacks
are a timely reminder of the need for eternal hacker vigilance.

These flaws are significant but addressable: PGP 5.0 has fixes for all but
one of the flaws mentioned.  And for the record, whilst Gary's attack to
change conventionally encrypted files without detection was unknown to the
PGP team at the moment, we can be sure that it will be addressed.

Other exciting developments were the van Eyk demonstration by Prof.
Euller.  Not one, not two, but three methods to detect and display
PC monitor signals on a slaved monitor, from distances into the several
hundreds of metres.  There is now little doubt that standard computers
are the FBIs best friend.  What need key escrow?

Signing off and Hipped out.  iang at somwhere.in.the.middle.of.nowhere

--- end forwarded text

Robert Hettinga (rah at shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/

More information about the cypherpunks-legacy mailing list