[108139] in Cypherpunks
Re: FUD attack WAS:AUCRYPTO: New attack on PGP keys with a
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Feb 6 08:44:17 1999
Date: Fri, 05 Feb 1999 23:19:26 -0800
To: "Jean-Francois Avon" <jf_avon@citenet.net>, <aucrypto@suburbia.net>,
<cypherpunks@toad.com>
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <001a01be5131$29c92cd0$0102a8c0@lois.WORKGROUP>
Reply-To: Bill Stewart <bill.stewart@pobox.com>
At 12:58 PM 2/5/99 -0500, Jean-Francois Avon wrote:
>This message is quite funny by it's implication.
>What protects the secret RSA key is IDEA encryption (well, on 2.x.x
>versions...). If the secret key protection can get cracked, then, one can
>say that they could break the one-time IDEA key for each message.
We've always known that stealing keys is a risk, and that
MS-DOS doesn't have a lot of security protecting sensitive files.
I'm not sure how fast the best IDEA crackers are, but during the recent
RSA DES Challenge, my P2-233 was testing about 2.5M keys/sec.
This means that /usr/dict/words is toast in less that 1/10 second, and
the standard "million wimpy passwords" dictionary is toast in under a second,
and a list of a billion passwords and variations would also lose quickly.
(It also means 100K Unix passwords per second.)
Basically, if you're using anything findable in a dictionary,
or anything easily remembered in 8 characters, you've lost.
>From the cracker's standpoint, the economy of scale comes only if he
>can intercept more than one message encrypted from the same RSA secret key,
>therefore giving them access to every IDEA session keys.
RSA isn't encryption-only - it also does signatures, and PGP uses it
for signing keys with. So stealing a secret key not only lets you
read the victim's incoming email, it also lets you forge messages from them,
and gives you the more subtle and dangerous ability to sign keys as them,
which lets you create bogus but legitimate-looking signed keys
purporting to belong to friends of the victim, so you can impersonate them.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
