[109012] in Cypherpunks
(newbie indulgance) Re: Is PGP crackable
daemon@ATHENA.MIT.EDU (Anonymous)
Mon Mar 8 21:57:22 1999
Date: Tue, 9 Mar 1999 00:32:19 +0100 (CET)
From: Anonymous <nobody@replay.com>
To: cypherpunks@toad.com
Reply-To: Anonymous <nobody@replay.com>
At 01:04 PM 3/8/99 -0000, Edwards, Benjamin (IQ 95) wrote:
>I am writing an article about PGP and have one simple question. Can PGP
>keys be cracked.
Zeroth: you should know better than to do research by asking a list.
We have things my people call "search engines" to find info.
Ask your teacher to show you how during recess.
First: PGP uses variable-length public keys to asymetrically encrypt
a new 128-bit (typ.) symmetric cipher ("session") key. The PK-encrypted
128 bit session key is sent with the message encrypted under it. This
'hybrid' scheme
is more efficient since PK is expensive.
Second: All ciphers can be broken by exhaustive search. But it may
take much more time and other resources than you (or anyone could) have.
Third: Ciphers with 'analytic' cracks, or mathematical shortcuts,
can be deciphered in less than the expected time for exhaustive search.
Mathematicians are the caste who does this. Goverment mathematicians
don't publish.
Someone I worked for used to (allegedly) work for the US
>army. He (allegedly) says the army got comms equipment 6 years before it
>was commercially available.
It has become known that a member of UK intelligence came up with a PK
scheme before Diffie and Hellman published theirs. The PK stuff was used
for nuclear weapons' permissive-action-links, mechanisms
to control the nukes we lent to our untrustworthy NATO allies, which
may be what your friend alluded to.
>If this was the case with computer hardware I
>guess the question would be 'Would it be possible to crack a 4k key if we
>had the computer equipment that would be available in 6 years from now?'
A 4 kilobit public key will take a very long time to factor, and you'll
be safe from any earthly adversary. Unless
you know a clever way to factor large integers, in which case, you're
a rich and/or dead man.
In practice, given a very tall wall, you go under it or around it.
Much easier to point a satellite, park a van, wiretap, subvert an
employee, or threaten your family (in order of increasing obviousness
to the target) than to decrypt.
