[4931] in bugtraq
Re: Minor PGP vulnerability
daemon@ATHENA.MIT.EDU (Lucky Green)
Thu Jul 17 04:55:43 1997
Date: Wed, 16 Jul 1997 21:00:24 -0700
Reply-To: Lucky Green <shamrock@NETCOM.COM>
From: Lucky Green <shamrock@NETCOM.COM>
X-To: weidner@IFI.UNIZH.CH
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19970715230248.05951@ifi.unizh.ch>
At 11:02 PM 7/15/97 +0200, Harald Weidner wrote:
>As you might know, PGP uses a 32-Bit number, called key-ID, as
>an internal index for storing and recognizing keys. Although
>the key-ID's are quite randomly distributed within 31 of the
>32 bits (the key-ID is always odd), the scheme how this key id
>is derived from the (public) key is not cryptographically secure.
This is one more reason why the users of PGP should quickly move to the new
DSA/ElGamal keys used in PGP 5.0. An global effort is underway to scan and
proofread the printed source of PGP 5.0 after it was exported legally by a
subscriber of this list. Currently, 81% of the platform independent source
has been proofread. You can follow the progress at http://www.ifi.uio.no/pgp/
--Lucky Green <shamrock@netcom.com>
PGP encrypted mail preferred.
DES is dead! Please join in breaking RC5-56.
http://rc5.distributed.net/
