[ILUG] Echelon exists..so says EU report

John McCormac jmcc at hackwatch.com
Sat Sep 15 02:27:42 IST 2001 

kevin lyda wrote:
> 
> On Sat, Sep 15, 2001 at 02:51:01AM +0100, John McCormac wrote:
> > difficult to factor large numbers. If someone was to develop a faster
> > factoring algorithm then RSA encryption could be vulnerable. Even with
> > PGP, as far as I remember, the core encryption algorithm (that used to
> > encrypt the data) is not RSA. RSA is used for the keyhandling. In some
> > cases, who the encrypted e-mail is going to can be far more revealing
> > than the contents.
> 
> that's not due to a weakness in rsa, but because public key encryption
> is compute intensive.  and for pgp it allows for a size efficient way to
> send multi-recipient email (which i always do - the recipient and myself).
> you encrypt a key that is relatively small with one (or more) public keys
> and then use that key to encrypt loads of data.  this is true for pgp,
> ssh and ssl.  and if rsa is weak, then you can find the key and then
> the message is broken.

The problem is that some people seem to think of PGP as a holy grail -
an unbreakable system. I remember the work being done in the mid
eighties on breaking DES because it was part of VideoCipher. DES was not
broken but the technology was compromised. Sky VideoCrypt had claims of
Fiat-Shamir Zero Knowledge Proof algorithms being used to protect the
system and yet its core algorithm was not secure (the ZKT did not work
because they botched the program in the microcontrollers). PGP is
essentially a crypto sandwich - the key handling uses RSA but the core
algorithm is where the break could possibly occur. (Given that the NSA
computational resources are greater than the average desktop operation
and they have a lot of good mathematicians.) 
 
> this, btw, is why the public key crypto that sarah something-or-other
> (? the caley-purser algorithm thingy) was hyped.  it was faster.
> sadly it also had flaws.

It sounded good but a lot of cryppies seemed to be wondering whether it
was snakeoil. What was impressive was that she analysed the algorithm
for flaws, pointing out potential ones.


Regards...jmcc
-- 
********************************************
John McCormac            * Hack Watch News
jmcc at hackwatch.com       * 22 Viewmount, 
Voice:   +353-51-873640  * Waterford,
BBS&Fax: +353-51-850143  * Ireland
http://www.hackwatch.com/~kooltek
********************************************

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+
ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz
TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX
tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3
YXRjaC5jb20=
=sTfy
-----END PGP PUBLIC KEY BLOCK-----

More information about the ILUG mailing list