Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.security.pgp.discuss > #192 > unrolled thread
| Started by | Ramon F Herrera <ramon@conexus.net> |
|---|---|
| First post | 2013-09-10 12:22 -0500 |
| Last post | 2013-09-11 15:38 +0000 |
| Articles | 7 — 6 participants |
Back to article view | Back to comp.security.pgp.discuss
Does the NSA cracking include PGP? Ramon F Herrera <ramon@conexus.net> - 2013-09-10 12:22 -0500
Re: Does the NSA cracking include PGP? unruh <unruh@invalid.ca> - 2013-09-10 18:21 +0000
Re: Does the NSA cracking include PGP? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-09-11 03:18 -0400
Re: Does the NSA cracking include PGP? Juergen Nieveler <juergen.nieveler.nospam@arcor.de> - 2013-09-15 14:37 +0000
Re: Does the NSA cracking include PGP? Nomen Nescio <nobody@dizum.com> - 2013-09-11 15:52 +0200
Re: Does the NSA cracking include PGP? Collin <collin@sibilance.org> - 2013-09-11 10:30 -0400
Re: Does the NSA cracking include PGP? unruh <unruh@invalid.ca> - 2013-09-11 15:38 +0000
| From | Ramon F Herrera <ramon@conexus.net> |
|---|---|
| Date | 2013-09-10 12:22 -0500 |
| Subject | Does the NSA cracking include PGP? |
| Message-ID | <PzIXt.35312$Fo7.27573@fx19.iad> |
I have seen several articles about the NSA+British intel "news". They mention all the relevant protocols but PGP is conspicuously absent. http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539 Is it perhaps because PGP is based on one of the others? TIA, -Ramon
[toc] | [next] | [standalone]
| From | unruh <unruh@invalid.ca> |
|---|---|
| Date | 2013-09-10 18:21 +0000 |
| Message-ID | <tqJXt.35317$Fo7.15058@fx19.iad> |
| In reply to | #192 |
On 2013-09-10, Ramon F Herrera <ramon@conexus.net> wrote: > > I have seen several articles about the NSA+British intel "news". They > mention all the relevant protocols but PGP is conspicuously absent. > > http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539 > > Is it perhaps because PGP is based on one of the others? PGP is based on RSA and AES. But the suggestion (NSA is NOT going to confirm what they can do) is that the problem is not the encryption, but the "side channels"-- eg persuading the manufacturers to put in back doors, finding bugs in the implimentation, etc. Thus you want to look carefully at your PGP source code, and make sure you compile it from source rather than relying on someone else doing it for you. > > TIA, > > -Ramon >
[toc] | [prev] | [next] | [standalone]
| From | "David W. Hodgins" <dwhodgins@nomail.afraid.org> |
|---|---|
| Date | 2013-09-11 03:18 -0400 |
| Message-ID | <op.w28jwcv7a3w0dxdave@hodgins.homeip.net> |
| In reply to | #192 |
On Tue, 10 Sep 2013 13:22:55 -0400, Ramon F Herrera <ramon@conexus.net> wrote: > > I have seen several articles about the NSA+British intel "news". They > mention all the relevant protocols but PGP is conspicuously absent. > http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539 > Is it perhaps because PGP is based on one of the others? Because of the history, I am willing to trust pgp/gpg. Anything I consider important, is encrypted using one of the two before sending it over the internet. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
[toc] | [prev] | [next] | [standalone]
| From | Juergen Nieveler <juergen.nieveler.nospam@arcor.de> |
|---|---|
| Date | 2013-09-15 14:37 +0000 |
| Message-ID | <XnsA23CA8A6BAA41juergennieveler@nieveler.org> |
| In reply to | #194 |
"David W. Hodgins" <dwhodgins@nomail.afraid.org> wrote:
> Because of the history, I am willing to trust pgp/gpg.
Well... Snowden used PGP (the protocol, not necessarily the software -
I'd bet he used GPG) to leak data to the Guardian... so the NSA either
cannot crack it (or not fast enough), or the NSA chose not to reveal
that it could do so and accepted the leak ("Coventry dilemma").
Given the results of the leak, my best guess is that they at least have
no automated/realtime way to crack PGP directly.
--
Juergen Nieveler
[toc] | [prev] | [next] | [standalone]
| From | Nomen Nescio <nobody@dizum.com> |
|---|---|
| Date | 2013-09-11 15:52 +0200 |
| Message-ID | <38a108077f6a06e4509b541d44f0858d@dizum.com> |
| In reply to | #192 |
On 9/10/2013 11:22 AM, Ramon F Herrera wrote: > > I have seen several articles about the NSA+British intel "news". They > mention all the relevant protocols but PGP is conspicuously absent. > > http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539 > > > Is it perhaps because PGP is based on one of the others? > > TIA, > > -Ramon > pgp dose have a a problem for security it is based on LARGE prim numbers all one would have to do is build a list of all primes that could fit in the list (Brute force) then keep that list and do a dictionary attack on the file encrypted. With public key they have one half of the problem with a know test file it could run the dictionary attack on the out put file. This would take about 2-3hours after you build the dictionary. I suspect they have that done already back in 2000 when it was no longer kept from Export. but it still works for most corporations. One fix for this would be use a number base that is non standard ie one slot can be 0 - 38424345 (that would be A Random number) What that would do is change the prim numbers for all number bases have different prime numbers.
[toc] | [prev] | [next] | [standalone]
| From | Collin <collin@sibilance.org> |
|---|---|
| Date | 2013-09-11 10:30 -0400 |
| Message-ID | <l0pupd$mib$1@dont-email.me> |
| In reply to | #195 |
On 09/11/2013 09:52 AM, Nomen Nescio wrote: > On 9/10/2013 11:22 AM, Ramon F Herrera wrote: >> >> I have seen several articles about the NSA+British intel "news". They >> mention all the relevant protocols but PGP is conspicuously absent. >> >> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539 >> >> >> Is it perhaps because PGP is based on one of the others? >> >> TIA, >> >> -Ramon >> > pgp dose have a a problem for security > > it is based on LARGE prim numbers all one would have to do is build a > list of all primes that could fit in the list (Brute force) then keep > that list and do a dictionary attack on the file encrypted. With public > key they have one half of the problem with a know test file it could run > the dictionary attack on the out put file. This would take about > 2-3hours after you build the dictionary. > > I suspect they have that done already back in 2000 when it was no longer > kept from Export. > > but it still works for most corporations. > > One fix for this would be use a number base that is non standard ie one > slot can be 0 - 38424345 (that would be A Random number) What that would > do is change the prim numbers for all number bases have different prime > numbers. > Literally none of this is true, except that PGP uses RSA, which involves large prime numbers. A brute force attack by listing prime numbers is nowhere near the most efficient attack against RSA, and would take an unimaginably long time to perform. -- 17s2p7eIhnUIiAWFnm5Wwj34ywefxtYcP5eBuYBl05B/FDMu3GNFVxi8sh4Z 7AyvzES2Qxo1qofLIxjyE7lNpvrX0aR7vLq5/VE4V65p/eO4Uef58T7/HNZV P+KzjVPTsbJuOShguELet42BT17wGYqCedSNHlfg2/SH4SHqlIQOF9Qk9BmE it5vKqBJyrIRXbCOYD5QC8HFllNnWtuWZPBP4a268Of8em7D/HHtj5RLnY+C SS2xfeSp+DuTKI7wX495USwZRxn+SBnMdplk4n+4sqaYSxQlskdxVfczSU9e 2YlbEEdmN1chpzSBgmMoi8N0UNnd/cYnvuN/UmquYg==
[toc] | [prev] | [next] | [standalone]
| From | unruh <unruh@invalid.ca> |
|---|---|
| Date | 2013-09-11 15:38 +0000 |
| Message-ID | <g80Yt.22527$Nm5.6428@fx11.iad> |
| In reply to | #195 |
["Followup-To:" header set to sci.crypt.] On 2013-09-11, Nomen Nescio <nobody@dizum.com> wrote: > On 9/10/2013 11:22 AM, Ramon F Herrera wrote: >> >> I have seen several articles about the NSA+British intel "news". They >> mention all the relevant protocols but PGP is conspicuously absent. >> >> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539 >> >> >> Is it perhaps because PGP is based on one of the others? >> >> TIA, >> >> -Ramon >> > pgp dose have a a problem for security > > it is based on LARGE prim numbers all one would have to do is build a > list of all primes that could fit in the list (Brute force) then keep > that list and do a dictionary attack on the file encrypted. With public > key they have one half of the problem with a know test file it could run > the dictionary attack on the out put file. This would take about > 2-3hours after you build the dictionary. Yes. That is all you would have to do. Of course no mention that the memory required would be more than all the atoms in the visible universe, or that the search time of the database would be astronomical. > > I suspect they have that done already back in 2000 when it was no longer > kept from Export. Nah. NSA had by then perfected its mind reading protocol. No connections required of either your memory or of the computer's (they can read both). Make sure you wear a tin foil hat whenever you come out of your underground bunker. And put one on your laptop as well. > > but it still works for most corporations. > > One fix for this would be use a number base that is non standard ie one > slot can be 0 - 38424345 (that would be A Random number) What that would > do is change the prim numbers for all number bases have different prime > numbers. Ohh yes, the number base is really important. After all a number which is prime in one numberbase may not be in another. So all you have to do is find the right base. > (And for those who might have trouble with the above. :-)
[toc] | [prev] | [standalone]
Back to top | Article view | comp.security.pgp.discuss
csiph-web