Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.security.pgp.discuss > #192 > unrolled thread

Does the NSA cracking include PGP?

Started byRamon F Herrera <ramon@conexus.net>
First post2013-09-10 12:22 -0500
Last post2013-09-11 15:38 +0000
Articles 7 — 6 participants

Back to article view | Back to comp.security.pgp.discuss


Contents

  Does the NSA cracking include PGP? Ramon F Herrera <ramon@conexus.net> - 2013-09-10 12:22 -0500
    Re: Does the NSA cracking include PGP? unruh <unruh@invalid.ca> - 2013-09-10 18:21 +0000
    Re: Does the NSA cracking include PGP? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-09-11 03:18 -0400
      Re: Does the NSA cracking include PGP? Juergen Nieveler <juergen.nieveler.nospam@arcor.de> - 2013-09-15 14:37 +0000
    Re: Does the NSA cracking include PGP? Nomen Nescio <nobody@dizum.com> - 2013-09-11 15:52 +0200
      Re: Does the NSA cracking include PGP? Collin <collin@sibilance.org> - 2013-09-11 10:30 -0400
      Re: Does the NSA cracking include PGP? unruh <unruh@invalid.ca> - 2013-09-11 15:38 +0000

#192 — Does the NSA cracking include PGP?

FromRamon F Herrera <ramon@conexus.net>
Date2013-09-10 12:22 -0500
SubjectDoes the NSA cracking include PGP?
Message-ID<PzIXt.35312$Fo7.27573@fx19.iad>
I have seen several articles about the NSA+British intel "news". They 
mention all the relevant protocols but PGP is conspicuously absent.

http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539

Is it perhaps because PGP is based on one of the others?

TIA,

-Ramon

[toc] | [next] | [standalone]


#193

Fromunruh <unruh@invalid.ca>
Date2013-09-10 18:21 +0000
Message-ID<tqJXt.35317$Fo7.15058@fx19.iad>
In reply to#192
On 2013-09-10, Ramon F Herrera <ramon@conexus.net> wrote:
>
> I have seen several articles about the NSA+British intel "news". They 
> mention all the relevant protocols but PGP is conspicuously absent.
>
> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539
>
> Is it perhaps because PGP is based on one of the others?

PGP is based on RSA and AES. 
But the suggestion (NSA is NOT going to confirm what they can do) is
that the problem is not the encryption, but the "side channels"-- eg
persuading the manufacturers to put in back doors, finding bugs in the
implimentation, etc. 
Thus you want to look carefully at your PGP source code, and make sure
you compile it from source rather than relying on someone else doing it
for you. 


>
> TIA,
>
> -Ramon
>

[toc] | [prev] | [next] | [standalone]


#194

From"David W. Hodgins" <dwhodgins@nomail.afraid.org>
Date2013-09-11 03:18 -0400
Message-ID<op.w28jwcv7a3w0dxdave@hodgins.homeip.net>
In reply to#192
On Tue, 10 Sep 2013 13:22:55 -0400, Ramon F Herrera <ramon@conexus.net> wrote:

>
> I have seen several articles about the NSA+British intel "news". They
> mention all the relevant protocols but PGP is conspicuously absent.
> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539
> Is it perhaps because PGP is based on one of the others?

Because of the history, I am willing to trust pgp/gpg.

Anything I consider important, is encrypted using one of the two
before sending it over the internet.

Regards, Dave Hodgins

-- 
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[toc] | [prev] | [next] | [standalone]


#198

FromJuergen Nieveler <juergen.nieveler.nospam@arcor.de>
Date2013-09-15 14:37 +0000
Message-ID<XnsA23CA8A6BAA41juergennieveler@nieveler.org>
In reply to#194
"David W. Hodgins" <dwhodgins@nomail.afraid.org> wrote:

> Because of the history, I am willing to trust pgp/gpg.

Well... Snowden used PGP (the protocol, not necessarily the software - 
I'd bet he used GPG) to leak data to the Guardian... so the NSA either 
cannot crack it (or not fast enough), or the NSA chose not to reveal 
that it could do so and accepted the leak ("Coventry dilemma").

Given the results of the leak, my best guess is that they at least have 
no automated/realtime way to crack PGP directly.

-- 
Juergen Nieveler

[toc] | [prev] | [next] | [standalone]


#195

FromNomen Nescio <nobody@dizum.com>
Date2013-09-11 15:52 +0200
Message-ID<38a108077f6a06e4509b541d44f0858d@dizum.com>
In reply to#192
On 9/10/2013 11:22 AM, Ramon F Herrera wrote:
> 
> I have seen several articles about the NSA+British intel "news". They
> mention all the relevant protocols but PGP is conspicuously absent.
> 
> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539
> 
> 
> Is it perhaps because PGP is based on one of the others?
> 
> TIA,
> 
> -Ramon
> 
pgp dose have a a problem for security

it is based on LARGE prim numbers all one would have to do is build a
list of all primes that could fit in the list (Brute force) then keep
that list and do a dictionary attack on the file encrypted.  With public
key they have one half of the problem with a know test file it could run
the dictionary attack on the out put file.  This would take about
2-3hours after you build the dictionary.

I suspect they have that done already back in 2000 when it was no longer
kept from Export.

but it still works for most corporations.

One fix for this would be use a number base that is non standard ie one
slot can be 0 - 38424345 (that would be A Random number) What that would
do is change the prim numbers for all number bases have different prime
numbers.

[toc] | [prev] | [next] | [standalone]


#196

FromCollin <collin@sibilance.org>
Date2013-09-11 10:30 -0400
Message-ID<l0pupd$mib$1@dont-email.me>
In reply to#195
On 09/11/2013 09:52 AM, Nomen Nescio wrote:
> On 9/10/2013 11:22 AM, Ramon F Herrera wrote:
>>
>> I have seen several articles about the NSA+British intel "news". They
>> mention all the relevant protocols but PGP is conspicuously absent.
>>
>> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539
>>
>>
>> Is it perhaps because PGP is based on one of the others?
>>
>> TIA,
>>
>> -Ramon
>>
> pgp dose have a a problem for security
>
> it is based on LARGE prim numbers all one would have to do is build a
> list of all primes that could fit in the list (Brute force) then keep
> that list and do a dictionary attack on the file encrypted.  With public
> key they have one half of the problem with a know test file it could run
> the dictionary attack on the out put file.  This would take about
> 2-3hours after you build the dictionary.
>
> I suspect they have that done already back in 2000 when it was no longer
> kept from Export.
>
> but it still works for most corporations.
>
> One fix for this would be use a number base that is non standard ie one
> slot can be 0 - 38424345 (that would be A Random number) What that would
> do is change the prim numbers for all number bases have different prime
> numbers.
>

Literally none of this is true, except that PGP uses RSA, which involves 
large prime numbers. A brute force attack by listing prime numbers is 
nowhere near the most efficient attack against RSA, and would take an 
unimaginably long time to perform.

-- 
17s2p7eIhnUIiAWFnm5Wwj34ywefxtYcP5eBuYBl05B/FDMu3GNFVxi8sh4Z
7AyvzES2Qxo1qofLIxjyE7lNpvrX0aR7vLq5/VE4V65p/eO4Uef58T7/HNZV
P+KzjVPTsbJuOShguELet42BT17wGYqCedSNHlfg2/SH4SHqlIQOF9Qk9BmE
it5vKqBJyrIRXbCOYD5QC8HFllNnWtuWZPBP4a268Of8em7D/HHtj5RLnY+C
SS2xfeSp+DuTKI7wX495USwZRxn+SBnMdplk4n+4sqaYSxQlskdxVfczSU9e
2YlbEEdmN1chpzSBgmMoi8N0UNnd/cYnvuN/UmquYg==

[toc] | [prev] | [next] | [standalone]


#197

Fromunruh <unruh@invalid.ca>
Date2013-09-11 15:38 +0000
Message-ID<g80Yt.22527$Nm5.6428@fx11.iad>
In reply to#195
["Followup-To:" header set to sci.crypt.]
On 2013-09-11, Nomen Nescio <nobody@dizum.com> wrote:
> On 9/10/2013 11:22 AM, Ramon F Herrera wrote:
>> 
>> I have seen several articles about the NSA+British intel "news". They
>> mention all the relevant protocols but PGP is conspicuously absent.
>> 
>> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539
>> 
>> 
>> Is it perhaps because PGP is based on one of the others?
>> 
>> TIA,
>> 
>> -Ramon
>> 
> pgp dose have a a problem for security
>
> it is based on LARGE prim numbers all one would have to do is build a
> list of all primes that could fit in the list (Brute force) then keep
> that list and do a dictionary attack on the file encrypted.  With public
> key they have one half of the problem with a know test file it could run
> the dictionary attack on the out put file.  This would take about
> 2-3hours after you build the dictionary.

Yes. That is all you would have to do. Of course no mention that the
memory required would be more than all the atoms in the visible
universe, or that the search time of the database would be astronomical.

>
> I suspect they have that done already back in 2000 when it was no longer
> kept from Export.

Nah. NSA had by then perfected its mind reading protocol. No connections
required of either your memory or of the computer's (they can read both).
 Make sure you wear
a tin foil hat whenever you come out of your underground bunker.
And put one on your laptop as well. 


>
> but it still works for most corporations.
>
> One fix for this would be use a number base that is non standard ie one
> slot can be 0 - 38424345 (that would be A Random number) What that would
> do is change the prim numbers for all number bases have different prime
> numbers.

Ohh yes, the number base is really important. After all a number which
is prime in one numberbase may not be in another. So all you have to do
is find the right base. 
>

(And for those who might have trouble with the above. :-)

[toc] | [prev] | [standalone]


Back to top | Article view | comp.security.pgp.discuss


csiph-web