Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.security.pgp.discuss > #196

Re: Does the NSA cracking include PGP?

From Collin <collin@sibilance.org>
Newsgroups comp.security.pgp.discuss, sci.crypt
Subject Re: Does the NSA cracking include PGP?
Date 2013-09-11 10:30 -0400
Organization A noiseless patient Spider
Message-ID <l0pupd$mib$1@dont-email.me> (permalink)
References <PzIXt.35312$Fo7.27573@fx19.iad> <38a108077f6a06e4509b541d44f0858d@dizum.com>

Cross-posted to 2 groups.

Show all headers | View raw


On 09/11/2013 09:52 AM, Nomen Nescio wrote:
> On 9/10/2013 11:22 AM, Ramon F Herrera wrote:
>>
>> I have seen several articles about the NSA+British intel "news". They
>> mention all the relevant protocols but PGP is conspicuously absent.
>>
>> http://www.zdnet.com/has-the-nsa-broken-ssl-tls-aes-7000020312/?s_cid=e539&ttag=e539
>>
>>
>> Is it perhaps because PGP is based on one of the others?
>>
>> TIA,
>>
>> -Ramon
>>
> pgp dose have a a problem for security
>
> it is based on LARGE prim numbers all one would have to do is build a
> list of all primes that could fit in the list (Brute force) then keep
> that list and do a dictionary attack on the file encrypted.  With public
> key they have one half of the problem with a know test file it could run
> the dictionary attack on the out put file.  This would take about
> 2-3hours after you build the dictionary.
>
> I suspect they have that done already back in 2000 when it was no longer
> kept from Export.
>
> but it still works for most corporations.
>
> One fix for this would be use a number base that is non standard ie one
> slot can be 0 - 38424345 (that would be A Random number) What that would
> do is change the prim numbers for all number bases have different prime
> numbers.
>

Literally none of this is true, except that PGP uses RSA, which involves 
large prime numbers. A brute force attack by listing prime numbers is 
nowhere near the most efficient attack against RSA, and would take an 
unimaginably long time to perform.

-- 
17s2p7eIhnUIiAWFnm5Wwj34ywefxtYcP5eBuYBl05B/FDMu3GNFVxi8sh4Z
7AyvzES2Qxo1qofLIxjyE7lNpvrX0aR7vLq5/VE4V65p/eO4Uef58T7/HNZV
P+KzjVPTsbJuOShguELet42BT17wGYqCedSNHlfg2/SH4SHqlIQOF9Qk9BmE
it5vKqBJyrIRXbCOYD5QC8HFllNnWtuWZPBP4a268Of8em7D/HHtj5RLnY+C
SS2xfeSp+DuTKI7wX495USwZRxn+SBnMdplk4n+4sqaYSxQlskdxVfczSU9e
2YlbEEdmN1chpzSBgmMoi8N0UNnd/cYnvuN/UmquYg==

Back to comp.security.pgp.discuss | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Does the NSA cracking include PGP? Ramon F Herrera <ramon@conexus.net> - 2013-09-10 12:22 -0500
  Re: Does the NSA cracking include PGP? unruh <unruh@invalid.ca> - 2013-09-10 18:21 +0000
  Re: Does the NSA cracking include PGP? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-09-11 03:18 -0400
    Re: Does the NSA cracking include PGP? Juergen Nieveler <juergen.nieveler.nospam@arcor.de> - 2013-09-15 14:37 +0000
  Re: Does the NSA cracking include PGP? Nomen Nescio <nobody@dizum.com> - 2013-09-11 15:52 +0200
    Re: Does the NSA cracking include PGP? Collin <collin@sibilance.org> - 2013-09-11 10:30 -0400
    Re: Does the NSA cracking include PGP? unruh <unruh@invalid.ca> - 2013-09-11 15:38 +0000

csiph-web