The following appears to be a bone fide case of a
threat model in action against the PGP program.

Leaving aside commentary on the pros and cons
within this example, there is a desparate lack of
real experience in how crypto systems are attacked.
IMHO, this leads to some rather poorly chosen
engineering decisions that have shown themselves
to stymie or halt the success of otherwise good
crypto systems.

Does anyone know of a repository for real life
attacks on crypto systems?  Or are we stuck with
theoretical and academic threats when building
new systems?


PS: for the archives:


PGP Encryption Proves Powerful 

If the police and FBI can't crack the code, is
the technology too strong? 

Philip Willan, IDG News Service Monday,
May 26, 2003 

ROME -- Italian police have seized at least
two Psion personal digital assistants from
members of the Red Brigades terrorist
organization. But the major investigative
breakthrough they were hoping for as a result
of the information contained on the devices
has failed to materialize--thwarted by
encryption software used by the left-wing

Failure to crack the code, despite the
reported assistance of U.S. Federal Bureau
of Investigation computer experts, puts a
spotlight on the controversy over the wide
availability of powerful encryption tools. 

The Psion devices were seized on March 2
after a shootout on a train traveling between
Rome and Florence, Italian media and
sources close to the investigation said. The
devices, believed to number two or three,
were seized from Nadia Desdemona Lioce
and her Red Brigades comrade Mario Galesi,
who was killed in the shootout. An Italian
police officer was also killed. At least one of
the devices contains information protected
by encryption software and has been sent for
analysis to the FBI facility in Quantico,
Virginia, news reports and sources said. 

The FBI declined to comment on ongoing
investigations, and Italian authorities would
not reveal details about the information or
equipment seized during the shootout. 

Pretty Good Privacy 

The software separating the investigators
from a potentially invaluable mine of
information about the shadowy terrorist
group, which destabilized Italy during the
1970s and 1980s and revived its practice of
political assassination four years ago after a
decade of quiescence, was PGP (Pretty
Good Privacy), the Rome daily La Repubblica
reported. So far the system has defied all
efforts to penetrate it, the paper said. 

Palm-top devices can only run PGP if they
use the Palm OS or Windows CE operating
systems, said Phil Zimmermann, who
developed the encryption software in the
early 1990s. Psion uses its own operating
system known as Epoc, but it might still be
possible to use PGP as a third party add-on,
a spokesperson for the British company said.

There is no way that the investigators will
succeed in breaking the code with the
collaboration of the current manufacturers of
PGP, the Palo Alto, California-based PGP,
Zimmermann said in a telephone interview. 

"Does PGP have a back door? The answer is
no, it does not," he said. "If the device is
running PGP it will not be possible to break it
with cryptanalysis alone." 

Investigators would need to employ
alternative techniques, such as looking at the
unused area of memory to see if it contained
remnants of plain text that existed before
encryption, Zimmermann said. 

Privacy vs. Security 

The investigators' failure to penetrate the
PDA's encryption provides a good example of
what is at stake in the
privacy-versus-security debate, which has
been given a whole new dimension by the
September 11 terrorist attacks in the U.S. 

Zimmermann remains convinced that the
advantages of PGP, which was originally
developed as a human rights project to
protect individuals against oppressive
governments, outweigh the disadvantages. 

"I'm sorry that cryptology is such a
problematic technology, but there is nothing
we can do that will give this technology to
everyone without also giving it to the
criminals," he said. "PGP is used by every
human rights organization in the world. It's
something that's used for good. It saves

Nazi Germany and Stalin's Soviet Union are
examples of governments that had killed far
more people than all the world's criminals and
terrorists combined, Zimmermann said. It
was probably technically impossible,
Zimmermann said, to develop a system with
a back door without running the risk that the
key could fall into the hands of a Saddam
Hussein or a Slobodan Milosevic, the former
heads of Iraq and Yugoslavia, respectively. 

"A lot of cryptographers wracked their brains
in the 1990s trying to devise strategies that
would make everyone happy and we just
couldn't come up with a scheme for doing it,"
he said. 

"I recognize we are having more problems
with terrorists now than we did a decade ago.
Nonetheless the march of surveillance
technology is giving ever increasing power to
governments. We need to have some ability
for people to try to hide their private lives and
get out of the way of the video cameras," he

More Good Than Harm? 

Even in the wake of September 11,
Zimmermann retains the view that strong
cryptography does more good for a
democracy than harm. His personal website,, contains letters of
appreciation from human rights organizations
that have been able to defy intrusion by
oppressive governments in Guatemala and
Eastern Europe thanks to PGP. One letter
describes how the software helped to protect
an Albanian Muslim woman who faced an
attack by Islamic extremists because she
had converted to Christianity. 

Zimmermann said he had received a letter
from a Kosovar man living in Scandinavia
describing how the software had helped the
Kosovo Liberation Army (KLA) in its
struggle against the Serbs. On one occasion,
he said, PGP-encrypted communications had
helped to coordinate the evacuation of 8,000
civilians trapped by the Serbs in a Kosovo
valley. "That could have turned into another
mass grave," Zimmermann said. 

Italian investigators have been particularly
frustrated by their failure to break into the
captured Psions because so little is known
about the new generation of Red Brigades.
Their predecessors left a swathe of blood
behind them, assassinating politicians,
businessmen, and security officials and
terrorizing the population by "knee-capping,"
or shooting in the legs, perceived opponents.
Since re-emerging from the shadows in 1999
they have shot dead two university
professors who advised the government on
labor law reform. 

Cracking the Code 

Zimmermann is not optimistic about the
investigators' chances of success. "The very
best encryption available today is out of
reach of the very best cryptanalytic methods
that are known in the academic world, and
it's likely to continue that way," he said. 

Sources close to the investigation have
suggested that they may even have to turn to
talented hackers for help in breaking into the
seized devices. One of the magistrates
coordinating the inquiry laughed at mention of
the idea. "I can't say anything about that," he

The technical difficulty in breaking PGP was
described by an expert witness at a trial in
the U.S. District Court in Tacoma,
Washington, in April 1999. Steven Russelle,
a detective with the Portland Police Bureau,
was asked to explain what he meant when he
said it was not "computationally feasible" to
crack the code. "It means that in terms of
today's technology and the speed of today's
computers, you can't put enough computers
together to crack a message of the kind that
we've discussed in any sort of reasonable
length of time," he told the court. 

Russelle was asked whether he was talking
about a couple of years or longer. "We're
talking about millions of years," he replied. 


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to