At 01:55 PM 02/10/2000 -0700, Forrest Halford wrote:
>I am wondering what the consensus is on the security of the
>newer versions of PGP vs the 2.x series?
>What think all ye Cypherpunks?
It's all been discussed long ago. The advantage of the 2.x series
it was small enough there was some chance of reading the code
and finding the bugs, whereas newer versions are out of control,
with creeping featuritis, guis, Microsoft-like bloatware, etc.
However, there are serious problems in the 2.x versions that
are fixed in the later versions, which justify switching.
One problem is that they use the MD5 hash function,
which is no longer considered secure by the crypto community.
I'm not sure if Hans Dobbertin has published all the details
on the attack methods yet, but he's been showing bits of it
for a couple of years. That doesn't mean it's easy to exploit
the flaws within a structure like PGP, but it's basically just doomed.
SHA-1 is an important replacement, and the DH/DSA versions of PGP
use it instead of MD5.
Another bug had to do with data formats and forgery.
I forget quite when this was discovered and fixed, but after 2.6.x.
You can't easily factor a 1024-bit key, but some of the early formats
used ugly variable-length data formats packed next to each other
without thinking about ways to abuse it and what parts needed signing -
so it was possible to take somebody's key and convince PGP that
the length was different than it the real key's length,
and you _can_ easily factor a 32-bit key (or whatever length
you could talk PGP into using that was a product of two primes.)
So you could forge signatures with your target's key -
I think you could also forge key signatures, but I may be misremembering.
So you need to use one of the newer versions to avoid this.
There's also the RSA patent annoyance, in case you're trying to
provide commercial services using PGP, but that's usually avoidable
by using commercial versions of PGP, and it'll go away this summer
when the patent expires.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
