Re: "PGP Encryption Proves Powerful"

2003-06-04 Thread Bill Stewart
At 08:17 AM 06/03/2003 -0700, bear wrote: what he said was "with cryptanalysis alone." Rubber-hose methods are not cryptanalysis, and neither is password guessing. Eh? Password guessing certainly is. >I'm not aware of a PGP port to the Psion, but at least the >Psion 3/3a/3c generation were 8086-l

Re: "PGP Encryption Proves Powerful"

2003-06-04 Thread John Kelsey
At 11:18 AM 6/1/03 -0400, Ian Grigg wrote: ... This sounds workable in theory, but in practice, one has to work with the skills base of the users and the stress of the work. Terrorists are generally not adept at technical work. They are not really chosen for their skills; more their loyalty, thei

Re: "PGP Encryption Proves Powerful"

2003-06-03 Thread Bill Stewart
At 11:38 AM 05/30/2003 -0700, John Young wrote: If the FBI cannot crack PGP that does not mean other agencies with greater prowess cannot. It is unlikely that the capability to crack PGP would be publicly revealed for that would close an invaluable source of information. . Still, it is impressi

Re: "PGP Encryption Proves Powerful"

2003-06-03 Thread Ben Laurie
John Kelsey wrote: > At 01:22 PM 5/29/03 -0400, Ian Grigg wrote: > >> The following appears to be a bone fide case of a >> threat model in action against the PGP program. > > > ... > > Two comments: > > a. It sure seems like it would be a pain to enter a long passphrase on > one of these thin

RE: "PGP Encryption Proves Powerful"

2003-06-03 Thread Jill . Ramonsky
I had the source code). Jill -Original Message- From: Dean, James [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 2:30 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: "PGP Encryption Proves Powerful" The article hedges on whether or not PGP was used on the Psion

Re: "PGP Encryption Proves Powerful"

2003-06-02 Thread Ian Grigg
John Kelsey wrote: > > At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote: > > >So what happened to passphrase guessing? That's got to be > >one of the weakest links. Unless their private key wasn't > >stored on the device? > > One thought: How hard would it be to write a Palm app to use the > in

Re: "PGP Encryption Proves Powerful"

2003-06-02 Thread John Kelsey
At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote: So what happened to passphrase guessing? That's got to be one of the weakest links. Unless their private key wasn't stored on the device? One thought: How hard would it be to write a Palm app to use the interaction between several devices to deri

Re: "PGP Encryption Proves Powerful"

2003-06-02 Thread John Kelsey
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote: The following appears to be a bone fide case of a threat model in action against the PGP program. ... Two comments: a. It sure seems like it would be a pain to enter a long passphrase on one of these things, so that seems like the most plausible attac

Re: "PGP Encryption Proves Powerful"

2003-06-01 Thread Joseph Ashwood
- Original Message - From: "Ian Grigg" <[EMAIL PROTECTED]> Subject: "PGP Encryption Proves Powerful" > http://www.pcworld.com/news/article/0,aid,110841,00.asp The article appears to use PGP simply as the most prominent example, and is clearly unde

Re: "PGP Encryption Proves Powerful"

2003-05-31 Thread Arnold G. Reinhold
At 1:22 PM -0400 5/29/03, Ian Grigg wrote: The following appears to be a bone fide case of a threat model in action against the PGP program. Leaving aside commentary on the pros and cons within this example, there is a desparate lack of real experience in how crypto systems are attacked. IMHO, this

Re: "PGP Encryption Proves Powerful"

2003-05-31 Thread John Young
If the FBI cannot crack PGP that does not mean other agencies with greater prowess cannot. It is unlikely that the capability to crack PGP would be publicly revealed for that would close an invaluable source of information. Intel crackers hardly ever reveal their most essential tools, though there

Re: "PGP Encryption Proves Powerful"

2003-05-31 Thread bear
Aside from the whole governments-and-people-and-terrorists thing, I will say that there was an event last year at my former employers' that made us very glad we were using PGP. An engineer's laptop got stolen. With the entire source tree of an enterprise application that licensed for $25K a seat

Re: "PGP Encryption Proves Powerful"

2003-05-31 Thread David Honig
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote: >The following appears to be a bone fide case of a >threat model in action against the PGP program. > >Leaving aside commentary on the pros and cons >within this example, there is a desparate lack of >real experience in how crypto systems are attacked. T

Re: "PGP Encryption Proves Powerful"

2003-05-31 Thread Anton Stiglic
So what happened to passphrase guessing? That's got to be one of the weakest links. Unless their private key wasn't stored on the device? --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography

Re: "PGP Encryption Proves Powerful"

2003-05-30 Thread John Saylor
hi ( 03.05.29 13:22 -0400 ) Ian Grigg: > Does anyone know of a repository for real life > attacks on crypto systems? bugtraq archives? perhaps due to the sensitive nature of encrypted data, many attacks may not be reported. and even if so, the reports may be incomplete, or misleading. -- \js

RE: "PGP Encryption Proves Powerful"

2003-05-30 Thread Dean, James
The article hedges on whether or not PGP was used on the Psion mentioned. The Psion might have been using one of the other programs listed at http://www.ericlindsay.com/epoc/sicrypt5.htm. - The Cryptography Mailing List Unsubscri

"PGP Encryption Proves Powerful"

2003-05-30 Thread Ian Grigg
: === http://www.pcworld.com/news/article/0,aid,110841,00.asp PGP Encryption Proves Powerful If the police and FBI can't crack the code, is the technology too strong? Philip Willan, IDG News Service Monday, May 26, 2003 ROME -- Italian police