Re: PGP Encryption Proves Powerful

2003-06-04 Thread Bill Stewart
At 11:38 AM 05/30/2003 -0700, John Young wrote:
If the FBI cannot crack PGP that does not mean other
agencies with greater prowess cannot. It is unlikely that
the capability to crack PGP would be publicly revealed
for that would close an invaluable source of information.
.
Still, it is impressive that PRZ valiantly argues that PGP is
algorithmically impregnable. That should satisfy its users as
well as its crackers.
And Phil was quoted as saying
 Does PGP have a back door? The answer is no, it does not,
 he said. If the device is running PGP it will not be possible
 to break it with cryptanalysis alone.
But in fact that's incorrect.  PGP doesn't have back doors,
but it has two major weaknesses, which are weak user-chosen passphrases,
combined with a secret key file format that makes it easy to
verify whether a key has been guessed correctly,
and human-rememberable passphrases, combined with
rubber-hose cryptanalysis and a captured agent.
If you're doing good operational security, and the
Red Brigades probably are, your passphrases have good enough entropy
that they're hard to crack, but if they got sloppy,
and someone wants to feed all the information that's known about them
to pgpcrack, it's possible that they'll find something.
It's less likely than VENONA succeeding, because the importance
of good passphrases was known, and unlike one-time pads there's
no operational need to occasionally get sloppy under time pressure.
I'm not aware of a PGP port to the Psion, but at least the
Psion 3/3a/3c generation were 8086-like processors,
and there was a C compiler ported to them,
so perhaps somebody ported one of the earlier PGPs.
(There was an old HP palmtop that ran genuine MS-DOS,
unlike the Psion's more interesting operating system,
and you could probably run PGP on that directly.)
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PGP Encryption Proves Powerful

2003-06-04 Thread Bill Stewart
At 08:17 AM 06/03/2003 -0700, bear wrote:
what he said was with cryptanalysis alone.
Rubber-hose methods are not cryptanalysis, and
neither is password guessing.
Eh?  Password guessing certainly is.

I'm not aware of a PGP port to the Psion, but at least the
Psion 3/3a/3c generation were 8086-like processors,
and there was a C compiler ported to them,
so perhaps somebody ported one of the earlier PGPs.
IIRC, there was/is a psion linux port, with gcc.
Looks like it's still in active development,
mainly for the Psion 5 series - they've even got
X Windows running on them, as well as PGP.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: PGP Encryption Proves Powerful

2003-05-31 Thread Dean, James
The article hedges on whether or not PGP was used on the Psion mentioned.
The Psion might have been using one of the other programs listed at
http://www.ericlindsay.com/epoc/sicrypt5.htm.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PGP Encryption Proves Powerful

2003-05-31 Thread bear

Aside from the whole governments-and-people-and-terrorists thing,
I will say that there was an event last year at my former employers'
that made us very glad we were using PGP.

An engineer's laptop got stolen. With the entire source tree of an
enterprise application that licensed for $25K a seat on it.  Fortunately,
since it was in an encrypted archive, we didn't need to worry too much.

I don't know how many incidents like this happen every year.  I don't
think governments care that much about the kind of risk companies not
using crypto to protect their livelihoods take.  They don't become aware
of crypto when it averts trouble.  They become aware of crypto when it
causes trouble.

Bear


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PGP Encryption Proves Powerful

2003-05-31 Thread John Young
If the FBI cannot crack PGP that does not mean other
agencies with greater prowess cannot. It is unlikely that
the capability to crack PGP would be publicly revealed
for that would close an invaluable source of information.

Intel crackers hardly ever reveal their most essential
tools, though there are orchestrated releases of
capability to mislead.

In the case of the VENONA decrypts, there have been
only partial public releases, along with misleading stories
about how the decrypts were done -- the official story they
were done only by dedicated cryptanalysts without help
of code books or other assists, that Russian carelessness
of OTP preparation provided the crib. Unofficial stories are 
that Russian codebooks were used, at least for some of the
decrypts -- Thomas Powers, for one, recounts this version
in several reprinted essays in The Intelligence Wars. That
cover stories have been arranged for how the deciphering 
was actually done, some not privy to the hardworking NSA
crackers.

An undisclosed amount of the VENONA messages remain
undeciphered, or at least not made public. Speculation is
that NSA and whomever do not want to tell the full story of
the decrypt capability, again, as with most intelligence 
agencies it is more beneficial to never reveal full capabilities,
in particular not to temporary allies with the understanding
that allies always spy on each other, whether those are US 
TLAs or foreign friends.

Ther recent opening of domestic cooperation among the intel
agencies and law enforcement will not likely get any of them
to share fully.

Still, it is impressive that PRZ valiantly argues that PGP is
algorithmically impregnable. That should satisfy its users as
well as its crackers. An uncracked code is the perfect spying
tool. Based on a mulitude of accounts of sophisticated 
espionage deceptions it might be suspected that is the origin 
of PK crypto, and why it was leaked, and leaked again, and
crypto export was eased, then greased again.

Presumably there will be periodic reports of cryptographic
impregnability to foster wider if not wiser use.





-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: PGP Encryption Proves Powerful

2003-05-31 Thread Arnold G. Reinhold
At 1:22 PM -0400 5/29/03, Ian Grigg wrote:
The following appears to be a bone fide case of a
threat model in action against the PGP program.
Leaving aside commentary on the pros and cons
within this example, there is a desparate lack of
real experience in how crypto systems are attacked.
IMHO, this leads to some rather poorly chosen
engineering decisions that have shown themselves
to stymie or halt the success of otherwise good
crypto systems.
Does anyone know of a repository for real life
attacks on crypto systems?  Or are we stuck with
theoretical and academic threats when building
new systems?
iang
There is a lot of material from the World War II era (e.g Silk and 
Cyanide by Leo Marks) and the early cold war (e.g. 
http://www.nsa.gov/docs/venona/).

Government cryptographic successes are usually highly classified and 
kept that way for decades. There was one recent story about the FBI's 
apparent use of a keyboard logger to get a accused organized 
criminal's password. The latest U.S. Government wiretap report 
http://www.uscourts.gov/wiretap02/contents.html (they are now 
required to report on encryption incidents) says: Encryption was 
reported to have been encountered in 16 wiretaps terminated in 2002 
and in 18 wiretaps terminated in calendar year 2001 or earlier but 
reported for the first time in 2002; however in none of these case 
was encryption reported to have prevented law enforcement officials 
from obtaining the plain text of the communications intercepted. By 
comparison they reported 1358 intercepts authorized in 2002.

Arnold Reinhold

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]