RE: A sad day for encryption...

Adam Haberlach (HaberlaA@testlab.orst.edu)
Mon, 23 Jun 1997 19:20:20 -0700


-----BEGIN PGP SIGNED MESSAGE-----

- -----Original Message-----
From: Action Jackson [SMTP:cjackson@cray-ymp.acm.stuorg.vt.edu]
Sent: Monday, June 23, 1997 4:35 PM
To: deschall@gatekeeper.megasoft.com
Subject: Re: A sad day for encryption...

>> >Surprise, surprise: A congressional committee made a stupid
>decision
>> >regarding encryption laws. Check out the story at:
>>
>> They'll recover my PGP private keys when they pry the
>passphrases out of my
>> cold dead brain cells...

>How much brute force would this take? :)

Anyone can correct me if I'm wrong, but I believe that private
keys get encrypted using DES with the key being the MD5 hash of
the personal keyphrase. We've proved that DES is somewhat weak
to this kind of attack (remind me to change my passphrase next
week).
Of course, this assumes they can get the private.pgp file off
of my computer (not too unlikely, with all of the security holes
in the OS that I use).
It also assumes that I'm hiding anything important enough for
them to steal. Or important enough for them to rubber-hose
decrypt.

- ---
Adam Haberlach
http://www.testlab.orst.edu/~haberlaa
Goodbye DES. Hello RC5: Help crack RC5.
http://rc5.distributed.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM66w0RSmwqZasiJdAQGNHAP/dh7D9vzpRBUpG573F8Zc7UVcz4ItDFYU
s0fcdTFkCefW1cpJtbMY7KTllr4zt7fcrvPsUnhQdoxMhu0MNnO4Sna++YtJ09Q9
uMjtzGedBnGy+Uq7KPd/wIt+pMau1sO5zEx1VxFohTz/DRtQsh0knEgYQDfYuEsf
86TOKWhMDYg=
=lJ67
-----END PGP SIGNATURE-----