From: David Chessler Area: Public Key Encryption To: Jim Bell 22 Jan 95 21:25:00 Subject: Clipper collapsing UpdReq On 01-19-95 (01:02), Jim Bell, in a message to All about "CLIPPER COLLAPSING", stated the following: JB>VLSI Technology Inc. Last week moved to expand its data encryption >offerings as it licensed the RC4 Symmetric Stream Cipher security >technology from RSA Data Security Inc. VLSI said it plans to offer the >RSA data security technology as part of its Functional SYstem Block ASIC >core library. The company now offers ASICs that implement the Clipper JB>+++++++++++++++ end of article +++++++++++++++++ JB>This news is good, because it indicates that the actual manufacturer of >the Clipper Chip is apparently branching out into other types of >encryption, apparently those without the flaw that Clipper included. Not so great. RC4 is the encryption which is allowed for export in Lotus Notes, etc, because it's possible to "dumb" it down, by reducing the length of the key. The Export version of Notes has a 40-bit key. So, will VLSI implement a variable length key, secure for domestic use and only 40 bits for export? Or will they simply implement the dumbed down 40 bit key for everything. Presumably, No Such Agency can crack the 40 bit key any time it wishes. But if they can, who else can? For business users, this is *less* valuable than clipper, since Clipper (with an 80 bit key) was presumably secure against brute-force attack, while RC4 (with a 40 bit key) is not. RC4 is the algorithm that PKP (the people who license RSA) was trying to keep secret. It was released on the internet a few months ago, and it has since been confirmed that apparently it was reverse-engineered. So far, I've seen no word about direct attacks being possible, but it's been out only a few months. ___ __ chessler@trinitydc.edu d_)--/d chessler@capaccess.org * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com 201434369420143436942014343694201434369420143436942014343694718 From: Jack O'Neill Area: Public Key Encryption To: Ryan Shaw 24 Jan 95 13:16:00 Subject: PassPhrase UpdReq Hello Ryan, Sunday January 22 1995 17:29, Ryan Shaw wrote to All: RS> Is there a way with PGP to change your passphrase without RS> changing one's public key? To edit the userid or pass phrase for your secret key: pgp -ke userid [keyring] Jack Freq PGPKEY for (guess what) my PGP Key. 201434369420143436942014343694201434369420143436942014343694718 From: Shawn McMahon Area: Public Key Encryption To: Chris Adams 25 Jan 95 11:20:28 Subject: PGP News 2 UpdReq Despite the stern warnings of the tribal elders, Chris Adams said this to Jim Bell: CA> Does anyone know what they consider practical size? Also, has anyone CA> considered moding the PGP code for, say, 32kb keys? (Sure, it's a LITTLE CA> slower, but most of it is done in IDEA anyway. A LITTLE slower? If you consider "takes the rest of your life to process one key" to be "a little," I suppose... :-) CA> BTW, has anyone increased the complexity of IDEA (ie, CA> larger sizes, etc)?) Wouldn't hurt to use the added capacity CA> of these expensive computers... Actually, it would hurt. According to Schneier, talking about doubling the key size: "IDEA relies upon the fact that 2^16+1 is prime; 2^32+1 is not. Perhaps the algorithm could be modified to work, but it would have very different security properties. Lai says it would be difficult to make it work." This reference is from "Applied Cryptography" and the "Lai" reference is from personal communications between Schneier and Xuejia Lai, who is one of the authors of IDEA. Any modification you make to IDEA is no longer IDEA, and unless said modification is VERY carefully considered (I.E., you've got mathematical proofs to back you up) it must be considered to be a completely seperate, untested algorithm, benefitting only peripherally from the testing that's been done on IDEA. BTW, there's no reason to increase IDEA key sizes. Either IDEA is a secure algorithm, which means brute-force search of the keyspace is the most efficient method of cracking it, or it isn't secure. If it isn't secure, changing the keysize won't help. If it *IS* secure, it won't be possible to search the keyspace in a reasonable time period with any technology existing or expected in the near future. It would require some breakthrough in mathematics which we can't predict or prepare for. Again, from Schneier: "Assuming that a brute-force attack is the most efficient, it would require 2^128 (10^38) encryptions to recover the key. Design a chip that can test a billion keys per second and throw a billion of them at the problem, and it will still take 10^13 years - that's longer than the age of the universe. An array of 10^24 such chips can find the key in a day, but there aren't enough silicon atoms in the universe to build such a machine." Bottom line; the best method the government, or any other attacker, could use to crack something you've encrypted with IDEA would be to strap you in a chair and bring out the rubber hose, and *NO* encryption is secure against that. Unless they hit you so hard you forget the password. :-) The weak point in PGP is the RSA encryption, and that is more than secure enough for now. 1024-bit keys probably won't be factorable for a few more years, and 2048-bit keys may very well *NEVER* be factorable in your lifetime. (This last is all IMO, but I'll be glad to dig out Schneier again if you need an opinion from somebody qualified.) 201434369420143436942014343694201434369420143436942014343694718 From: Lawrence Garvin Area: Public Key Encryption To: William Hattenhauer 24 Jan 95 21:40:18 Subject: PGP - !USA distribute UpdReq William Hattenhauer said in a message to Lawrence Garvin: WH> As for crypt that process is NOT available 'world wide', in WH> source or in binary for any system. And SCO is well within WH> the law as well as (C) law to do as it does. To maintain WH> the export licence they MUST strip any encription program WH> from UNIX(generic). $$ is $$. Agreed. WH> DO YOU MAIL ALL YOUR MAIL ON A POSTCARD? William. methinks you are preaching to the choir. I'm a supporter of personal encryption tools and PGP, and am opposed to the Department of State's unnecessary restrictions on exportation of -personal- encryption tools. I merely pointed out SCO's methodology as an example of how the situation could be successfully dealt with. Lawrence.Garvin@f6018.n106.z1.fidonet.org 201434369420143436942014343694201434369420143436942014343694718 From: Lawrence Garvin Area: Public Key Encryption To: William Hattenhauer 24 Jan 95 21:41:46 Subject: PGP Forever !!! UpdReq William Hattenhauer said in a message to Jim Bell: WH> AMEN! WH> Never forget! Just who's government is it anyway? WH> What could anyone gain from encripting a message in PGP WH> (that the government can NOT read) that could possibly cause WH> them to REACT as they are now doing? WH> Answer: a. The Truth! WH> b. Political Incorrect Ideas. WH> c. Unfiltered News. WH> d. Alternative Thought Sources. WH> e. ALL OF THE ABOVE + All of which are protected by the First Amendment. :) Lawrence.Garvin@f6018.n106.z1.fidonet.org 201434369420143436942014343694201434369420143436942014343694718