From: Jess Williams Area: Public Key Encryption To: Shawn Mcmahon 25 Sep 94 16:02:00 Subject: ENCRYPTION... UpdReq JW> I think the IDEA portion uses key sizes of JW> 128 bits? is that correct? That is very large compared to the JW> 56 bits of DES. I would like to double it to 256 bits JW> though. Well thanks again SM> That very likely would WEAKEN it, not strengthen it. SM> 2^16+1 is prime, but 2^32+1 isn't, and the primeness of 2^16+1 is one SM> of the lynch pins of the algorithm. SM> This is all from a conversion Bruce Schneier had with one of the IDEA SM> creators, Xuejia Lai. Quoted in "Applied Cryptography," it hadn't been SM> published by Lai as of that writing. I didn't know that. Thanks for the info. I guess that PGP key sizes are big enough already. I just hate limits on things like the RSA key size. Why not make it able to generate a key as big as you want?? I want to be able to read the USENET groups alt.security.pgp and some of the other crypto news groups but the BBS I use right now doesn't carry them. I need to find a way to get them that doesn't break the bank :). Thanks again. Jess Williams ___ Blue Wave/QWK v2.12 201434369420143436942014343694201434369420143436942014343694718 From: Christopher Baker Area: Public Key Encryption To: Tim Bradley 27 Sep 94 19:36:52 Subject: Re: Getting Started w/PGP UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 25 Sep 94, Tim Bradley was quoted as saying: TB> Speaking of PGPSort -- is the source code available? it is contained in the PGPSORT.ZIP archive which was hatched into PUBKEYS file distribution yesterday. it's in Borland Pascal. [all PUBKEYS links please poll.] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP 2.6.1 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLoismMsQPBL4miT5AQFI3wP+JLwC3ipJgnWY7JeYyNsBoefIbXgg4fL7 Izll1p5AypkaP+bkh4tXLJ0eU9HiP/W+oL9YW9qIYEFeNQsQSI4x1d++J5D1BC6A eD83HIQhrtXNTbXU4rmcOgdVaEuLdRwHA/AGx19y7KJrRLcOwYFdzyt4PPjzjQnL 2HdlIsBQc3c= =MsTt -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718 From: Barry Kapke Area: Public Key Encryption To: John Nieder 27 Sep 94 12:54:26 Subject: Re: Securemail UpdReq Hello John! Sunday September 25 1994 19:31, John Nieder wrote to Barry Kapke: JN> That said, I am told that they are interested in the results of this JN> little inquiry and would probably be amenable to making the appropriate JN> routing changes. I believe that there is a mechanism (PGP_TOSS?) by JN> which PGP-mail - only - can be automatically re-routed, assuming they JN> have a reason to route their normal netmail through their current hub. The simplest solution is to route *all* of his outbound Fidonet mail through the local SecureMail hub, which is me. Of course, if they only want to route PGP'd mail through me, and other mail through the NEC, then there are programs such as PGP-TOSS that will allow them to do this. JN> Another question: Does the SECURENET system somehow maintain a list of JN> the anti-PGP nodes, with arrangement to bounce such messages JN> automatically? That is, if I was to unwittingly send a PGPed netmail JN> message to a node in Ashworth's bailiwick how would sending it through a JN> SECUREMAIL hub solve anything or prevent his wrath? SecureMail routes mail within its only topology of sites who have volunteered to move mail without regard to whether it is encrypted or not and to work to ensure privacy and efficiency wherever possible. We don't route mail through systems who have not agreed to participate in such routing. If Ashworth's net (108) does not have SecureMail representation, which to my knowledge it does not, then mail addressed to a node in that net would either be placed on hold by that region's Regional SecureMail hub and a message generated informing the node to poll for the mail, or the Regional hub might deliver it on his/her own dime. Its not yet a perfect system and we need more volunteers, people to represent the interests of their local nets. The costs to do so are really very minimal and the overall benefits are significant. Ciao. Barry (1:125/33, 8:914/133, 88:881/172, 93:9050/0, 94:5100/1, 96:101/33) ... I don't want to achieve immortality through my work. I want to achieve it through not dying. -WOODY ALLEN 201434369420143436942014343694201434369420143436942014343694718 From: Raymond Paquin Area: Public Key Encryption To: Tim Bradley 27 Sep 94 13:35:18 Subject: RSA Broken UpdReq TB> I do *NOT* have specific documentation that the key "broken" was TB> definately in this class, only that it was a "Weak" TB> key. Since this seems TB> to be the professional cryptographer's definition TB> of Weak IDEA keys, I'd TB> say it's a good bet... TB> Later Daze, Before we get too far on this subject, I would like to emphasize that we were NOT discussing weak IDEA *keys* but rather weak RSA prime numbers, two entirely unrelated subjects. Ciao... 201434369420143436942014343694201434369420143436942014343694718 From: Raymond Paquin Area: Public Key Encryption To: Rich Veraa 27 Sep 94 14:37:04 Subject: Re: RSA Broken UpdReq Rich Veraa said to Raymond Paquin on the Subject: Re: RSA Broken RV>The strong-primes code is still there, with the following comment: RV>*"Strong" primes are no longer advantageous, due to the new RV>*elliptical curve method of factoring. Randomly selected primes RV>*are as good as any. See "Factoring", by Duncan A. Buell, Journal RV>*of Supercomputing 1 (1987), pages 191-216. RV>*This justifies disabling the lengthy search for strong primes. RV>*The advice about strong primes in the early RSA literature applies RV>*to 256-bit moduli where the attacks were the Pollard rho and P-1 RV>*factoring algorithms. Later developments in factoring have entirely RV>*supplanted these methods. The later algorithms are always faster RV>*(so we need bigger primes), and don't care about STRONGPRIMES. RV>*The early literature was saying that you can get away with small RV>*moduli if you choose the primes carefully. The later developments RV>*say you can't get away with small moduli, period. And it doesn't RV>*matter how you choose the primes. RV>*It's just taking a heck of a long time for the advice on "strong primes" RV>*to disappear from the books. Authors keep going back to the original RV>*documents and repeating what they read there, even though it's out RV>*of date. RV> Cheers, Rich Hi ! Buell's article was written in 1987 (or earlier) and was quoted in the PGP source-code as early as 1991. Bruce Schneier in his latest book 'Applied Cryptography', written in 1993 and published in 1994 has this to say on the subject on page 216: "Whether strong primes are necessary is a subject of debate. These properties (mentioned before the text I'm quoting) were designed to thwart some factoring algorithms. However, the fastest factoring algorithms have equally as good a chance of factoring numbers that meet these criteria as they do of factoring numbers that do not. However, *THIS MAY CHANGE* (emphasis mine). New factoring algorithms may be discovered that work better on numbers with certain properties than on numbers without them. If so, strong primes may be required once again.... I recommend using strong primes even though they are not necessary to make factoring difficult (my note: with *PUBLISHED* factoring algorithms)...." Please read the last paragraph again and the *last* line in it carefully... BTW, I recommend using strong primes whose product is AT LEAST 300 hex digits long (360 decimal), unless, as Schneier says, you're only trying to stop your kid sister from reading your love letters... A last note: Schneier discusses how to detect 'weak' prime numbers but says very little about weak *pairs* of 'strong' prime numbers... Ciao... 201434369420143436942014343694201434369420143436942014343694718 From: jason carr Area: Public Key Encryption To: Christopher Baker 27 Sep 94 21:40:48 Subject: Re: PGP Signatures UpdReq -----BEGIN PGP SIGNED MESSAGE----- Christopher Baker wrote in a message to Joe Noel: CB> why would anyone want CB> an encrypted msg in an Echo? Because it's possible. And fun. And Super Secret Squirrel. Hence PGP_ECHO here in Dallas. CB> the purpose of Echomail is CB> general consumption. When the post is encrypted with the keys of all trusted members of the echo, they can all read it. General consumption, in a narrow sense. The general public, here, is those-who-have-a-feed-to-PGP_ECHO. jason PS: I'll netmail some info to anybody who's interested in seeing how we're handling PGP_ECHO. Warning: it's seriously informal. :) ... "Is" is the verb for when you don't want a verb. -----BEGIN PGP SIGNATURE----- Version: 2.61 Comment: PGP_ECHO: Encryption, sigs, and fun in D-FtW... iQCVAwUBLoj0/EjhGzlN9lCZAQGzZQP/QZwBAJR6eaxMXDNdFzrjAVFNI9YZBi9D dipbKnEEa79KZrg0poSUN9zYCeVOTAqAMpG+Bx6NmJxuAWCRAygXYQ4baiURkk5n ZJTeC+y4QKT7YTIPe2THg/j59x3gmdbJyvxLB6i0EYeAo3CvtzcoWTmsFibk25re ffeBh6DZm44= =p9v6 -----END PGP SIGNATURE----- 201434369420143436942014343694201434369420143436942014343694718