From: Christopher Baker Area: Public Key Encryption To: Ian Hebert 25 Jan 95 20:05:04 Subject: Re: Verifying PGP Keys˙˙˙˙˙˙˙ UpdReq -----BEGIN PGP SIGNED MESSAGE----- In a message dated: 24 Jan 95, Ian Hebert was quoted as saying: IH> To clarify things, what I meant in my earlier statements is that I IH> would *use* a key obtained from a keyserver, if verified by the IH> source, but I certainly wouldn't sign it myself.... Looks as if IH> we're in agreement on this issue, then. sure. i can use uncertified keys but don't place any stock in them. if i need to use them regularly then i go to the source and get a copy i can believe in. [grin] TTFN. Chris -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP 2.6.2 is LEGAL in Zone 1! So USE it! [grin] iQCVAwUBLyb1RMsQPBL4miT5AQGDugP6AkLxuDOuBdIJlokqTvbXcCdRT5YUD21R SR0Qyvb7hS+VrGBfnTgc9CUjYcy1WG26T9SJnYSw2IRGx3JQGxnw3GguGh14NyS1 M9huwdsD/xKuU1P2J4QKjIpFMAJLK72HJpMikMgDHXmbwwM9m/FrtvIdgCwc2f9Y zxAow1ybtx8= =4rDQ -----END PGP SIGNATURE----- --- GenMsg [0002] (cbak.rights@opus.global.org) # Origin: Rights On! for Privacy! It's a Right not a privilege! (1:374/14) 201434369420143436942014343694201434369420143436942014343694201 From: John Schofield Area: Public Key Encryption To: Chris Adams 26 Jan 95 01:10:46 Subject: PGP News 2 UpdReq -----BEGIN PGP SIGNED MESSAGE----- --====-- JB> Contrary to popular belief, the NSA can decrypt public keys of most JB> practical key sizes. However, the computer resources needed to decrypt JB> public-key-encrypted messages make it difficult for the NSA to perform CA> Does anyone know what they consider practical size? Also, has anyone CA> considered moding the PGP code for, say, 32kb keys? (Sure, it's a CA> LITTLE slower, but most of it is done in IDEA anyway. BTW, has anyone CA> increased the complexity of IDEA (ie, larger sizes, etc)?) Wouldn't CA> hurt to use the added capacity of these expensive computers... Have you taken a look at how much longer generating a 2047-bit key takes? A key the size you mention would take weeks to generate. And besides, there would be little point in it. Once the RSA key size gets above around 1000 to 2000 bytes, it becomes much simpler to attack the encrypted message in other ways--such as bugging your computer, using Tempest equipment, or beating the password out of you. John -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLydmvmj9fvT+ukJdAQEk8wP9G5/4MEXVy2bjplJ4JH4aq4X5cKOdDSz0 kdj7Brc1V6Xw6uFTCFzCl7hnR0di2c8MWOnS/c9j5t/PuMyyNIjwejzIyTflrVH9 tH0TLSALww+9MEJ/yzGq0wbNdzNp7C5l437m8JFt10LGurt2vAwCi5ljo8zUCB6k tlFkrsu+PZo= =0GQw -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... Roses are red, violets are blue, some poems rhyme, but not this one. --- Blue Wave/RA v2.12 # Origin: The Sprawl -- 818-342-5127 -- Tarzana, California, USA (1:102/903) 201434369420143436942014343694201434369420143436942014343694201 From: David Chessler Area: Public Key Encryption To: Chris Adams 26 Jan 95 01:36:00 Subject: Quotes as passphrase UpdReq On 01-23-95 (19:51), Chris Adams, in a message to David Chessler about "QUOTES AS PASSPHRASE", stated the following: CA> DC> At some point the passphrase can only be attacked by brute force >(which may > DC> mean rubber hoses on the person who knows the phrase). Generally, >two or CA>Which is why it would be neat if PGP had a FAKE password that, when >entered, would "accidently" reformat the harddrive after wiping the key! That would be more appropriate for a program like SECDRV, SECDEV, or SFS (or the forthcoming CryptDisk for the Mac), which set up an encrypted partition. Of course, if you did that, they would spot the formating (overwriting a disk takes a l-o-o-o-o-ng time), and then they might use more than just rubber hoses. ___ __ chessler@trinitydc.edu d_)--/d chessler@capaccess.org * SLMR 2.1b * E-mail: ->132 1:109/459 david.chessler@neteast.com --- Squish v1.10 # Origin: NETWORK East (1:109/459) 201434369420143436942014343694201434369420143436942014343694201 From: Chris Adams Area: Public Key Encryption To: Brian Mitchell 26 Jan 95 17:24:26 Subject: PGP News 2 UpdReq On (24 Jan 95) Brian Mitchell wrote to Chris Adams... CA> Does anyone know what they consider practical size? Also, has anyone CA> considered moding the PGP code for, say, 32kb keys? (Sure, it's a CA> slower, but most of it is done in IDEA anyway. BTW, has anyone BM> increased CA> the complexity of IDEA (ie, larger sizes, etc)?) Wouldn't hurt to use CA> the added capacity of these expensive computers... BM> It probably just isnt as easy as just 'modding' the source. It would be BM> extremely slow. The PGP math library may not even support manipulation of BM> numbers that big, so I would say it would be difficult at best. If it could BM> be done, it would be incredibly slow though... I was exagerating. I'd just like, say, 16k bits, or 8 times more. It would be slow, but most of the public key stuff is used to encrypt the IDEA session key, and IDEA carries the load, so it would need to be augmented as well. Also, if the source code is designed right, it would be relatively simple to add support for larger keys. Also, as PCs increase in speed, PGP can take advantage of it. Someone with, say, a Pentium 90 isn't going to notice the wait for a small key, so let them wait a little for a larger one. ... And never, ever cut a deal with a dragon. --- PPoint 1.88 # Origin: Help stamp out eavesdropping! - PGP (1:212/2001.5) 201434369420143436942014343694201434369420143436942014343694201 From: Chris Adams Area: Public Key Encryption To: jason carr 26 Jan 95 17:27:24 Subject: Quotes as passphrase UpdReq On (25 Jan 95) jason carr wrote to Chris Adams... CA> Which is why it would be neat if PGP had a FAKE password CA> that, when entered, would "accidently" reformat the CA> harddrive after wiping the key! jc> Wow, I hope they're cracking on =their= machine, not yours. :-o Well, would you like them to have everything on your PC? That's why it would be good to have the ability to pick a back-door key that would wipe the keyfile at least, possibly even zapping the HD! ... "Math is Hard!!!" The new talking Barbie with the pentium add-on chip! --- PPoint 1.88 # Origin: Help stamp out eavesdropping! - PGP (1:212/2001.5) 201434369420143436942014343694201434369420143436942014343694201