file access
+ Reply to Thread
Results 1 to 7 of 7

Thread: PGP compromised?

  1. #1
    Join Date
    May 2001
    Posts
    218

    Question

    Is there any evidence that PGP, open source or other, has been compromised by SORM, Carnivore, Echelon, or other government spy agencies?

    BS

  2. #2
    Otto Guest
    Originally posted by Blacksheep
    Is there any evidence that PGP, open source or other, has been compromised by SORM, Carnivore, Echelon, or other government spy agencies?

    BS
    The above mentioned programs are mostly aimed at intercepting and accumulating the data, not on compromising encrypted information.

    I am not aware of PGP being exploited by any intelligence agencies.

  3. #3
    Join Date
    Jun 2001
    Posts
    61

    Unhappy Yes, it has...

    By two Czech researchers earlier this year. Here is an excerpt from their announcement:

    "The attack was successfully verified and demonstrated on PGPTM(*) version 7.0.* using AES and DH/DSS algorithms, which are deservedly being considered as highly secure.

    "This serious bug is caused by incorrect implementation of the above-mentioned strong cryptographic techniques. The private signature key is the basic and the most sensitive information in the whole system. The user is using it for digital signature. In all systems, including OpenPGP, it is therefore protected by a strong cipher. AES, one of the latest strong algorithms, has been used in the attacked system. However, the protection appears to be illusory.

    "The authors proved that attackers do not need to attack the strong cipher itself. They can simply bypass it as well as the secret user's passphrase. A slight modification of the private key file followed by capturing a signed message is enough to break the private key. These tasks can be performed without knowledge of the user's passphrase. After that, a special program can be run on any office PC. Based on the captured message, the program is able to calculate the user's private key in half a second. The attacker can then sign any messages instead of the attacked user. Despite of very quick calculation, the program is based on a special cryptographic know-how..."

    Here is a link to the full article:

    [url]http://www.i.cz/en/onas/tisk4.html[/url]

    I'd be interested in knowledgeable comment here once you've read the article, anyone.

    Johnny

    [Edited by johnny on 06-07-200* at **:*0 PM]

  4. #4
    Join Date
    May 2001
    Posts
    218
    [url]http://www.pcworld.com/news/article/0,aid,4522*,00.asp[/url]

    This minor flaw has been fixed in NAI PGP. Use the best Internet search engine

    [url]http://www.google.com/advanced_search[/url]

    and you can find lots of info about this subject, or any other subject.:-)

    Blacksheep

  5. #5
    Join Date
    May 2001
    Posts
    121
    Yes, I wouldn't call this bug very important. Basically, if an adversary got access to your private keyfile, which almost always means that he got access to your PC, you're toasted anyway. Things that are much worse can happen.

  6. #6
    Join Date
    May 2001
    Posts
    121

    Re: reply

    Originally posted by moseley_international
    While I cannot confirm or deny these rumours with *00% certainty, I really doubt that either is true.
    You? You can't confirm or deny? Well ... if you're quoting someone, it's usually a good idea to mention the author. This paragraph was taken from the PGP Attack FAQ written by infiNity, available here:

    [url]http://www.stack.nl/~galactus/remailers/attack-faq.html[/url]

    or

    [url]http://20*.86.24*.205/pgp-attk.txt[/url]

  7. #7
    Join Date
    May 2001
    Posts
    218

    Thumbs down For Moseley

    From: [url]http://www.m-w.com[/url]

    Main Entry: pla·gia·rize
    Pronunciation: 'plA-j&-"rIz also -jE-&-
    Function: verb
    Inflected Form(s): -rized; -riz·ing
    Etymology: plagiary
    Date: *7*6
    transitive senses : to steal and pass off (the ideas or words of another) as one's own : use (another's production) without ******ing the source
    intransitive senses : to commit literary theft : present as new and original an idea or product derived from an existing source
    - pla·gia·riz·er noun
    [Edited by Blacksheep on 06-*0-200* at 06:*4 PM]
    Blacksheep

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts