begin John McCormac quotation:
> Just because it can be compiled and the source is freely available
> does not guarantee security. Even RSA is based on a theory that it is
> difficult to factor large numbers. If someone was to develop a faster
> factoring algorithm then RSA encryption could be vulnerable.
That is true. As a mathematician, I'd be at least moderately surprised
at a breakthrough in this area of which we had no hint in the academic
journals, regardless of how many geniuses they have on staff. But it
> Even with PGP, as far as I remember, the core encryption algorithm
> (that used to encrypt the data) is not RSA.
With PGP having gone proprietary after 2.6.3i, I use GnuPG exclusively,
these days. GnuPG defaults to Blowfish for its symmetric cipher, and
DSA & ElGamal for the assymetric ones (with DSA favoured). In the
latter category, RSA support was added in v. 1.0.3 (after the USA patent
expired on Sept. 20/21, 2000).
> RSA is used for the keyhandling.
Yes (in PGP), though there are actually two levels of keys (just as
with SSH and TLS/SSL): You can't use asymmetric aka public-key crypto
for the who thing, because it's too slow.
(That's not to mention the hashing algorithms.)
> In some cases, who the encrypted e-mail is going to can be far more
> revealing than the contents.
Oh yes. There are all sorts of nasty tricks that can be played with
traffic analysis, and other methods. See Bruce Schneier's _Secrets and
Lies_ for a good rundown.
And, when all else fails, the bad guys can always fall back on "lead
pipe decryption". ;->
Cheers, Right to keep and bear
Rick Moen Haiku shall not be abridged
rick at linuxmafia.com Or denied. So there.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!