Rick Moen wrote:
>> begin John McCormac quotation:
>> > Just because it can be compiled and the source is freely available
> > does not guarantee security. Even RSA is based on a theory that it is
> > difficult to factor large numbers. If someone was to develop a faster
> > factoring algorithm then RSA encryption could be vulnerable.
>> That is true. As a mathematician, I'd be at least moderately surprised
> at a breakthrough in this area of which we had no hint in the academic
> journals, regardless of how many geniuses they have on staff. But it
> could happen.
It only takes one of them to come up with some completely new way of
looking at the problem. While everyone was concentrating on finding a
new factoring algorithm, some NSA head could have developed a method of
identifying a characteristic of information which does not change
> > Even with PGP, as far as I remember, the core encryption algorithm
> > (that used to encrypt the data) is not RSA.
>> With PGP having gone proprietary after 2.6.3i, I use GnuPG exclusively,
> these days. GnuPG defaults to Blowfish for its symmetric cipher, and
> DSA & ElGamal for the assymetric ones (with DSA favoured). In the
> latter category, RSA support was added in v. 1.0.3 (after the USA patent
> expired on Sept. 20/21, 2000).
>> > RSA is used for the keyhandling.
>> Yes (in PGP), though there are actually two levels of keys (just as
> with SSH and TLS/SSL): You can't use asymmetric aka public-key crypto
> for the who thing, because it's too slow.
That was the problem that affected the encryption used on most smartcard
systems throughout the nineties. Most of the algorithms were simple
hashing algorithms with a few tweakable variables. (some of them such as
the original Sky 07 hash were not secure but it and other such systems
were compromised by technical means, the cryptanalysis came afterwards.)
> And, when all else fails, the bad guys can always fall back on "lead
> pipe decryption". ;->
It used to be a rubber hose - probably wasn't robust enough. :-)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!