Pgp cracked? (yet again!)
Jim Gillogly
jim at mentat.com
Mon, 3 Aug 98 09:13:25 PDT
Mark Mclaughlin writes:
> Having watched a rather bland but vaguely interesting item on the local
> news about password recovery by Buchanan International Limited. I had a
> quick look at their web page [ http://www.buchanansoft.co.uk/index.htm ] to
> find that they claim to access, amongst others, PGP passwords.
>
> Anybody know anything about them, or is it snake oil season again?
I don't know Buchanan International. Their list says they do "PGP files",
which makes sense: it's perfectly feasible to try a dictionary attack or
a short-password brute force attack on a conventionally encrypted PGP file:
that is, a file encrypted with the symmetric key using the hash of the
user's password. This will not succeed against a well-chosen passphrase,
but will succeed against a single dictionary word or a short random-looking
key.
This is different from "cracking PGP", which implies being able to
read encrypted traffic sent to someone else's public key. This is
equivalent in difficulty to factoring that public key.
The only reported successful hostile attack on a PGP public key was against a
384-bit RSA key factored by Paul Leyland, Arjen Lenstra, Alec Muffett, and
Jim Gillogly in summer 1995 -- you can find the full story with a web search
coupling "BlackNet" and one or more of our names. Modern-sized RSA keys
(1024 bits or more) are not practically factorable by present publically-known
methods.
Jim Gillogly